Trojan en boucle.

Résolu
I-endil Messages postés 10 Statut Membre -  
ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   -
Bonjour,

Voila j'ai un trojan qui tourne en boucle sur mon PC. J'ai fait un scan complet d'avast qui m'en a supprimé des bout, puis CC cleaner et Spybot qui m'ont trouvé d'autres trucs.

Je vous poste le résultat de HijackThis.

Un grand merci à ceux qui voudront m'aider en parlant français car je suis un vrai néophyte la dedans.

Logfile of HijackThis v1.99.1
Scan saved at 12:20:10, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\mrofinu2000351.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\xInsIDE\xInsIDE.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Georges Felix\Bureau\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {91262C60-DD10-46FA-A09B-AE14902ECA11} - C:\WINDOWS\system32\ssqpnlk.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E1C2832211379A26033AAC
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S210.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ssqpnlk - C:\WINDOWS\SYSTEM32\ssqpnlk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Cordialement.
I-endil
Configuration: Windows XP
Firefox 2.0.0.11

15 réponses

  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour I-endil,

    pour commencer la version de hijack est pas à jour

    Télécharge sur le Bureau.
    http://www.atribune.org/ccount/click.php?id=4

    => Double-clic VundoFix.exe.
    => Clic OK
    => Attendre le redemarrage de Vundofix
    => Clic Scan for Vundo
    => Le scan est assez long , à la fin
    => Clic Remove Vundo
    => Puis yes
    => Le Bureau disparaît un moment lors de la suppression des fichiers.
    => Message shutdown
    => clic OK
    => Redémarrage auto
    => copier le rapport qui est dans C:vundofix.txt

    ensuite une fois ceci fait refais un rapport hijack
    avec cette version ftp://ftp.commentcamarche.com/download/HJTInstall.exe
    @+
    0
  2. I-endil Messages postés 10 Statut Membre
     
    Merci, voici ce que tu m'as demandé.

    VundoFix V6.7.7

    Checking Java version...

    Java version is 1.5.0.6
    Old versions of java are exploitable and should be removed.

    Java version is 1.5.0.10

    Java version is 1.5.0.11

    Scan started at 12:57:17 03/02/2008

    Listing files found while scanning....

    C:\WINDOWS\system32\ssqpnlk.dll

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ssqpnlk.dll
    C:\WINDOWS\system32\ssqpnlk.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\ssqpnlk.dll
    C:\WINDOWS\system32\ssqpnlk.dll Could not be deleted.

    Performing Repairs to the registry.
    Done!

    ----------------------------------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:52:53, on 03/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\mrofinu2000351.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
    C:\Program Files\xInsIDE\xInsIDE.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {91262C60-DD10-46FA-A09B-AE14902ECA11} - C:\WINDOWS\system32\ssqpnlk.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu2000351.exe 61A847B5BBF72810329B385577F801F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310F3D1DC7E4638E8323A15806F97BDE4417E6FD967002BA754E1C2832211379A26033AAC
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S210.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/Combo-Fix.exe
    et sauvegarde le sur ton bureau et pas ailleurs!

    Double-clic sur combofix,
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  4. I-endil Messages postés 10 Statut Membre
     
    Voila le rapport.

    ComboFix 08-01-30.1 - Georges Felix 2008-02-03 14:58:11.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.574 [GMT 1:00]
    Endroit: C:\Documents and Settings\Georges Felix\Bureau\Combo-Fix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\Documents and Settings\Georges Felix\Local Settings\Application Data\bcoabgxra.dat
    c:\documents and settings\georges felix\local settings\application data\bcoabgxra.exe
    C:\Documents and Settings\Georges Felix\Local Settings\Application Data\bcoabgxra_nav.dat
    C:\Documents and Settings\Georges Felix\Local Settings\Application Data\bcoabgxra_navps.dat
    C:\Documents and Settings\Georges Felix\Local Settings\Application Data\fybzlajc_navfx.dat
    C:\Program Files\Temporary
    C:\Program Files\Temporary\kernInst.exe
    C:\WINDOWS\b153.exe
    C:\WINDOWS\mrofinu2000351.exe
    C:\WINDOWS\pack.epk
    C:\WINDOWS\system32\pmnlj.dll
    C:\WINDOWS\system32\ssqpnlk.dll

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-01-03 to 2008-02-03 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-03 13:52 . 2008-02-03 13:52 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-03 12:57 . 2008-02-03 13:48 <REP> d-------- C:\VundoFix Backups
    2008-02-03 12:03 . 2008-02-03 12:06 <REP> d-------- C:\Program Files\Panda Security
    2008-02-02 19:09 . 2008-02-02 19:09 11,776 --ahs---- C:\WINDOWS\system32\Thumbs.db
    2008-01-31 23:06 . 2008-01-31 23:06 <REP> d-------- C:\Program Files\xInsIDE
    2008-01-31 22:03 . 2008-01-31 22:03 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
    2008-01-30 19:56 . 2008-01-30 19:56 36,864 -ra------ C:\WINDOWS\mrofinu.exe.tmp
    2008-01-28 21:41 . 2008-01-28 21:41 50,638 --a------ C:\Program Files\serial.zip
    2008-01-28 21:41 . 2008-01-28 21:41 50,638 --a------ C:\Program Files\serial.dat

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-03 13:58 --------- d-----w C:\Program Files\FlashGet
    2008-02-03 13:52 --------- d-----w C:\Documents and Settings\Georges Felix\Application Data\Skype
    2008-02-03 12:51 --------- d-----w C:\Program Files\BOINC
    2008-02-03 00:05 --------- d-----w C:\Program Files\Monkey's Audio
    2008-02-02 18:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-01-31 18:19 --------- d-----w C:\Program Files\Yahoo!
    2008-01-31 16:21 --------- d-----w C:\Program Files\eMule
    2008-01-31 16:13 --------- d-----w C:\Program Files\Windows Defender
    2008-01-20 21:17 --------- d-----w C:\Documents and Settings\Georges Felix\Application Data\X-Chat 2
    2008-01-02 19:38 --------- d-----w C:\Documents and Settings\Georges Felix\Application Data\teamspeak2
    2008-01-02 16:27 --------- d-----w C:\Program Files\FFVIII
    2008-01-02 15:51 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-12-14 18:27 --------- d-----w C:\Program Files\X-Chat 2
    2007-12-09 11:04 --------- d-----w C:\Program Files\epson
    2007-12-09 11:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
    2007-12-08 17:16 --------- d-----w C:\Program Files\DivX
    2007-12-08 11:08 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2007-12-08 11:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2007-12-04 22:35 --------- d-----w C:\Program Files\CCleaner
    2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
    2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
    2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
    2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
    2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
    2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
    2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
    2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
    2007-10-07 12:53 278,528 ----a-w C:\Program Files\Fichiers communs\FDEUnInstaller.exe
    2007-09-19 14:37 92,064 ----a-w C:\Documents and Settings\Georges Felix\mqdmmdm.sys
    2007-09-19 14:37 9,232 ----a-w C:\Documents and Settings\Georges Felix\mqdmmdfl.sys
    2007-09-19 14:37 79,328 ----a-w C:\Documents and Settings\Georges Felix\mqdmserd.sys
    2007-09-19 14:37 66,656 ----a-w C:\Documents and Settings\Georges Felix\mqdmbus.sys
    2007-09-19 14:37 6,208 ----a-w C:\Documents and Settings\Georges Felix\mqdmcmnt.sys
    2007-09-19 14:37 5,936 ----a-w C:\Documents and Settings\Georges Felix\mqdmwhnt.sys
    2007-09-19 14:37 4,048 ----a-w C:\Documents and Settings\Georges Felix\mqdmcr.sys
    2007-09-19 14:37 25,600 ----a-w C:\Documents and Settings\Georges Felix\usbsermptxp.sys
    2007-09-19 14:37 22,768 ----a-w C:\Documents and Settings\Georges Felix\usbsermpt.sys
    2007-04-20 17:31 22,712 -c--a-w C:\Documents and Settings\Georges Felix\Application Data\Pamela_Crash_4628F8ED.zip
    2006-05-28 16:46 397,306 ----a-w C:\Program Files\wunauclt.zip
    2006-05-28 16:46 397,306 ----a-w C:\Program Files\wunauclt.tbe
    2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
    2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 21:00 15360]
    "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2005-03-14 00:37 1057280]
    "Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
    "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11 94208]
    "EPSON Stylus DX8400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.exe" [2007-04-12 07:00 182272]
    "xInsIDE"="C:\Program Files\xInsIDE\xInsIDE.exe" [2008-01-31 23:06 61440]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
    "SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2006-06-01 01:48 16208384 C:\WINDOWS\RTHDCPL.exe]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 18:58 282624]
    "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 21:00 455168]
    "nwiz"="nwiz.exe" [2006-07-11 23:19 1519616 C:\WINDOWS\system32\nwiz.exe]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-11 23:19 86016]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-11 23:19 7626752]
    "ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 16:15 45056]
    "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648]
    "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 21:00 59392]
    "LaunchApp"="Alaunch" []
    "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 21:00 208952]
    "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 21:00 44032]
    "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 14:40 413696]
    "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 14:01 67584]
    "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 15:00 345088]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
    "Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 19:54 49152]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-07-12 14:03 185784]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 21:00 15360]
    "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 13:45 36040]

    C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
    Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2007-01-11 18:45:53 45056]
    Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 19:25:14 745472]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
    Moniteur de ressources Extender.lnk - C:\WINDOWS\ehome\RMSysTry.exe [2005-10-20 18:55:40 18432]
    SiWake.lnk - C:\Program Files\Wireless LAN Utility\SiWake.exe [2007-10-07 14:08:44 155648]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "AllowLegacyWebView"= 1 (0x1)
    "AllowUnhashedWebView"= 1 (0x1)

    R0 UBHelper;UBHelper;C:\WINDOWS\system32\drivers\UBHelper.sys [2004-12-17 03:14]
    R2 RMSvc;Media Center Extender Resource Monitor;C:\WINDOWS\ehome\RMSvc.exe [2005-10-20 18:55]
    R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
    R3 psdfilter;psdfilter;C:\WINDOWS\system32\Drivers\psdfilter.sys [2006-04-07 20:17]
    R3 psdvdisk;psdvdisk;C:\WINDOWS\system32\Drivers\psdvdisk.sys [2006-03-08 17:10]
    S3 QWAVE;QWAVE service;C:\WINDOWS\system32\svchost.exe [2004-08-10 21:00]
    S3 SIS163u;SiS163 USB Wireless LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\sis163u.sys [2005-11-02 09:53]
    S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 10:38]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    QWAVE REG_MULTI_SZ QWAVE

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2008-01-28 20:42:18 C:\WINDOWS\Tasks\At1.job"
    - C:\WINDOWS\user32.exe
    "2008-01-28 20:42:18 C:\WINDOWS\Tasks\At2.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-01-28 20:42:18 C:\WINDOWS\Tasks\At3.job"
    - C:\WINDOWS\dr.exe
    "2008-01-28 20:42:18 C:\WINDOWS\Tasks\At4.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-01-28 20:42:21 C:\WINDOWS\Tasks\At5.job"
    - C:\WINDOWS\system32\wunauclt.exe
    "2008-01-28 20:42:22 C:\WINDOWS\Tasks\At6.job"
    - C:\WINDOWS\dr.exe
    "2008-02-03 12:53:04 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
    - C:\Program Files\Windows Defender\MpCmdRun.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-03 15:00:11
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-03 15:00:43
    ComboFix-quarantined-files.txt 2008-02-03 14:00:34
    .
    2008-01-31 21:22:21 --- E O F ---
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "xInsIDE"=-

    Puis "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    ensuite refais hijack stp
    0
  7. I-endil Messages postés 10 Statut Membre
     
    Voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:16:54, on 03/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE
    C:\Program Files\xInsIDE\xInsIDE.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\ragnarok\AeRO\aoexe.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S210.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Télécharge:
    http://www.grisoft.cz/filedir/inst/avgas-setup-7.5.1.43.exe AVG-AntiSpyware
    = Installer
    = Le lancer
    = Clic : Mise à jour
    ------
    = Redémarre en mode Sans Échec (le démarrage peut prendre plusieurs minutes)
    Attention, pas d’accès à internet dans ce mode. Enregistre ou imprime les consignes.

    Relance le Pc et tapote la touche F8 ( ou F5 pour certains) , jusqu’à l’apparition des inscriptions avec choix de démarrage
    Avec les touches « flèches », sélectionne Mode sans échec ==> entrée ==>nom utilisateur habituel
    -------
    = Dans ANALYSE ( en forme de loupe )
    ==> Paramètres ==> sous COMMENT REAGIR==>clic sur Actions recommandées ==>Quarantaine
    ==> Clic : Analyse complète du système
    En fin de scan ( qui est assez long)
    ==> Clic Appliquer toutes les actions <== ceci Très important
    ==> Clic Sauvegarder rapport puis Enregistrer sous et choisir bureau
    -------
    En mode normal
    colle le rapport
    0
  9. I-endil Messages postés 10 Statut Membre
     
    Voila le rapport d'AVG

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 22:43:30 03/02/2008

    + Résultat de l'analyse:

    C:\Program Files\serial.dat -> Adware.Generic : Nettoyé.
    C:\Program Files\serial.zip -> Adware.Generic : Nettoyé.
    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP407\A0115312.exe -> Downloader.Agent.hvx : Nettoyé.
    :mozilla.356:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.357:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
    :mozilla.408:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.409:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.410:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.441:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.473:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.511:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.697:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.823:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    :mozilla.414:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.419:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Adbrite : Nettoyé.
    :mozilla.417:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Adengage : Nettoyé.
    :mozilla.420:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Adengage : Nettoyé.
    :mozilla.347:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.348:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
    :mozilla.46:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.49:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.52:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.53:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.54:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé.
    :mozilla.359:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    :mozilla.146:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    :mozilla.486:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.487:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.488:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.489:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.490:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.491:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.492:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
    :mozilla.796:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
    :mozilla.797:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Clickzs : Nettoyé.
    :mozilla.479:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.480:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.481:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.482:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.483:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
    :mozilla.262:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
    :mozilla.70:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    :mozilla.34:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    :mozilla.572:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
    :mozilla.10:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.11:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.12:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.13:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
    :mozilla.171:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.178:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.312:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.89:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
    :mozilla.772:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.773:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.815:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
    :mozilla.620:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.621:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
    :mozilla.104:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    :mozilla.696:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
    :mozilla.289:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.290:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    :mozilla.291:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
    :mozilla.727:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Pro-market : Nettoyé.
    :mozilla.728:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Pro-market : Nettoyé.
    :mozilla.607:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.608:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Questionmarket : Nettoyé.
    :mozilla.714:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
    :mozilla.715:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Realmedia : Nettoyé.
    :mozilla.369:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.370:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.371:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.372:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.373:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.374:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.375:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    :mozilla.382:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.383:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.384:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.385:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.386:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.387:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.388:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.389:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.390:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.391:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.392:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.393:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Sexcounter : Nettoyé.
    :mozilla.444:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.445:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.668:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Skype : Nettoyé.
    :mozilla.26:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.27:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.28:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.29:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.30:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.31:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    :mozilla.9:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
    :mozilla.223:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    :mozilla.203:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Trafic : Nettoyé.
    :mozilla.497:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
    :mozilla.67:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.68:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.69:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    :mozilla.742:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
    :mozilla.748:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Webtrends : Nettoyé.
    C:\Documents and Settings\Utilisateur\Cookies\utilisateur@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
    :mozilla.521:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.523:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
    :mozilla.804:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
    :mozilla.805:C:\Documents and Settings\Utilisateur\Application Data\Mozilla\Firefox\Profiles\p34s4nt9.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.

    Fin du rapport

    ps : Un egrand grand merci pour ce que tu fais
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    maintenant on va faire un scan en ligne

    avec bitdefender et colle le rapport

    https://www.bitdefender.com/toolbox/

    un tuto
    http://pageperso.aol.fr/rginformatique/mapage/defender.htm
    @+
    0
  11. I-endil Messages postés 10 Statut Membre
     
    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

    Detected with: Adware.NaviPromo.BYC

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0005

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)

    Update failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Detected with: Adware.NaviPromo.BYC

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Disinfection failed

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)=>lzma_solid_nsis0002

    Deleted

    C:\QooBox\Quarantine\C\WINDOWS\pack.epk.vir=>(NSIS 2g)=>lzma_solid_nsis0013=>(NSIS g)

    Update failed

    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP349\A0093375.exe=>(NSIS o)=>lzma_solid_nsis0002

    Detected with: Adware.Navipromo.BYN

    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP349\A0093375.exe=>(NSIS o)=>lzma_solid_nsis0002

    Disinfection failed

    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP349\A0093375.exe=>(NSIS o)=>lzma_solid_nsis0002

    Deleted

    C:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP349\A0093375.exe=>(NSIS o)

    Update failed

    C:\WINDOWS\mrofinu.exe.tmp

    Infected with: Trojan.Downloader.Agent.ZAU

    C:\WINDOWS\mrofinu.exe.tmp

    Deleted

    Voila
    0
  12. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour ton rapport n'est pas complet
    refais hijack stp
    @+
    0
  13. I-endil Messages postés 10 Statut Membre
     
    Voila

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 14:04:18, on 04/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\SysMonitor.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SuperCopier2\SuperCopier2.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    C:\Program Files\Skype\Plugin Manager\SkypePM.exe
    C:\WINDOWS\ehome\RMSysTry.exe
    C:\Program Files\Wireless LAN Utility\SiWake.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\System32\svchost.exe
    D:\ragnarok\AeRO\aoexe.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.2.7.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S210.tmp" /EF "HKCU"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
    O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: Acer Empowering Technology.lnk = ?
    O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Moniteur de ressources Extender.lnk = C:\WINDOWS\ehome\RMSysTry.exe
    O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  14. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    cela semble bon
    as tu encore des soucis ?
    0
  15. I-endil Messages postés 10 Statut Membre
     
    Plus de détection Trojan, merci de ton aide, cela m'a évité un formatage.
    0
  16. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Tu peux supprimer tous les logiciels que nous avons utilisés
    va dans ajout/suppression de programes et dans programmes files
    pour vérifier

    ensuite fait ceci (IMPORTANT)

    =démarrer
    =panneau de configuration
    =système
    =onglet Restauration système
    =coche la case (Désactiver la restauration système)
    =redémarre l'ordinateur
    =réactive la ensuite
    @+
    0