Highjack report suite trojan horse
bauer82
Messages postés
2
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
J'ai plusieurs Trojan hose détecté et affiché par mon antivirus avg free: Trojan horse Generic9.BCZZ et Trojan Horse Generic 9 AQNO. Il y a aussi plusieurs virus Foun Lop. A chaque Scan de l'antivirus c'est objets sont repérés et m'ouvrent pleins de pop up sur des sites déclarant mon PC instable.
Suite au conseil de Greenday je poste un raport highjack afin de soliciter votre aide pour faire disparaitre définitivement le trojan.
Par avance merci beaucoup pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:53, on 20/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\ICO.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WerCon.exe
C:\Windows\explorer.exe
C:\Program Files\The Cleaner Free\cleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG7\avgvv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JJL\AppData\Local\Temp\qopnm.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JJL\AppData\Local\Temp\jkhhe.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
J'ai plusieurs Trojan hose détecté et affiché par mon antivirus avg free: Trojan horse Generic9.BCZZ et Trojan Horse Generic 9 AQNO. Il y a aussi plusieurs virus Foun Lop. A chaque Scan de l'antivirus c'est objets sont repérés et m'ouvrent pleins de pop up sur des sites déclarant mon PC instable.
Suite au conseil de Greenday je poste un raport highjack afin de soliciter votre aide pour faire disparaitre définitivement le trojan.
Par avance merci beaucoup pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:16:53, on 20/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Windows\System32\ICO.EXE
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\WerCon.exe
C:\Windows\explorer.exe
C:\Program Files\The Cleaner Free\cleaner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG7\avgvv.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: VeriSoft Access Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Bioscrypt\VeriSoft\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\JJL\AppData\Local\Temp\qopnm.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\JJL\AppData\Local\Temp\jkhhe.dll,c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer au périphérique &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: Envoyer l'&image au périphérique Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
A voir également:
- Highjack report suite trojan horse
- Noel report bluesky - Télécharger - Communication
- Crystal report viewer - Télécharger - Gestion de données
- Crystal report download - Télécharger - Présentation
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Télécharger crystal report 8.5 gratuit - Télécharger - Divers Utilitaires
4 réponses
resalut ! :-)
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Bonsoir,
Alors comme demandé voici le rapport combo fix, sachant que j'ai aussi effectuer les tâches demander précédemment dans le post qui ont disparu et entre temps j'ai à nouveau reçu un message d'alerte de avg me disant trojan horse threat move to vault...
ComboFix 08-02-21 - JJL 2008-02-20 23:46:06.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1180 [GMT 1:00]
Endroit: C:\Users\JJL\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 22:57 --------- d-----w C:\Users\JJL\AppData\Roaming\AVG7
2008-02-20 22:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-20 20:56 --------- d-----w C:\Program Files\The Cleaner Free
2008-02-19 07:26 --------- d-----w C:\Users\JJL\AppData\Roaming\LimeWire
2008-02-17 15:56 --------- d-----w C:\Program Files\MGS FF Helper
2008-02-16 12:46 --------- d-----w C:\ProgramData\Apple Computer
2008-02-16 12:46 --------- d-----w C:\Program Files\QuickTime
2008-02-16 12:45 --------- d-----w C:\ProgramData\Apple
2008-02-16 12:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-15 23:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-15 20:55 --------- d-----w C:\ProgramData\LightScribe
2008-02-15 20:46 --------- d-----w C:\Users\JJL\AppData\Roaming\Nero
2008-02-15 20:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-15 20:43 --------- d-----w C:\ProgramData\Nero
2008-02-15 20:43 --------- d-----w C:\Program Files\Nero
2008-02-15 19:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-15 19:52 --------- d-----w C:\Program Files\Ahead
2008-02-15 19:04 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 19:04 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 19:02 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-15 18:59 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 18:59 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 18:59 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 18:59 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 18:59 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 18:59 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-15 18:59 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 18:58 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 18:58 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 18:58 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 18:58 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 18:58 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 18:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-15 18:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 18:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 18:57 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 18:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 18:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 18:57 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 18:55 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 18:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 18:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 18:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 21:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 09:07 --------- d-----w C:\Program Files\LimeWire
2008-02-04 23:38 --------- d-----w C:\Users\JJL\AppData\Roaming\.BitTornado
2008-02-04 23:38 --------- d-----w C:\ProgramData\avg7
2008-01-28 19:00 --------- d-----w C:\Users\JJL\AppData\Roaming\InstallShield
2008-01-23 22:48 --------- d-----w C:\Users\JJL\AppData\Roaming\DAEMON Tools
2008-01-22 22:54 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-22 22:42 --------- d-----w C:\Program Files\Microsoft Works
2008-01-22 22:41 --------- d-----w C:\Program Files\MSBuild
2008-01-22 22:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-22 22:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-22 22:24 --------- d-----w C:\Program Files\MagicISO
2008-01-22 22:08 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-22 21:52 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-14 18:52 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-01-14 18:52 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-01-14 18:52 --------- d-----w C:\ProgramData\Grisoft
2008-01-13 20:26 12,931 ----a-w C:\Users\JJL\AppData\Roaming\nvModes.dat
2008-01-13 20:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-13 20:22 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 20:19 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-13 20:19 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-13 20:19 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-13 19:17 --------- d-----w C:\Program Files\Java
2007-12-31 11:29 --------- d-----w C:\Program Files\BitTornado
2007-12-29 18:16 --------- d-----w C:\Program Files\ffdshow
2007-12-29 02:16 --------- d-----w C:\Users\JJL\AppData\Roaming\CyberLink
2007-12-29 02:15 --------- d-----w C:\Users\JJL\AppData\Roaming\HP
2007-12-29 02:15 --------- d-----w C:\ProgramData\HP
2007-12-27 16:02 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2007-12-27 16:01 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2007-12-27 16:01 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2007-12-27 16:01 --------- d-----w C:\Program Files\Dancing Dots
2007-12-25 22:08 174 --sha-w C:\Program Files\desktop.ini
2007-12-25 22:04 --------- d-----w C:\Program Files\Google
2007-12-25 22:03 --------- d-----w C:\Program Files\Windows Calendar
2007-12-25 21:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-25 21:56 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-25 21:56 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-25 21:56 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-25 21:56 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-25 21:56 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-25 21:55 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-25 21:55 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-12-25 21:55 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-25 21:55 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-25 21:55 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-25 21:55 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-12-25 21:55 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-25 21:55 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-25 21:55 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-12-25 21:54 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-25 21:52 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2007-12-25 21:52 13,312 ----a-w C:\Windows\system32\drivers\sffdisk.sys
2007-12-25 21:52 12,800 ----a-w C:\Windows\system32\drivers\sffp_sd.sys
2007-12-25 21:52 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-25 21:51 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 21:19 1232896]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-04 01:44 1006264]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 12:21 159744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 11:05 81920]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 17:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 10:32 49152 C:\Windows\System32\ICO.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-14 19:52 579072]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 19:52 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-14 19:52 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 17:44]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-01-14 19:52]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 13:49]
R3 pelmouse;Mouse Suite Driver;C:\Windows\system32\DRIVERS\pelmouse.sys [2006-11-03 10:33]
R3 pelusblf;USB Mouse Low Filter Driver;C:\Windows\system32\DRIVERS\pelusblf.sys [2006-11-03 10:33]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-07 10:16]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 23:57:08
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-21 23:59:50 - machine was rebooted
.
2008-02-20 18:42:04 --- E O F ---
Alors comme demandé voici le rapport combo fix, sachant que j'ai aussi effectuer les tâches demander précédemment dans le post qui ont disparu et entre temps j'ai à nouveau reçu un message d'alerte de avg me disant trojan horse threat move to vault...
ComboFix 08-02-21 - JJL 2008-02-20 23:46:06.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1180 [GMT 1:00]
Endroit: C:\Users\JJL\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.
((((((((((((((((((((((((((((( Fichiers créés 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.
Pas de nouveau fichier créé dans cet espace de temps
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 22:57 --------- d-----w C:\Users\JJL\AppData\Roaming\AVG7
2008-02-20 22:16 --------- d-----w C:\Program Files\Trend Micro
2008-02-20 20:56 --------- d-----w C:\Program Files\The Cleaner Free
2008-02-19 07:26 --------- d-----w C:\Users\JJL\AppData\Roaming\LimeWire
2008-02-17 15:56 --------- d-----w C:\Program Files\MGS FF Helper
2008-02-16 12:46 --------- d-----w C:\ProgramData\Apple Computer
2008-02-16 12:46 --------- d-----w C:\Program Files\QuickTime
2008-02-16 12:45 --------- d-----w C:\ProgramData\Apple
2008-02-16 12:45 --------- d-----w C:\Program Files\Apple Software Update
2008-02-15 23:08 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-15 20:55 --------- d-----w C:\ProgramData\LightScribe
2008-02-15 20:46 --------- d-----w C:\Users\JJL\AppData\Roaming\Nero
2008-02-15 20:45 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-15 20:43 --------- d-----w C:\ProgramData\Nero
2008-02-15 20:43 --------- d-----w C:\Program Files\Nero
2008-02-15 19:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-15 19:52 --------- d-----w C:\Program Files\Ahead
2008-02-15 19:04 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 19:04 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 19:02 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-15 18:59 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 18:59 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 18:59 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 18:59 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 18:59 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 18:59 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-15 18:59 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 18:58 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 18:58 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 18:58 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 18:58 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 18:58 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 18:58 --------- d-----w C:\ProgramData\Microsoft Help
2008-02-15 18:57 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 18:57 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 18:57 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 18:57 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 18:57 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 18:57 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 18:55 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 18:55 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 18:55 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 18:55 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-10 21:05 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 09:07 --------- d-----w C:\Program Files\LimeWire
2008-02-04 23:38 --------- d-----w C:\Users\JJL\AppData\Roaming\.BitTornado
2008-02-04 23:38 --------- d-----w C:\ProgramData\avg7
2008-01-28 19:00 --------- d-----w C:\Users\JJL\AppData\Roaming\InstallShield
2008-01-23 22:48 --------- d-----w C:\Users\JJL\AppData\Roaming\DAEMON Tools
2008-01-22 22:54 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-01-22 22:42 --------- d-----w C:\Program Files\Microsoft Works
2008-01-22 22:41 --------- d-----w C:\Program Files\MSBuild
2008-01-22 22:39 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-22 22:36 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-01-22 22:24 --------- d-----w C:\Program Files\MagicISO
2008-01-22 22:08 --------- d-----w C:\Program Files\DAEMON Tools Lite
2008-01-22 21:52 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
2008-01-14 18:52 9,216 ----a-w C:\Windows\System32\avgwlntf.dll
2008-01-14 18:52 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2008-01-14 18:52 --------- d-----w C:\ProgramData\Grisoft
2008-01-13 20:26 12,931 ----a-w C:\Users\JJL\AppData\Roaming\nvModes.dat
2008-01-13 20:22 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-13 20:22 --------- d-----w C:\Program Files\Windows Mail
2008-01-13 20:19 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-13 20:19 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-13 20:19 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-13 19:17 --------- d-----w C:\Program Files\Java
2007-12-31 11:29 --------- d-----w C:\Program Files\BitTornado
2007-12-29 18:16 --------- d-----w C:\Program Files\ffdshow
2007-12-29 02:16 --------- d-----w C:\Users\JJL\AppData\Roaming\CyberLink
2007-12-29 02:15 --------- d-----w C:\Users\JJL\AppData\Roaming\HP
2007-12-29 02:15 --------- d-----w C:\ProgramData\HP
2007-12-27 16:02 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2007-12-27 16:01 409,600 ----a-w C:\Windows\System32\wrap_oal.dll
2007-12-27 16:01 114,688 ----a-w C:\Windows\System32\OpenAL32.dll
2007-12-27 16:01 --------- d-----w C:\Program Files\Dancing Dots
2007-12-25 22:08 174 --sha-w C:\Program Files\desktop.ini
2007-12-25 22:04 --------- d-----w C:\Program Files\Google
2007-12-25 22:03 --------- d-----w C:\Program Files\Windows Calendar
2007-12-25 21:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2007-12-25 21:56 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-12-25 21:56 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-12-25 21:56 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-12-25 21:56 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2007-12-25 21:56 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-12-25 21:55 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2007-12-25 21:55 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2007-12-25 21:55 61,952 ----a-w C:\Windows\System32\cmifw.dll
2007-12-25 21:55 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2007-12-25 21:55 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2007-12-25 21:55 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2007-12-25 21:55 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2007-12-25 21:55 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2007-12-25 21:55 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2007-12-25 21:54 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2007-12-25 21:52 82,432 ----a-w C:\Windows\system32\drivers\sdbus.sys
2007-12-25 21:52 13,312 ----a-w C:\Windows\system32\drivers\sffdisk.sys
2007-12-25 21:52 12,800 ----a-w C:\Windows\system32\drivers\sffp_sd.sys
2007-12-25 21:52 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-25 21:51 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-13 21:19 1232896]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-04 01:44 1006264]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2007-03-11 12:21 159744]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-29 11:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-04-29 11:05 8429568]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-04-29 11:05 81920]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 15:37 174872]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 17:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 10:38 159744]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-03-12 10:54 50696]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 12:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 15:12 317128]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 22:11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"CognizanceTS"="c:\PROGRA~1\BIOSCR~1\VeriSoft\Bin\ASTSVCC.dll" [2003-12-22 19:12 17920]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 10:32 49152 C:\Windows\System32\ICO.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-14 19:52 579072]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-14 19:52 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-01-14 19:52 9216 C:\Windows\System32\avgwlntf.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll
R2 ASBroker;Courtier de session de connexion;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R2 ASChannel;Canal de communication local;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 17:44]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-01-14 19:52]
R3 btwaudio;Périphérique audio Bluetooth;C:\Windows\system32\drivers\btwaudio.sys [2007-01-02 11:45]
R3 btwavdt;Bluetooth AVDT;C:\Windows\system32\drivers\btwavdt.sys [2007-01-02 11:45]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [2007-01-02 11:45]
R3 NETw4v32;Pilote de carte Intel(R) Wireless WiFi Link pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw4v32.sys [2007-03-01 13:49]
R3 pelmouse;Mouse Suite Driver;C:\Windows\system32\DRIVERS\pelmouse.sys [2006-11-03 10:33]
R3 pelusblf;USB Mouse Low Filter Driver;C:\Windows\system32\DRIVERS\pelusblf.sys [2006-11-03 10:33]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2007-02-07 10:16]
S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
GPSvcGroup REG_MULTI_SZ GPSvc
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 23:57:08
Windows 6.0.6000 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\Program Files\Bioscrypt\VeriSoft\Bin\AsGHost.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Windows\system32\conime.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Windows\System32\Pelmiced.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Grisoft\AVG7\avgw.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-21 23:59:50 - machine was rebooted
.
2008-02-20 18:42:04 --- E O F ---
Salut
ok,
1) Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
Aller dans démarrer puis panneau de configuration
Double Cliquer sur l'icône Comptes d'utilisateurs
Cliquer ensuite sur désactiver et valider.
2) Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum stp
++
ok,
1) Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
Aller dans démarrer puis panneau de configuration
Double Cliquer sur l'icône Comptes d'utilisateurs
Cliquer ensuite sur désactiver et valider.
2) Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum stp
++
vas y !
je serai peu dispo
a plus