Antivir me detecte 3 virusRésolu/Fermé

Question

Bonjour a tous.

voila ma soeur a ouvert une clé usb d'une ami, et celle ci etait infecté de virus 

Il s'agissait de WORM BRONTOK (j'ai rechercher sur internet).

Le probleme c'est que maintenant, quand elle ouvre sa session, antivir personnal edition classic,  fait tip tip et me dit qu'il a trouvé 3 virus.

Il s'agit pour les 3 de : TR/Crypt.XPACK.Gen

2 se situe dans system32 et l'autre dans le dossier Temp de sa session.

J' ai essayé de supprimer ces 2 virus directement et de les mettre a la corbeille, rien n'y fait. 
J'ai fait un CCleaner, il ne se passe rien non plus.

Que puis je faire s'il vous plait ? 

Merci par avance

armandaudric · Answer

il a pas une mise en quarantaine antivir car si tu les mes la tu pourras les supprimeaint

Utilisateur anonyme · Answer

Salut ,

Branche toute tes clés USB à ton pc ,,


 Télécharge l'outil Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Enregistre Flash_Disinfector.exe sur ton bureau.
Double clique sur Flash_Disinfector.exe pour l'exécuter.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
Connecte au pc, clé USB, DD externes, susceptibles d'avoir été infectés.
Puis clic sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: [Done!!]
Appuies ensuite sur OK, pour faire réapparaitre le bureau.


****************************

/!\ Outils très puissant , ne pas reproduire la manip ci-dessous sur son pc sans y avoir été autorisé par une personne compétente /!\





2)Télécharge ComboFix ici &#8594; http://download.bleepingcomputer.com/sUBs/ComboFix.exe  

Et enregistre le sur le bureau >>> /!\ IMPORTANT /!\

Regardes ici, si tu souhaites te familiariser avec son utilisation: https://www.google.fr/?gws_rd=ssl

 AVANT d'utiliser ComboFix :
&#8594; Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours.   /!\
&#8594; Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection !!!, (activés, ils pourraient gêner fortement la procédure de recherche et de nettoyage de l'outil). /!\

3)Sur ton bureau double clic sur Combofix.exe.
Appuies sur la touche 1, pour que le programme commence à s'exécuter et suis les instructions à l'écran.

/!\ PENDANT TOUTE la durée (ça peut être assez long si le pc est très infecté) du scan de ComboFix, n'ouvres aucun programme, ne touche pas à ta souris et ne surfe pas sur le net /!\

Soit patient (même si tu penses que le PC est arrêté) ; les temps « d'arrêt apparent » sont parfois de plusieurs minutes (il y a ± 40 étapes d’analyse).

En cours de nettoyage il est possible, que tu reçoives un avertissement te disant que le pc va redémarrer, laisse le faire.

Après le redemarrage du pc, un rapport s'ouvrira dans le Bloc notes en fin d'analyse, copie et colle tout son contenu dans ton prochain message.

(Le fichier rapport Combofix.txt , est ensuite automatiquement sauvegardé dans C:\Combofix.txt)


Tutorial ( aide ): 

http://bibou0007.com/outils-specifiques-f78/tutorial-combofix-t121.htm

https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix



++

armandaudric · Answer

essai sa tape sa dans google SMIT FRAUD FIX SES UN LOGICIEL ANTIVIRUS

Annaprout · Answer

Merci Cyrildu17, ca a l'air d'avoir marcher y a plus d'alerte.
Merci beaucoup ;)

Utilisateur anonyme · Answer

Salut ,,

Je voudrais le rapport stp  ;)

Ce n'est pas fini , je veux désinfecter en profondeur =)
++

Annaprout · Answer

Merci Cyril.
Voici le rapport :


ComboFix 08-05-01.3 - Marie 2008-05-06 21:43:20.11 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium   6.0.6000.0.1252.1.1036.18.2200 [GMT 2:00]
Endroit: C:\Users\Marie\Desktop\ComboFix.exe
 * Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\drivers\down
C:\Windows\system32\kxvo.exe

.
(((((((((((((((((((((((((((((   Fichiers créés 2008-04-06 to 2008-05-06  ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 19:43	3,145,728	--sha-w	C:\Users\Propriétaire\NTUSER.DAT
2008-05-06 19:43	3,145,728	--sha-w	C:\Users\Propriétaire\NTUSER.DAT
2008-05-06 19:43	1,048,576	--sha-w	C:\Users\Invité\NTUSER.DAT
2008-05-06 19:43	1,048,576	--sha-w	C:\Users\Invité\NTUSER.DAT
2008-05-06 19:28	---------	d-----w	C:\Users\Marie\AppData\Roaming\OpenOffice.org2
2008-05-06 16:13	---------	d-----w	C:\Program Files\Trend Micro
2008-05-06 12:04	0	----a-w	C:\osy3.sys
2008-05-06 09:28	---------	d-----w	C:\Program Files\Panda Security
2008-05-04 13:23	---------	d-----w	C:\Users\Propriétaire\AppData\Roaming\OpenOffice.org2
2008-04-25 14:08	---------	d-----w	C:\Users\Marie\AppData\Roaming\Image Zone Express
2008-04-22 14:07	---------	d-----w	C:\Users\Marie\AppData\Roaming\Zylom
2008-04-20 09:51	---------	d-----w	C:\Program Files\Windows Live Safety Center
2008-04-18 08:37	---------	d-----w	C:\Program Files\iTunes
2008-04-18 08:36	---------	d-----w	C:\Program Files\QuickTime
2008-04-18 08:36	---------	d-----w	C:\Program Files\iPod
2008-04-18 08:36	---------	d-----w	C:\PROGRA~2\Apple Computer
2008-04-18 08:34	---------	d-----w	C:\Program Files\Apple Software Update
2008-04-16 15:48	---------	d-----w	C:\Program Files\Fish Aquarium 3D Screensaver
2008-04-10 07:01	---------	d-----w	C:\Program Files\Windows Mail
2008-04-08 17:19	---------	d-----w	C:\Program Files\fishaquarium
2008-04-07 08:14	---------	d-----w	C:\PROGRA~2\HPSSUPPLY
2008-04-07 08:13	---------	d-----w	C:\Users\Propriétaire\AppData\Roaming\Printer Info Cache
2008-04-07 08:13	---------	d-----w	C:\Users\Propriétaire\AppData\Roaming\Image Zone Express
2008-04-07 07:12	---------	d-s---w	C:\Users\Propriétaire\AppData\Roaming\Microsoft
2008-04-07 07:12	---------	d-----w	C:\Program Files\HP
2008-04-07 01:49	8,140,915	----a-w	C:\Windows\breve.scr
2008-04-07 01:49	237,568	----a-w	C:\Windows\glut32.dll
2008-03-29 18:35	319,456	----a-w	C:\Windows\DIFxAPI.dll
2008-03-29 18:35	---------	d-----w	C:\Users\Propriétaire\AppData\Roaming\WinBatch
2008-03-29 18:35	---------	d-----w	C:\Program Files\Realtek
2008-03-29 08:49	---------	d-----w	C:\Program Files\Messenger Plus! Live
2008-03-24 13:27	12,400	----a-w	C:\Windows\system32\drivers\SECDRV.SYS
2008-03-24 13:24	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-03-24 12:48	---------	d-----w	C:\Program Files\Maxis
2008-03-24 12:46	---------	d-----w	C:\Program Files\Common Files\InstallShield
2008-03-24 12:12	---------	d-----w	C:\Users\Marie\AppData\Roaming\Ahead
2008-03-16 09:25	643,920	----a-w	C:\PortableRoboForm.exe
2008-02-29 06:51	19,000	----a-w	C:\Windows\System32\kd1394.dll
2008-02-29 06:39	40,960	----a-w	C:\Windows\System32\srclient.dll
2008-02-29 06:39	371,712	----a-w	C:\Windows\System32\srcore.dll
2008-02-29 06:38	313,856	----a-w	C:\Windows\System32strui.exe
2008-02-29 06:38	16,384	----a-w	C:\Windows\System32\srdelayed.exe
2008-02-29 06:35	6,656	----a-w	C:\Windows\System32\kbd106n.dll
2008-02-29 06:34	7,168	----a-w	C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:14	2,028,544	----a-w	C:\Windows\System32\win32k.sys
2008-02-21 04:43	826,368	----a-w	C:\Windows\System32\wininet.dll
2008-02-21 04:43	56,320	----a-w	C:\Windows\System32\iesetup.dll
2008-02-21 04:43	52,736	----a-w	C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43	296,448	----a-w	C:\Windows\System32\gdi32.dll
2008-02-21 04:43	26,624	----a-w	C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10	620,088	----a-w	C:\Windows\System32\ci.dll
2008-02-14 23:19	944,184	----a-w	C:\Windows\System32\winload.exe
2008-02-13 09:04	194,560	----a-w	C:\Windows\System32\WebClnt.dll
2008-02-13 09:02	3,505,720	----a-w	C:\Windows\System32
tkrnlpa.exe
2008-02-13 09:02	3,471,928	----a-w	C:\Windows\System32
toskrnl.exe
2008-02-13 09:01	537,600	----a-w	C:\Windows\AppPatch\AcLayers.dll
2008-02-13 09:01	449,536	----a-w	C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 09:01	4,247,552	----a-w	C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 09:01	24,064	----a-w	C:\Windows\System32
etcfg.exe
2008-02-13 09:01	22,016	----a-w	C:\Windows\System32
etiougc.exe
2008-02-13 09:01	2,560	----a-w	C:\Windows\AppPatch\AcRes.dll
2008-02-13 09:01	2,144,256	----a-w	C:\Windows\AppPatch\AcGenral.dll
2008-02-13 09:01	173,056	----a-w	C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 09:01	167,424	----a-w	C:\Windows\System32	cpipcfg.dll
2008-02-13 09:01	1,686,528	----a-w	C:\Windows\System32\gameux.dll
2008-02-02 22:18	174	--sha-w	C:\Program Files\desktop.ini
2007-12-29 15:25	612	----a-w	C:\Users\Marie\AppData\Roaming\wklnhst.dat
2007-12-25 14:50	47,360	----a-w	C:\Users\Marie\AppData\Roaming\pcouffin.sys
2007-11-07 14:03	126	----a-w	C:\Users\Propriétaire\AppData\Roaming\wklnhst.dat
2008-02-04 13:13	32,768	--sha-w	C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020420080205\index.dat
.

(((((((((((((((((((((((((((((((((   Point de chargement Reg   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:28 1232896]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 20:03 152872]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-01 16:56 1006264]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 18:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 13:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 20:31 178968]
"StartCCC"="c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 12:26 4874240 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 13:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-09-25 02:11 54672]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 22:52 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 13:25 249896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 22:40:10 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i263_32.drv
"vidc.yv12"= yv12vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= divxa32.acm
"vidc.3ivx"= 3ivxVfWCodec.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1001]
"EnableNotificationsRef"=dword:00000025

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-1002]
"EnableNotificationsRef"=dword:0000001d

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-918319700-1789878857-3928151191-501]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C811BB3A-C6BF-48F1-A9B2-9E3A25CD7478}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{EF6CA61F-9863-45F4-8549-FD48443B7E7E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{AD63F5DE-D4D5-42A6-8136-9102C7EF05E3}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{0AB6ED54-0E52-40D4-9621-20AB7D749574}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server
"{66FF50A4-40D9-4C3E-A4CD-BC4C3A933208}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{DBCB39EF-C1D7-4419-9ECE-DE15D7C52483}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service
"{2B83BC5B-2FC0-449C-91AE-F09F87BA0CCF}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery
"{069B212C-2947-402F-BD6A-6350E37F07BA}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery
"{9D29FF59-F50C-4BA1-94E7-82EE4774A370}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2F331BA3-FEE9-45EE-9FAD-333B66B1B548}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{B7C2AFAF-395A-4625-94FA-518E61011C64}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 10:32]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-07-10 02:35]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 09:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f0d427ef-fa42-11dc-8759-001d60539785}]
\shell\AutoRun\command - K:\apj.com
\shell\explore\Command - K:\apj.com
\shell\open\Command - K:\apj.com

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-05-06 19:44:00 C:\Windows\Tasks\User_Feed_Synchronization-{7C3D90E6-AD2A-4875-97E6-4A717C6CB81D}.job"
- C:\Windows\system32\msfeedssync.exe
"2008-05-05 19:44:11 C:\Windows\Tasks\User_Feed_Synchronization-{A285B298-96D4-42DD-A080-185995B07532}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 21:45:59
Windows 6.0.6000  NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 1

**************************************************************************
.
Temps d'accomplissement: 2008-05-06 21:46:51
ComboFix-quarantined-files.txt  2008-05-06 19:46:47

      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.
      Le texte du message associé au numéro 0x2379 est introuvable dans le fichier de messages pour Application.

191	--- E O F ---	2008-04-09 19:55:47

Utilisateur anonyme · Answer

Re !

&#8594; Télécharge TrendMicro™ HijackThis™



Place le dans '  C:\programmes\  '  Une fois cela fait , merci de renommer l'icône ( clique droit > renommer )' Hijackthis.exe 'située dans le dossier dans C:\ , en ' HJT.exe '  <<<<<<<<< Important !!! <<<<<<<

Le chemin d'accés du programme doit être ressemblant à celui-ci  :  C:\Programme\Trend Micro\Hijackthis\HJT.exe

&#8594; Ne pas renommer l'icône du raccourci sur le bureau bien entendu ... 

/!\ Ferme toute les fenêtres encore ouvertes , et déconnecte toi du web /!\

&#8594; Puis lance-le et choisi l'option '' do a system scan and save a logfile '' et poste moi le rapport ( qui apparait sur le bloc-note )


(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )

Tuto si tu n'y arrive pas : http://pageperso.aol.fr/balltrap34/demohijack.htm

++

Annaprout · Answer

Voici le rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:35:06, on 07/05/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16643) Boot mode: Normal Running processes: C:\Windows\system32 askeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\RtHDVCpl.exe C:\Windows\System32\jureg.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Siber Systems\AI RoboForm obotaskbaricon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Windows\system32\schtasks.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\hp\kbd\kbd.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Trend Micro\HijackThis\HJT.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: Yahoo! O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts:

Yahoo! - Help

O1 - Hosts:
O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts:

O1 - Hosts: Sorry, the page you requested was not found. O1 - Hosts:

O1 - Hosts:
O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts:

O1 - Hosts: O1 - Hosts:

Search Yahoo!

O1 - Hosts:

O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts: O1 - Hosts:

O1 - Hosts: Yahoo! Web Hosting O1 - Hosts:

O1 - Hosts: O1 - Hosts: Yahoo! Web Hosting has three affordable plans to meet your needs - starting at just $11.95. O1 - Hosts:

O1 - Hosts: O1 - Hosts:

O1 - Hosts:

O1 - Hosts: O1 - Hosts: O1 - Hosts:

O1 - Hosts:
O1 - Hosts:

O1 - Hosts: O1 - Hosts:

O1 - Hosts: Address Book · Alerts · Auctions · Bill Pay · Bookmarks · Briefcase · Broadcast · Calendar · Chat · Classifieds · Clubs · Companion · Experts · Games · Greetings · Home Pages · Invites · Mail · Maps · Member Directory · Messenger · My Yahoo! · News · PayDirect · People Search · Personals · Photos · Shopping · Sports · Stock Quotes · TV · Travel · Weather · Yahooligans · Yellow Pages · more... O1 - Hosts:

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm oboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm oboform.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll O13 - Gopher Prefix: O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re ,,

Télécharge HostsXpert


> Dézippe le sur le Bureau

> Clique sur "Restore MS Hosts File"


Reposte un rapport Hijackthis après.
++

Annaprout · Answer

Merci encore et encore 

Voici le rapport : 


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:44:20, on 07/05/2008
Platform: Windows Vista  (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32	askeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\jureg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboFormobotaskbaricon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\schtasks.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\conime.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboFormoboform.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [SunJavaUpdateReg] "C:\Windows\system32\jureg.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Barre RoboForm - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Enregistrer le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Personnaliser le menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Remplir le formulaire - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Encarta Researcher\EROProj.dll
O13 - Gopher Prefix: 
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {CE69F98F-2AF3-4306-BAC6-A79070EDA1B4} (Zylom Loader Object) - http://eu.download.games.yahoo.com/zylom/activex/zylomloader.cab
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe

Utilisateur anonyme · Answer

Re ,,

************************************

&#8594; Relance hijackthis , en menu principal choisis ' Do a system scan only' Et fixe ces/cette ligne(s) : ( coche la case à leurs gauches )


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - (no file) 



Ferme toutes les fenêtres (hormis Hijackthis), y compris ton navigateur web. 

&#8594; clique sur  ' fixchecked '

************************************

Met à jour JAVA --> https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

************************************

&#8594; Télécharge CleanUp452 ( Primary download site ... )

&#8594; Lance-le et choisi l'option ' cleanup! ' 

&#8594; Poste le rapport.

Tutorial: http://pageperso.aol.fr/balltrap34/democleanup.htm ( merci à balltrap34 )

************************************

&#8594; Télécharge clean : http://www.malekal.com/download/clean.zip

&#8594; Dézippe-le ( clique droit , extraire tout)

&#8594; Lance clean.cmd ( ou clean ) en faisant un clique droit dessus ' Executer en tant d'administrateur ' 

&#8594; Au menu principal , Choisi l'option 1 et poste moi le rapport.

(- Où est le rapport clean ? : « Ordinateur » / double clic sur disque « C / » double-clic sur « rapport_clean.txt » et « copier/coller le contenu » sur le forum. ) 

Note : Tu auras peut-être un message qui t'invitera a uploader un fichier , fait-le dès que tu pourras. 

Tutorial : http://bibou0007.com/outils-specifiques-f78/tuto-clean-t1007.htm

************************************

Bonne chance
++

Annaprout · Answer

Merci encore , 

j'ai fait les étapes 1 2 et 3

Voici le rapport de Clean up :







CleanUp! started on 05/07/08 17:57:40.
...
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\dkletKOZaaZUyrXfWq1DIwxp5xs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\DNAZ2FcZMgigcAlnok5obCFV5pX0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\DOEpcvy1eTSHuagMsAzEkZZpX1o= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\dq7DIxF929labEk9zY8jz4keYfc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\E8mYXqWV+auPw6sXta9I7NVVASw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\EOA2ah7SrQBeTS2N4PORdjm33ZY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\eUZpzAUcGVzf1ZBlDaUCb0iwj9A= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\EVK8Hs9eH4aqlSux2FHm5br6VB2FA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\eyiU1r4cKpQscpExpQXUlUufFuE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\f9HX2FDQOo583vcKvV0PndBlSzI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FGXugkxx9DoOZUi5UQ0Q2FMGhp0w= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FhTbnsSEhvBclD0XARY3z5CxF2Fs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FjfBHFVb4pAb+Q1uFE+1ojetLus= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\FU+Zm0l2FR0LsZT01NiYJJqw+HdU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\fZkKwQQJwfKL9wsi+UseNCiJpJ0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\fzsDPTM5wNL4d2x4dCdMPpiU19g= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Gf6aCfhwYUmhTk9w7RmB7xd2nn4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gJ8KirPdNSIauJMFXiB40x2Fa0kI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Gp6Upn4MqR39uEsl0ldfYVOP01c= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gs55eUNBeAb2dbz8fMhGXXOph+Q= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gWDbhGrjtKS2FcOl2KXRVeP8uafE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\gWuH3Y1v1ZdOM3OyvsCNIJy3ypM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\h+bSoKnwHFZCguAjYvE9pDSXxq4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\H19hl2FTKtjpChprVn6mtOTFZVSw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\H5laDgu78C0yyURTwb+FPzKbUmk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hb8gPNcTSOvMqAeP0mI8RGa0Ip8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hQ+b2wY2FC6X4A2FCuoFlUmkRgG3o= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\http3A2F2Fshared.live.com2F4FK9aqzvrfnB3HHdvNkKVmtFpNReuir!4zhUNT5LmJnSWR0X2gCIjw2FTropical2F1.13472Fimg2FSmallBannerImage.jpg - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\http3A2F2Fshared.live.com2F4FK9aqzvrfnB3HHdvNkKVmtFpNReuir!4zhUNT5LmJnSWR0X2gCIjw2Fuk_bulldog2F1.13472Fimg2FSmallBannerImage.jpg - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\http3A2F2Fshared.live.com2F4FK9aqzvrfnB3HHdvNkKVmtFpNReuir!4zhUNT5LmJnSWR0X2gCIjw2Funiteair_heart2F1.13472Fimg2FSmallBannerImage.jpg - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hv4CpInOujgYADce1KhT1zLCOSE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\HvFqZNP2FHbrFqw+NdWk3nziZZYs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\hyagENv1jrF6bP2sDZZQLyW6QhU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\iCuRJmz0h7xuimwQJtL+zSopusQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ICXfPXRyB2FEFULoeqPrSfrGaou8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\idWmnmjH6rXV+1i4W01tLTElZK4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IhO4SvzKmAxBGIVh4oMNCqYpQbE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IhOsQlco7jFGn4nSJM3I1WH7OcY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IrwxqRRBZxzj7eemjcmLlNNOOy4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\IXlsZ6QNwdaauC2FhpRwru5lLKAs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\izLtZrgPmvTnI8wXL1qKo2FgwbIU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Jfyj85nmEexCOGbOyXH0hdrDclE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\JhyV2tKfse5Lx9aasVAKZMELyHc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\JO13i38W7D4Pja2FPeks2Fzn59CKA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\jPZzU7ACqMVtF2FaEu6vSunehNOU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\JVsIS2hOi2rt2FMq42F0i0TiMTwwk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\k2FcURtDDYyIv+Htvz9033ciIVdk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\k3POzxqcMtclHvdWLY9ozFnaGr8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\k5KFM4hdHUa20v4BDLFCYsQGxu0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\KiR3kA1WT3bp6k44PzzJe4rXa8w= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kR1qjuksOkhBhTOD3+bQ1zZq6BA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kUa9J8wztB4Phvv+JihybCfGxPk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kv7b1hdJ2F1pPiETzHGLDXSehBqM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\kZqPpHygPQnZW5fyVsvIuN8rl4E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\l2myOnKZ7fuJp6a+Bhe+2FFFXdIA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\l5HPirdk5GaInGUlqVv91A2F68gI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\la+D6atFqixpBbNo6zXT5nxs7Uc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LA6H+HyguSIPPXV4c84XEMi6VWY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\lE6rQh0vySn0YAuGwxs4E9QvIW0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LLSo+qnUFCM0Dl52a3cJquVDZCc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\lqSokeqhgTULEbBPxOil5Rn0djc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LQWXQnH7ys59Gbr2oDNqjMmG7r8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\LqXbwGuNOKuCKTbDrs8DLqvcfMs= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\lZs+mwWgQVfO2g2QIIrh9VY1uZQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\m+J8b2QnlIByOLk7apdGXey729U= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\M+jxCdzbzNfvmPkGN12FE8s22FQdo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\M7qJexGE7AOtIGaAyAgSzTskuFY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\MeKnEUlKgrJSTDaFrqBukmh4LJ0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mjX8L5bnE+dybmFYP8BgdZoWZak= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mL93CeOf34xKLwIYznB5gZQam7I= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\MowMoYJk10qw092FNrrDUzNgdp9k= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mpBxbphrQ6rnHaYh+zxDGcwXyZo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\mULL+qleFZgOGcETZqfGZD5PuaA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\MYjjgq8whkZg8Wb3wodZ49whYww= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\N6nH4+HhbKpeav4hjn7F5RZrFhA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NKbycRXB7YYlHEFrkm6Xw7sDo8k= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache
mIV2cEw868WjePK95uksKK0L2s= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NNeGYuEuCu2F1ofPlXrE6j4jm7Uw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache
nWYlNWHLNnBqOWiZwkYSPhNQlQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NOc+E2RqyaWKxIYPH+9fbtKJMWU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\NUDfGxG2FNpE4T+YOpjgSCXN82FL0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache
WGTRbtsGycjxOq1mPVD2x0Rt3E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\OgBm5Wgk2F2Fo5SftajCLBAOgOQh8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\oMtcNwSRmTCq8wMyykNTcPgb2FL8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\oMZMhxoA51NesSlAVc6dXncj1F4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\OQdiaDfTYJScu2yIdKRabP+hAUg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ouKRx25AQMiZ2QyVOiljiGQ9Myo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\p6p9E8e3R2FRnd+CcJXiM1Erj+HI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\PieGtZMeL3mfqGOYwFgcMNX1PZI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\PiuLd9taa2F7urtKhiUOldan0V9E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\PMQYI4uIuEKevv0S5PrzMWX96QI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\pQVjvk1ZiYjJy+1BXK6TRXscuu8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Prk8MV8s02F4qRZ7IbrLqbI88W9U= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\q1KWi2F5FNQR9ddvnZ+HeCQDHciU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Q2F1OGjXdcCtXryfrW7YFDY83+KY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qak8pT3L2yLyP5mOSiPhbsLcyf4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qEoc535+1+wH+CZlMhJ7HTU4TNw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qhDMKlDq22IS64JKS+SdWLD2FPtg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Qie4iQw1F0KSHGDQRe2wNWjH1rw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\qJMOXgI5ItUj7e1IeBLvQLYLsGQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\QJuMiHPYn+c3pi2KwCGiDQ6rTOU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\QksptnunIW+RQQFv1l2SgBkcCpo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\R4YKbWMmFpVfsBFDvElE2Hfdj3A= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\R6ltP0qdfolR8BTxJBY5VOvJ60Q= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCacheKNKZszHz4OAj4B2Fz0DQpcz5S3I= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCachelO0T6khy7JSdICPQaTk+6Zv2yw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\RqaftCZeUw19E6zu7URI2Fqt83fE= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCacheT9E7PjqR5fQLfsc+paaYYXfvso= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\S+c8gyL8O5ZxTtEamXVEcWNlWPg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\s3nly0yWbseQ2F8w5NDVg7o02FAQM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\smDyF+zNLxm4RtDeO+3v8ufq1BY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\SryhIGXpdxEHEwLg14D6JPyIwbI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\T2F32FlEArfa8NYyf3HePCV9j1Cs8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache	4n+mfNwALHF1m2m7OOxA5Ejyoc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\T85zXWngNifx7Z2vwpCYj+qgk6c= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Tbc03A2ewskrm2H2Fi+hc35IzxRY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache	hnJsZkl9sxKfY+o2FuU2FMznjx6k= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache	SE2xTb4ecpdEyzsy1ylZad2ZmU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UATYGPrcAcIdzUIPslUWCQ2FLvd0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UemGKbdjXxf29+BmMJsTqBWc5ew= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\uIozM5rk2Fz+Ho3B8dGyr10K2Fxt8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UJM2FrjawpDOxioXKFEUOyY2FvkPY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UmbRVoV+2dXxog4vVvxBFHMYquY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Un2bIo8Pt2FfbOdHlSd52FS66qmOY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\uqcw8MMnDlw51ziNU+QnisPlGNc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\usQgZc8MPagypWmmCBBKtnTMUvI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UWTZmYSH1x2FzLv+rol7EXRBgp6A= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\UzOFyB0zrH062Fjkz6XNMx0ZJFTo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\vca2FFXVu39iXYrhq5iIhOa05LOI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\VeLJzB5chutF3J4O3qgjPK4S3Ts= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\vHUUChQeOXk42FjPC9RbZbLmHqOw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\VOnX18DpGUGvTcGLJBoszCyMXdA= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\VS0wzFrp2FUXezoAjQt5eQYf9HCI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Vx2rvePAzrYPqiLnggpLnOisZJw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\vXvXhuhRwjkz9Qwz9AOfG2fyDpg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\w48pe2FZYSOHK78IBC5SWNrBBsO8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\wAvSgmAz3esOfM12adFPohGgLq0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\WE0x1UeBDh+myJXTC4nrVqNEYOo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\wEsPga6bJVE5FAYw0UcLoLjCpHY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\WgwfYQps6MQtVxNxlJQQwa2RzEg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Wstc+hWZzGnfo+A2FKG9oOYX4ZhQ= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\WuI0N6IufIg2qsIJ9cmvAyrBC+E= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Wy7YvYB5BjUxJmKjXH591hU+awk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Xg6TGAVeoYPtQaD2May6vGVVPxY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\XMkRKdkscOfusarjo4MQOn3QZa0= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\xn7EHWq+lzP7Ys4QY1eWck0CEUw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\xTvDG5KLoJg8v11+PNfdufok5y8= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\xWBOiBNUwyazouBLI2FkXmznyHwo= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\yGoBryTNGDIsO2Fdz6fzM8+v4vlM= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YJ0lK0JMNuZGg6GI2Fccd4UyCjVU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YLuhGGYuxCCd2FHBvMKPcJaXKCxU= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YRQZlLTVK4yh44kFepQYyrmbj4s= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YryW5XVn4lIDdDk1fUefLv95Y54= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YuKziuOwnKHrmXk+H34uo+3m72FI= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\YWqnLE4mrDMol0qEVTjmeiCi0fw= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\zbzciJmbEd0SJU7HvzLSmTSj7hk= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ziYOt4C5zpSHycS18xOOPSGoRuY= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\zSDWYTHFZoR2bEPPRxweGE2MRsc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\zsUfyI0+pORBy1UnAnVqani34Vg= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ZSVTkk1CNl3IiaRuRvFlCrbYIX4= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ZU1VBPdW+XjDhjw04+f3ba5ZoIc= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\Zyz4gBBw0AWlZ8ioxjqB2L6ip9Y= - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\MessengerCache\ - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\WPDNSE\ - deleted
C:\Users\PROPRI~1\AppData\Local\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\PROPRI~1\AppData\Local\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\PROPRI~1\AppData\Local\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Windows	emp\hpqddsvc.log - deleted
C:\Windows	emp\lpksetup-20080506-220502-0.log - deleted
C:\Windows	emp\lpksetup-20080506-220516-0.log - deleted
C:\Windows	emp\lpksetup-20080507-091144-0.log - deleted
C:\Windows	emp\lpksetup-20080507-091202-0.log - deleted
C:\Windows	emp
msmc_DQLWinService.log currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\Local Settings\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\Local Settings\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\Local Settings\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Marie\Local Settings\Temp\hpqddusr.log - deleted
C:\Users\Marie\Local Settings\Temp\MARB376.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MARB50C.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MARC032.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MARC17B.tmp - deleted
C:\Users\Marie\Local Settings\Temp\Marie.bmp - deleted
C:\Users\Marie\Local Settings\Temp\STSBB91.tmp - deleted
C:\Users\Marie\Local Settings\Temp\STSD9BC.tmp - deleted
C:\Users\Marie\Local Settings\Temp\~DF60D9.tmp - deleted
C:\Users\Marie\Local Settings\Temp\~DFE52E.tmp - deleted
C:\Users\Marie\Local Settings\Temp\~DFF385.tmp - deleted
C:\Users\Marie\Local Settings\Temp\MessengerCache\6CRutF+7plJVQhSgtkkNuuuvdRg= - deleted
C:\Users\Marie\Local Settings\Temp\MessengerCache\ThP4b6+4EJvQ4p8X6uDIX4OUyGM= - deleted
C:\Users\Marie\Local Settings\Temp\MessengerCache\ - deleted
C:\Users\Marie\Local Settings\Temp\WPDNSE\ - deleted
C:\Users\Invité\Local Settings\Temp\hpqddusr.log - deleted
C:\Users\Invité\Local Settings\Temp\Invité.bmp - deleted
C:\Users\Invité\Local Settings\Temp\MARAC16.tmp - deleted
C:\Users\Invité\Local Settings\Temp\MARAD4F.tmp - deleted
C:\Users\Invité\Local Settings\Temp\MARBED1.tmp - deleted
C:\Users\Invité\Local Settings\Temp\MARC058.tmp - deleted
C:\Users\Invité\Local Settings\Temp\STSB1D1.tmp - deleted
C:\Users\Invité\Local Settings\Temp\STSDB47.tmp - deleted
C:\Users\Invité\Local Settings\Temp\~DF1ECB.tmp - deleted
C:\Users\Invité\Local Settings\Temp\~DFC075.tmp - deleted
C:\Users\Invité\Local Settings\Temp\WPDNSE\ - deleted
C:\BOOTSECT.BAK - deleted
C:\Program Files\eMule\eMule Light.tmpl - deleted
C:\Program Files\eMule\eMule.tmpl - deleted
C:\Program Files\eMule\config\clients.met.bak - deleted
C:\Program Files\Hewlett-Packard\HP Advisor\LangRes\it_it\InternetStates.xml~ - deleted
C:\Program Files\Maxis\The Sims Creator\Scripts\GUIFragment\SimsHotKeys.adg.bak - deleted
C:\ProgramData\Microsoft\eHome\Favorites\channels.xml.bak - deleted
C:\ProgramData\Microsoft\eHome\Packages\MCESpotlight\BITEE67.tmp - deleted
C:\ProgramData\Microsoft\eHome\Recording\Recordings.xml.bak - deleted
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk - deleted
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B3.tmp currently in use. Will be deleted when Windows is restarted.
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B4.tmp currently in use. Will be deleted when Windows is restarted.
C:\ProgramData\Microsoft\Windows\DRM\DRMv1.bak - deleted
C:\Users\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B3.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\All Users\Microsoft\Search\Data\Temp\usgthrsvc\Ntf91B4.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Default\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Users\Default\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Feeds Cache\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Journal\Cache\NB9231.tmp - deleted
C:\Users\Invité\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008042120080428\index.dat - deleted
C:\Users\Invité\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050620080507\index.dat - deleted
C:\Users\Invité\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Feeds Cache\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\annaprout42@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\gambasitaloca@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Marie\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050620080507\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050720080508\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Users\Marie\AppData\Local\Microsoft\Windows Mail\edb.chk - deleted
C:\Users\Marie\AppData\Local\Microsoft Games\Minesweeper\MinesweeperSettings.xml.bak - deleted
C:\Users\Marie\AppData\Local\Microsoft Games\Minesweeper\windowprefs.xml.bak - deleted
C:\Users\Marie\AppData\Local\Microsoft Games\Spider Solitaire\windowprefs.xml.bak - deleted
C:\Users\Marie\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat - deleted
C:\Users\Marie\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat - deleted
C:\Users\Marie\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Feeds Cache\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft\Journal\Cache\NB3E7A.tmp - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaprout42@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaprout42@hotmail.com\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\annaraggy42@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\arbidouf@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\geli1963@hotmail.fr\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\volume.xml~ - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Messenger\mariemm67@hotmail.com\SharingMetadata\Working\database_72F6_73D9_F673_9C53\fsr.chk - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050720080508\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Microsoft Games\FreeCell\FreeCellSettings.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\FreeCell\windowprefs.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\Minesweeper\MinesweeperSettings.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\Minesweeper\windowprefs.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Microsoft Games\Spider Solitaire\windowprefs.xml.bak - deleted
C:\Users\Propriétaire\AppData\Local\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFD1FF.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFD206.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Local\Temp\~DFFED5.tmp currently in use. Will be deleted when Windows is restarted.
C:\Users\Propriétaire\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat - deleted
C:\Users\Propriétaire\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low\index.dat - deleted
C:\Users\Propriétaire\AppData\Roaming\Microsoft\Windows\Cookies\index.dat currently in use. Will be deleted when Windows is restarted.
C:\Users\Public\Downloads\eMule\downloads.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\002.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\009.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\011.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\015.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\027.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\031.part.met.bak - deleted
C:\Users\Public\Downloads\eMule\Temp\042.part.met.bak - deleted
C:\Windows\Debug\UserMode\ChkAcc.bak - deleted
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk - deleted
C:\Windows\System32\REN1741.tmp - deleted
C:\Windows\System32\catroot2\edb.chk - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008020420080205\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008050620080507\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - deleted
C:\Windows	wain_32\hpqgnds2.tmp - deleted
D:\Backup_Autorun.Bak - deleted
'Run MRU' list - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 102.7 MB of disk space from 10428 files.
CleanUp! finished on 05/07/08 17:58:32.




et je vais faire la derniere étape :)

Annaprout · Answer

Voici le rapport de clean :

 07/05/2008 a 18:04:58,21 
 
*** Recherche  C: 
 
*** Recherche  C:\Windows\ 
 
*** Recherche  C:\Windows\system32 
C:\Windows\system32\wininit.exe FOUND 
C:\Windows\system32\wininit.exe FOUND 
"C:\Windows\Downloaded Program Files\CONFLICT.1" FOUND 
 
*** Recherche  C:\Program Files 



si j'ai bien compris , il me resterait donc 3 fichiers infectés ?

merci encore pour ton aide :)

Utilisateur anonyme · Answer

Re !
1 plutôt  ;)


wininit.exe est légitime sous Vista .

Supprime C:\Windows\Downloaded Program Files\CONFLICT.1

**************

_Maintenant , nous allons supprimer les logiciels de désinfection que je t'ai fait téléchargé.
En effet , s'en servir est dangereux pour le pc si l'on ne s'y connais pas.
De plus ils sont mis régulièrement à jours.


&#8594; Ferme toutes les applications en cours, puis télécharge ToolsCleaner2 sur ton Bureau.

&#8594; Double clique sur ToolsCleaner2.exe >
&#8594; Clique sur .Recherche
&#8594; puis sur Suppression quand la liste est trouvée.
&#8594; Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\). 


(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )
 
Note : ton bureau RISQUE de disparaître, c'est normal. S'il n'apparaît pas à la fin du scan, fais la manip suivante :

CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau

Tuto : http://www.commentcamarche.net/faq/sujet 8341 toolscleaner suppression des fix de force brute ( merci espion3004 )


++

Annaprout · Answer

je n'ai pas trouvé  " C:\Windows\Downloaded Program Files\CONFLICT.1 " meme en affichant les dossiers cachés :S

Utilisateur anonyme · Answer

Re !

Ne passe pas encore Toolscleaner pour l'instant.



/!\ Manip crée spécialement pour cet utilisateur , ne pas reproduire chez soi ... /!\


1)Télécharge  OTMoveIt2 ( de Old Timer ) 

2)Une fois téléchargé  double-clique sur OTMoveIt2.exe pour le lancer.

Assure toi que la case Unregister Dll's and Ocx's soit bien cochée

3)puis copie les lignes en gras qui se trouvent en dessous :

C:\Windows\Downloaded Program Files\CONFLICT.1

et colle-les dans le cadre de gauche de OTMoveIt :   "Paste List Of Files/Folders to Move."
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre Results.
clique sur Exit pour fermer.
4) Poste le rapport situé dans C:\_OTMoveIt\MovedFiles.


(CTRL+A Pour tout selectionner  , CTRL+C pour copier et CTRL+V pour coller )

5) Il te sera peut-être demander de redémarrer le pc pour achever la suppression -> Accepte ( si il ne fait pas automatiquement , fait-le toi même )

/!\ Note : Au démarrage ton bureau RISQUE de ne plus apparaître , dans ce cas fait --> CTRL+ALT+SUPP pour ouvrir le Gestionnaire des tâches.
Puis rends toi à l'onglet "Processus". Clique en haut à gauche sur Fichiers et choisis "Exécuter"

Tape explorer.exe et valide. Cela fera re-apparaître le Bureau.


++

Annaprout · Answer

Voici le rapport 


C:\Windows\Downloaded Program Files\CONFLICT.1 moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 05072008_182109




je redémarre , a tout de suite :)

Utilisateur anonyme · Answer

Ok  !

Passe Toolscleaner maintenant ;)

++

Annaprout · Answer

hop c'est fait , mon bureau n'a pas disparu :)
donc le fichier a été supprimé ?

Annaprout · Answer

ok jme lance avec toolscleaner :)

Utilisateur anonyme · Answer

Re , oui il est mort  ^^   

++

Annaprout · Answer

Voici le rapport de toolscleaner :


-->- Recherche: 

C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programmes\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis: trouvé !
C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: trouvé !
C:\Users\Invité\Desktop\HijackThis.lnk: trouvé !
C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk: trouvé !
C:\Users\Marie\Desktop\HijackThis.lnk: trouvé !
C:\Users\Marie\Desktop\ComboFix.exe: trouvé !
C:\Users\Marie\Desktop\HJTInstall.exe: trouvé !
C:\Users\Propriétaire\Desktop\Clean.zip: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean	ar.exe: trouvé !
C:\Users\Propriétaire\Desktop\clean\cleanemove.reg: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\pskill.exe: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\LFiles.exe: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\gzip.exe: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\delsiri.cmd: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\delr.cmd: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\del3.cmd: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\del2.cmd: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\clean.cmd: trouvé !
C:\Users\Propriétaire\Desktop\clean\clean\cherche.cmd: trouvé !

---------------------------------
-->- Suppression: 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis\HijackThis.lnk: supprimé !
C:\Users\Invité\Desktop\HijackThis.lnk: supprimé !
C:\Users\IUSR_NMPR\Desktop\HijackThis.lnk: supprimé !
C:\Users\Marie\Desktop\HijackThis.lnk: supprimé !
C:\Users\Marie\Desktop\ComboFix.exe: supprimé !
C:\Users\Marie\Desktop\HJTInstall.exe: supprimé !
C:\Users\Propriétaire\Desktop\Clean.zip: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean	ar.exe: supprimé !
C:\Users\Propriétaire\Desktop\clean\cleanemove.reg: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\pskill.exe: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\LFiles.exe: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\gzip.exe: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\delsiri.cmd: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\delr.cmd: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\del3.cmd: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\del2.cmd: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\clean.cmd: supprimé !
C:\Users\Propriétaire\Desktop\clean\clean\cherche.cmd: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\ProgramData\Microsoft\Windows\Start Menu\Programmes\HijackThis: ERREUR DE SUPPRESSION !!
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis: supprimé !

Utilisateur anonyme · Answer

Re !


************************************

__Supprime Toolscleaner.

************************************

Maintenant que ton pc n'est plus infecté creer un nouveau point de restauration 

https://www.astucesinternet.com/modules/smartfaq/faq.php?faqid=113


++

Annaprout · Answer

c'est fait !!

je te remercie beaucoup pour toute ton aide , j'ai un ordi nickel maintenant :)

Utilisateur anonyme · Answer

;)

De rien  

Bon surf  =)  
++

Annaprout · Answer

:)

Antivir me detecte 3 virus

26 réponses

Discussions similaires

Newsletters