Virus windows live messenger

Slycorp -  
 Utilisateur anonyme -
Bonjour, cela fait quelques temps qu'un virus m'intéromp lorsque je suis connecté a Windows live messenger: ma sourie se bloque et un lien est envoyé a tout mes contacts en ligne sans que je ne puisse rien faire.
Mon anti-virus étant incapable de supprimer ce virus j'aimerais bien que l'on me propose une autre solution afin de le supprimer.
En vous remerciant d'avance .
Configuration: Windows XP
Firefox 3.5.6

5 réponses

  1. Utilisateur anonyme
     
    Bonsoir,

    Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    ! Déconnecte toi et FERME TOUTES TES APPLICATIONS EN COURS !

    Double-clique sur " RSIT.exe " pour le lancer .

    ▶ Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

    ▶ Devant l'option "List files/folders created ..." , tu choisis : 2 months

    ▶ clique ensuite sur " Continue " pour lancer l'analyse ...

    ▶ laisse faire le scan et ne touche pas au PC ...

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

    Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

    Important : poste un rapport, puis l'autre dans la réponse suivante
    Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

    ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
    0
    1. Slycorp
       
      Voici le rapport de log.txt :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by jerome soulet at 2009-12-23 17:55:37
      Microsoft Windows XP Professionnel Service Pack 3
      System drive C: has 45 GB (30%) free of 149 GB
      Total RAM: 2046 MB (38% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:56:42, on 23/12/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16945)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\brsvc01a.exe
      C:\WINDOWS\system32\brss01a.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
      c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\McAfee\MPF\MPFSrv.exe
      C:\Program Files\McAfee\MSK\MskSrver.exe
      C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Winsudate\gibsvc.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
      C:\Program Files\Dell Support Center\bin\sprtcmd.exe
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
      C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
      C:\Program Files\Orange\option fax\OptionFax.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
      C:\Program Files\Canon\CAL\CALMAIN.exe
      C:\WINDOWS\rndll.exe
      C:\Documents and Settings\jerome soulet\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Dell Support\DSAgnt.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Winsudate\gibusr.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
      C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
      C:\Program Files\Java\jre6\bin\jucheck.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Windows Live\Toolbar\wltuser.exe
      C:\WINDOWS\System32\regsvr32.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\jerome soulet\Bureau\RSIT.exe
      C:\Program Files\trend micro\jerome soulet.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://y.lo.st
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.shareware-fr.com/fr/index.php?rvs=hompag
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=3070220
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
      O2 - BHO: mysidesearch search enhancer - {30A27A1A-6558-86DA-35B8-4AA62524EFA3} - C:\WINDOWS\system32\ofgrmyrfolbhu.dll
      O2 - BHO: gooochi browser enhancer - {58A878F4-03F8-DD7B-6951-6DBD0911B381} - C:\WINDOWS\system32\fzmqhsxlmaa.dll
      O2 - BHO: MessengerUpdate - {5948A52A-BA3A-49A8-BCAF-D578502BDA9D} - C:\Documents and Settings\jerome soulet\Application Data\Messenger\Drivers\MsgUpdate.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\PROGRA~1\EoRezo\EoAdv\EOREZO~1.DLL (file missing)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
      O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: SmartAds browser enhancer qcslizbm - {F75173F2-6DF0-4E5A-908D-F4FFEB2688ED} - C:\WINDOWS\system32\qcslizbm.dll
      O2 - BHO: ezLife browser enhancer xnpwjqan - {FE69DCCC-5BEC-41A4-9E28-03C0AB888884} - C:\WINDOWS\system32\xnpwjqan.dll
      O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
      O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
      O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
      O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
      O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero BackItUp 4\NBKeyScan.exe"
      O4 - HKLM\..\Run: [option fax] "C:\Program Files\Orange\option fax\OptionFax.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe
      O4 - HKLM\..\Run: [Firevall Administrating] rndll.exe
      O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\jerome soulet\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
      O4 - HKLM\..\Run: [diazpdodsyoagyaa] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\fzmqhsxlmaa.dll"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
      O4 - HKCU\..\Run: [WinUsr] C:\Program Files\Winsudate\gibusr.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [IgfxSys] rundll32.exe "C:\Documents and Settings\jerome soulet\Application Data\Messenger\Drivers\IgfxSys.dll",StartProtector
      O4 - HKCU\..\Run: [RegDokFRT] C:\Program Files\RegistryDoktor 4.1\RegistryDoktor.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
      O15 - Trusted Zone: http://*.mcafee.com
      O16 - DPF: {1FF43AD5-2262-4C2F-81D4-26D710C3F305} (VB2S Mannequin Virtuel Control) - http://mannequin.redoute.fr/activex/Mannequin.cab
      O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {91D4B4D5-E368-40AB-8F53-A37FA634B471} (Installer9Ctrl Class) - http://www.tellmemorecampus.com/bin/tol9inst.cab
      O16 - DPF: {A06BE318-C096-11D4-964F-0010A4D06F69} (TeleTVA Control) - https://tva.dgi.minefi.gouv.fr/activeX/TeleTVA.tva
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5382/mcfscan.cab
      O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
      O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
      O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
      O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe
      O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
      O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
      O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe
      O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
      O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe
      O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
      O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
      O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
      O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
      O23 - Service: Gestionnaire de mise à jour Winsudate (WinSvc) - Winsudate - C:\Program Files\Winsudate\gibsvc.exe
      0
  2. Utilisateur anonyme
     
    ▶ Télécharge Ad-remover ( de C_XX ) sur ton bureau :

    ▶ Déconnecte toi et ferme toutes applications en cours !

    ▶ Double clique sur "Ad-R.exe" pour lancer l'installation et laisse les paramètres d'installation par défaut .

    ▶ Double-clique sur le raccourci Ad-remover qui est sur ton bureau pour lancer l'outil .

    ▶ Au menu principal choisis l'option "L" et tape sur [entrée] .

    ▶ Laisse travailler l'outil et ne touche à rien ...

    ▶ Poste le rapport qui apparait à la fin , sur le forum ...

    ( Le rapport est sauvegardé aussi sous C:\Ad-report.log )
    ( CTRL+A Pour tout sélectionner , CTRL+C pour copier et CTRL+V pour coller )

    ▶ Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. Slycorp
       
      voici le rapport:

      .
      ======= RAPPORT D'AD-REMOVER 1.1.4.6_F | UNIQUEMENT XP/VISTA/7 =======
      .
      Mit à jour par C_XX le 23.12.2009 à 20:36
      Contact: AdRemover.contact@gmail.com
      Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
      .
      Lancé à: 21:04:41, 24/12/2009 | Mode Normal | Option: CLEAN
      Exécuté de: C:\Program Files\Ad-Remover\
      Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
      Nom du PC: BUREAU | Utilisateur actuel: jerome soulet

      Bonnes fêtes de fin d'année à vous tous :)
      .
      ============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
      .

      C:\DOCUME~1\JEROME~1\APPLIC~1\Mozilla\FireFox\Profiles\s4swq5vp.default\searchplugins\Yoog Search.xml
      C:\Program Files\Smart-Ads-Solutions
      C:\Program Files\Winsudate
      C:\DOCUME~1\JEROME~1\APPLIC~1\EoRezo
      C:\DOCUME~1\JEROME~1\APPLIC~1\Smart-Ads-Solutions
      C:\WINDOWS\system32\mxnkdegctvkynq.exe
      C:\WINDOWS\system32\u_ofgrmyrfolbhu.dll.exe
      C:\WINDOWS\system32\ofgrmyrfolbhu.dll - ... [b]ERREUR SUPPRESSION !!/b
      C:\WINDOWS\system32\fzmqhsxlmaa.dll - ... [b]ERREUR SUPPRESSION !!/b
      C:\WINDOWS\system32\ofgrmyrfolbhu.dll - ... [b]ERREUR SUPPRESSION !!/b

      (!) -- Fichiers temporaires supprimés.

      .
      HKCU\software\appdatalow\2297199f-9cf2-64f1-64a7-c6f3a5ca56b3
      HKCU\software\appdatalow\eed64a28-0f66-fe56-30c8-52e77fd63dfe
      HKCU\software\appdatalow\HavingFunOnline
      HKCU\Software\AppDataLow\software\{63251812-DC26-141E-0FF1-C4663669F6CB}
      HKCU\software\EoRezo
      HKCU\software\microsoft\internet explorer\searchscopes\{740537D5-481D-4A67-97DD-AE176D84C830}
      HKCU\software\microsoft\internet explorer\searchscopes\{BCE02E95-D90E-48A8-B5A5-03FE84FB7CA4}
      HKCU\software\microsoft\internet explorer\searchscopes\{D0B4EF38-156F-4412-8F2F-06C229229503}
      HKCU\software\microsoft\internet explorer\searchscopes\{DFBD81C8-17B5-47A3-96B7-B9DE32D13A2C}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64F56FC1-1272-44CD-BA6E-39723696E350}
      HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\WinUsr
      HKLM\Software\Classes\CLSID\{30A27A1A-6558-86DA-35B8-4AA62524EFA3}
      HKLM\Software\Classes\CLSID\{58A878F4-03F8-DD7B-6951-6DBD0911B381}
      HKLM\Software\Classes\CLSID\{64F56FC1-1272-44CD-BA6E-39723696E350}
      HKLM\Software\Classes\CLSID\{B35BAC80-F31E-305C-EE91-554B8DE28720}
      HKLM\Software\Classes\Interface\{B0D071A1-36B3-4757-A126-14C89C56013A}
      HKLM\Software\Classes\TypeLib\{937936AF-28CA-4973-B8AE-F250406149A2}
      HKLM\Software\Classes\TypeLib\{B4C656C9-F2E9-4E77-B3F4-443DF2BD778F}
      HKLM\software\EoRezo
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30A27A1A-6558-86DA-35B8-4AA62524EFA3}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{58A878F4-03F8-DD7B-6951-6DBD0911B381}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64F56FC1-1272-44CD-BA6E-39723696E350}
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
      HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
      HKLM\software\microsoft\windows\currentversion\uninstall
      HKLM\software\microsoft\windows\currentversion\uninstall\SoftwareUpdate_is1
      HKU\.default\software\EoRezo
      .
      ============== Scan additionnel ==============
      .
      .
      * Mozilla FireFox Version 3.5.6 [fr] *
      .
      Nom du profil: s4swq5vp.default (jerome soulet)
      .
      (JEROME~1, Invalidprefs.js) //er_prefbrowser.search.selectedEngine, Google
      (JEROME~1, Invalidprefs.js) Browser.search.selectedEngine, Search
      (JEROME~1, Invalidprefs.js) Browser.startup.homepage, hxxp://lo.st#home.
      (JEROME~1, Invalidprefs.js) EFFACE - Browser.startup.homepage, hxxp://lo.st#home.
      (JEROME~1, prefs.js) Browser.download.lastDir, F:\beasoulet\CYCLE 3\CE2\CE2
      (JEROME~1, prefs.js) Browser.search.defaultenginename, 4.6.6.1
      (JEROME~1, prefs.js) Browser.search.defaulturl, 4.6.6.1
      (JEROME~1, prefs.js) Browser.search.selectedEngine, 4.6.6.1
      (JEROME~1, prefs.js) Browser.startup.homepage, hxxp://fr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official
      (JEROME~1, prefs.js) Extensions.enabledItems, {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}:6.0.04,{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05,{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,jqs@sun.com:1.0,{B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.6
      (JEROME~1, prefs.js) Keyword.URL, 4.6.6.1
      .
      (JEROME~1, prefs.js) EFFACE - Browser.search.order.1, Fast Browser Search
      .
      (JEROME~1, user.js) Browser.search.defaultenginename, 4.6.6.1
      (JEROME~1, user.js) Browser.search.defaulturl, 4.6.6.1
      (JEROME~1, user.js) Browser.search.selectedEngine, 4.6.6.1
      (JEROME~1, user.js) Keyword.URL, 4.6.6.1
      .
      .
      * Internet Explorer Version 7.0.5730.13 *
      .
      [HKEY_CURRENT_USER\..\Internet Explorer\Main]
      .
      Do404Search: 01000000
      Local Page: C:\WINDOWS\system32\blank.htm
      Show_ToolBar: yes
      Start Page: hxxp://fr.msn.com/
      Use Search Asst: no
      Use Custom Search URL: 1 (0x1)
      Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Enable Browser Extensions: yes
      Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
      .
      Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      Delete_Temp_Files_On_Exit: yes
      Local Page: %SystemRoot%\system32\blank.htm
      Start Page: hxxp://fr.msn.com/
      Search bar: hxxp://search.msn.com/spbasic.htm
      HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main\Start Page
      .
      [HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
      .
      Tabs: res://ieframe.dll/tabswelcome.htm
      .
      ============== Suspect (Cracks, Serials, ...) ==============
      .
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08044.exe
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_1_08060_20.exe
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08100_2.0.exe
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08267_2.0.exe
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08298_2.0.exe
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_08335_2.0.exe
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\DSCPatch_2_2_09085_2.0.exe
      C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\exec\PCD_Patch_1.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.2.9056-to-3.0.3.9183-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.3.9183-to-3.0.8.9464-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.8.9464-to-3.0.8.9506-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.0.8.9506-to-3.0.9.9551-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.0.9767-to-3.1.1.9806-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.1.9806-to-3.1.1.9835-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.1.9835-to-3.1.2.9901-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\WoW-3.1.2.9901-to-3.1.3.9947-frFR-patch.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\ghuetyW\World of Warcraft Shindorei\Patches\WoW-3.0.9.9551-to-3.1.0.9767-frFR-Win\WoW-3.0.9-to-3.1.0-frFR-Win-patch\BNUpdate.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\HIYTjhdfzM\FR\Patcher.exe
      C:\Documents and Settings\jerome soulet\Bureau\Kevin\Mes documents\azkarfegD\HIYTjhdfzM\FR\PatcherPatch.exe
      C:\Documents and Settings\jerome soulet\Local Settings\Application Data\SupportSoft\DellSupportCenter\jerome soulet\exec\DSCPatch07311.exe
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_0.0_2.0.0.23619_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23619_2.0.0.23654_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23654_2.0.0.23662_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23662_2.0.0.23663_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23663_2.0.0.23665_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23665_2.0.0.23666_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.23666_2.0.0.24039_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.24039_2.0.0.24040_base.zip
      C:\Documents and Settings\jerome soulet\Mes documents\les documents … Floriane\Dofus 2\app\_uplauncher\patch_2.0.0.24040_2.0.0.24212_base.zip
      .
      ===================================
      .
      587 Octet(s) - C:\Ad-Report-CLEAN[1].log
      10140 Octet(s) - C:\Ad-Report-CLEAN[2].log
      .
      6 Fichier(s) - C:\DOCUME~1\JEROME~1\LOCALS~1\Temp
      8 Fichier(s) - C:\WINDOWS\Temp
      10 Fichier(s) - C:\WINDOWS\Prefetch
      .
      37 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
      37 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
      .
      Fin à: 21:21:04 | 24/12/2009 - CLEAN[2]
      .
      ============== E.O.F ==============
      .
      0
  3. Utilisateur anonyme
     
    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    ▶ Télécharge :

    Malwarebytes

    ou :

    Malwarebytes

    ▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    ▶ Potasses le Tuto pour te familiariser avec le prg :

    ( cela dit, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    ▶ Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    ▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    ▶ à la fin tu cliques sur "résultat" .
    Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
    1. Slycorp
       
      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1142
      Windows 5.1.2600 Service Pack 2

      12/09/2008 22:29:14
      mbam-log-2008-09-12 (22-29-14).txt

      Type de recherche: Examen complet (C:\|)
      Eléments examinés: 134492
      Temps écoulé: 43 minute(s), 21 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 14
      Valeur(s) du Registre infectée(s): 7
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 4
      Fichier(s) infecté(s): 74

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\CLSID\{51AFE130-73BB-0EA9-4EC0-03B4D3F72AC3} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dc_ads.ads (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\dc_ads.ads.1 (Trojan.BHO) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{0656a137-b161-cadd-9777-e37a75727e78} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{0b682cc1-fb40-4006-a5dd-99edd3c9095d} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{0e1230f8-ea50-42a9-983c-d22abc2eeb4c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{9dd4258a-7138-49c4-8d34-587879a5c7a4} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{b8c0220d-763d-49a4-95f4-61dfdec66ee6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{c3bcc488-1ae7-11d4-ab82-0010a4ec2338} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{000000da-0786-4633-87c6-1aa7a4429ef1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{54645654-2225-4455-44a1-9f4543d34545} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{5c7f15e1-f31a-44fd-aa1a-2ec63aaffd3a} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IE Custom Tools (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MultiMedia Software (Trojan.Zlob) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\mntact (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\strprocsh (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\enwebmon (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\oo4zzzfgk1 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\WINDOWS\mslagent (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\akl (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\Inet Delivery (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Program Files\zcbtknc\MntAct.dll (Trojan.FakeAlert.H) -> Delete on reboot.
      C:\WINDOWS\system32\zqtsrwfs.exe (Trojan.FakeAlert.H) -> Delete on reboot.
      C:\WINDOWS\system32\odipensn.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
      C:\Documents and Settings\All Users\Application Data\qfqdwnmt\cjgjgbiv.exe (Trojan.FakeAlert.H) -> Delete on reboot.
      C:\RECYCLER\S-1-5-21-2530769841-3970789835-1896456951-1006\Dc2\Quarantine\C\WINDOWS\system32\myss_sb_uninstall.exe.vir (Adware.BHO) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP555\A0165576.exe (Adware.BHO) -> Quarantined and deleted successfully.
      C:\System Volume Information\_restore{340C3340-2EBB-4324-859A-C37E85627171}\RP495\A0132268.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> Quarantined and deleted successfully.
      C:\WINDOWS\mslagent\2_mslagent.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\WINDOWS\mslagent\mslagent.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\WINDOWS\mslagent\uninstall.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\Inet Delivery\inetdl.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\Program Files\Inet Delivery\intdel.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\{f0a15cab-f693-fb9a-efaa-0bd12148e591}.dll-uninst.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\a.bat (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\base64.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\FVProtect.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\userconfig9x.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\winsystem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\zip1.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\zip2.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\zip3.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\zipped.tmp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
      C:\WINDOWS\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\iTunesMusic.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\emesx.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\h@tkeysh@@k.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\medup012.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\medup020.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.

      Et Bonne année =)
      0
  4. Utilisateur anonyme
     
    Vide la qurantaine de Malwarebyte's :

    > Lance Malwarebyte's
    > Onglet quarantaine
    > Supprimer tout

    =======

    ▶ Télécharge et install UsbFix par Chiquitine29

    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

    ▶ Double clic sur le raccourci UsbFix présent sur ton bureau .

    ▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    ▶ Au second menu Choisis l'option " 1 " (recherche) et tape sur [entrée]

    ▶ Laisse travailler l'outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra.

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

    Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
    Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
    Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.
    0
    1. Slycorp
       
      ############################## | UsbFix V6.074 |

      User : jerome soulet (Administrateurs) # BUREAU
      Update on 15/01/2010 by El Desaparecido , C_XX & Chimay8
      Start at: 17:47:28 | 17/01/2010
      Website : http://pagesperso-orange.fr/NosTools/index.html
      Contact : FindyKill.Contact@gmail.com

      AMD Athlon(tm) 64 X2 Dual Core Processor 5000+
      Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      Internet Explorer 7.0.5730.13
      Windows Firewall Status : Disabled
      AV : McAfee VirusScan [ Enabled | (!) Outdated ]
      FW : McAfee Personal Firewall[ Enabled ]

      C:\ -> Disque fixe local # 145,95 Go (27,95 Go free) # NTFS
      D:\ -> Disque CD-ROM # 3,44 Go (0 Mo free) [Mon disque] # CDFS
      E:\ -> Disque CD-ROM # 2,01 Go (0 Mo free) [Mon disque] # CDFS
      F:\ -> Disque fixe local # 465,65 Go (460,03 Go free) [VERBATIM] # FAT32

      ############################## | Processus actifs |

      C:\WINDOWS\System32\smss.exe 680
      C:\WINDOWS\system32\csrss.exe 732
      C:\WINDOWS\system32\winlogon.exe 756
      C:\WINDOWS\system32\services.exe 800
      C:\WINDOWS\system32\lsass.exe 812
      C:\WINDOWS\system32\svchost.exe 1008
      C:\WINDOWS\system32\svchost.exe 1116
      C:\WINDOWS\System32\svchost.exe 1212
      C:\WINDOWS\system32\svchost.exe 1256
      C:\WINDOWS\system32\svchost.exe 1388
      C:\WINDOWS\system32\svchost.exe 1520
      C:\WINDOWS\system32\brsvc01a.exe 1648
      C:\WINDOWS\system32\brss01a.exe 1664
      C:\WINDOWS\system32\spoolsv.exe 1672
      C:\WINDOWS\system32\SCardSvr.exe 1720
      C:\WINDOWS\system32\svchost.exe 1796
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 1828
      C:\Program Files\Bonjour\mDNSResponder.exe 1848
      C:\WINDOWS\system32\svchost.exe 1868
      C:\Program Files\Firebird\Firebird_1_5\bin\fbguard.exe 1904
      C:\Program Files\Java\jre6\bin\jqs.exe 196
      C:\Program Files\McAfee\SiteAdvisor\McSACore.exe 220
      C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe 256
      c:\program files\fichiers communs\mcafee\mna\mcnasvc.exe 420
      c:\PROGRA~1\FICHIE~1\mcafee\mcproxy\mcproxy.exe 596
      C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe 1024
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE 1380
      C:\WINDOWS\Explorer.EXE 1452
      C:\Program Files\McAfee\MPF\MPFSrv.exe 2104
      c:\PROGRA~1\mcafee.com\agent\mcagent.exe 2116
      C:\Program Files\McAfee\MSK\MskSrver.exe 2148
      C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe 2236
      C:\WINDOWS\system32\nvsvc32.exe 2324
      C:\Program Files\Nero\Nero BackItUp 4\IoctlSvc.exe 2364
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 2408
      C:\Program Files\Dell Support Center\bin\sprtsvc.exe 2540
      C:\WINDOWS\system32\svchost.exe 2584
      C:\Program Files\Canon\CAL\CALMAIN.exe 3244
      C:\Program Files\Firebird\Firebird_1_5\bin\fbserver.exe 3312
      C:\WINDOWS\system32\wbem\wmiapsrv.exe 3392
      C:\WINDOWS\System32\alg.exe 3856
      C:\Program Files\Java\jre6\bin\jusched.exe 1476
      C:\WINDOWS\stsystra.exe 2056
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe 2524
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE 2604
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe 2756
      C:\WINDOWS\System32\svchost.exe 3344
      C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe 3628
      C:\WINDOWS\system32\rundll32.exe 3780
      C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe 3844
      C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe 3960
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe 4016
      C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe 4040
      C:\Program Files\Orange\option fax\OptionFax.exe 452
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe 728
      C:\Program Files\iTunes\iTunesHelper.exe 2248
      C:\WINDOWS\vsnpstd3.exe 2332
      C:\Program Files\Corel\Corel Snapfire Plus\Corel Photo Downloader.exe 1108
      C:\WINDOWS\system32\ctfmon.exe 1076
      C:\Program Files\Dell Support\DSAgnt.exe 2580
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe 2900
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe 3580
      C:\WINDOWS\system32\wuauclt.exe 3180
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 3684
      C:\PROGRA~1\Wanadoo\ComComp.exe 3564
      C:\PROGRA~1\Wanadoo\Toaster.exe 1704
      C:\PROGRA~1\Wanadoo\Inactivity.exe 1096
      C:\PROGRA~1\Wanadoo\PollingModule.exe 960
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE 2748
      C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe 3740
      C:\PROGRA~1\Wanadoo\Watch.exe 1144
      C:\Program Files\iPod\bin\iPodService.exe 4176
      C:\Program Files\Skype\Phone\Skype.exe 5132
      C:\Program Files\Digital Line Detect\DLG.exe 5352
      C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe 5396
      C:\Program Files\Java\jre6\bin\jucheck.exe 5740
      C:\WINDOWS\system32\wscntfy.exe 3732
      C:\Program Files\Mozilla Firefox\firefox.exe 5420
      C:\WINDOWS\system32\wbem\wmiprvse.exe 5784

      ################## | Elements infectieux |

      C:\Documents and Settings\jerome soulet\Mes documents\T‚l‚chargements\IMG67463_95.JPG-www.myspace.com.exe

      ################## | Registre |

      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System] "DisableRegistryTools"
      [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
      [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

      ################## | Mountpoints2 |

      HKCU\..\..\Explorer\MountPoints2\{053c87ef-e5a8-11de-82b4-00188b5bd6ff}
      Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
      Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ

      HKCU\..\..\Explorer\MountPoints2\{0c0cbbe4-de42-11de-82b1-00188b5bd6ff}
      Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
      Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ

      HKCU\..\..\Explorer\MountPoints2\{66834c02-ea19-11de-82b6-00188b5bd6ff}
      Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
      Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ

      HKCU\..\..\Explorer\MountPoints2\{7d6cab24-c42e-11db-8079-00188b5bd6ff}
      Shell\AutoRun\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ
      Shell\open\command =G:\driver\usb\–¼‡‘Š•†‘Í€ŒŽ

      ################## | Cracks > Keygens > Serials |


      ################## | ! Fin du rapport # UsbFix V6.074 ! |

      Dsl du retard
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Utilisateur anonyme
     
    (!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d avoir été infectés sans les ouvrir

    ▶ Double clic (clic droit "en tant qu'administrateur" pour Vista)sur le raccourci UsbFix présent sur ton bureau

    ▶ Au menu principal choisis l'option " F " pour français et tape sur [entrée] .

    ▶ Au second menu Choisis l'option " 2 " ( Suppression ) et tape sur [entrée]

    ▶ Ton bureau disparaitra et le pc redémarrera .

    ▶ Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

    ▶ Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

    Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

    ( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
    0