Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

[Reglé] Contaminé, Balge, impossible d'installer un antivirus

hercut

Par hercut
dans Analyses et éradication malwares

 Partager

Messages recommandés

hercut Mega Power Member

hercut

Posté(e)
  • Auteur
Posté(e)

Pour mdelk.exe, j'ai fais des recherche infructueuse ^^.

 

Deckard's System Scanner v20071014.68

Run by HercuT on 2008-01-25 00:37:55

Computer is in Normal Mode.

--------------------------------------------------------------------------------

 

System Drive C: has 6.81 GiB (less than 15%) free.

 

 

-- HijackThis (run as HercuT.exe) ----------------------------------------------

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:37, on 2008-01-25

Platform: Windows Vista (WinNT 6.00.1904)

MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Boot mode: Normal

 

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Windows Defender\MSASCui.exe

C:\Program Files\ImageShack\QuickShot\QuickShot.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Launchy\Launchy.exe

C:\Program Files\Teamspeak2_RC2\server_windows.exe

C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\UltraVNC\winvnc.exe

C:\Windows\system32\conime.exe

C:\Program Files\iTunes\iTunes.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe

C:\Program Files\Windows Media Player\wmplayer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\HercuT\Desktop\dss.exe

C:\PROGRA~1\TRENDM~1\HIJACK~1\HercuT.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:4001

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [imageShackUtil] C:\Program Files\ImageShack\QuickShot\QuickShot.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silent

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [Zeb-Fix_] C:\gof\FixHercut.exe Resume:16 (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [Zeb-Fix_] C:\gof\FixHercut.exe Resume:16 (User 'Default user')

O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe

O4 - Global Startup: Serveur UltraVNC (2).lnk = C:\Program Files\UltraVNC\winvnc.exe

O4 - Global Startup: TeamSpeak 2 Server.lnk = C:\Program Files\Teamspeak2_RC2\server_windows.exe

O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm

O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm

O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: Correcteur - {F7C8E5F6-B6D1-45db-8D91-2BCFA5DF11A9} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote K - IE 7.htm (HKCU)

O9 - Extra button: Dictionnaires - {F9B969E8-58D0-4dd9-AC8A-EE2336FF8F65} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote D - IE 7.htm (HKCU)

O9 - Extra button: Guides - {FA089E36-3F1B-4c51-9A1A-C4E7012483AF} - C:\Program Files\Druide\Antidote\Internet Explorer\7\Antidote G - IE 7.htm (HKCU)

O13 - Gopher Prefix:

O15 - Trusted Zone: http://www.bitdefender.fr

O15 - Trusted Zone: http://www.secuser.com

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: a-squared Free Service (a2free) - - (no file)

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Google Desktop Manager 5.7.712.18632 (GoogleDesktopManager-121807-210419) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

 

--

End of file - 9578 bytes

 

-- Files created between 2007-12-25 and 2008-01-25 -----------------------------

 

2008-01-25 00:36:20 0 drahs---- C:\autorun.inf

2008-01-23 13:22:35 0 d-------- C:\gof

2008-01-19 20:04:49 0 d-------- C:\Program Files\iPod

2008-01-19 20:04:41 0 d-------- C:\Program Files\iTunes

2008-01-16 21:46:10 0 d-------- C:\Users\All Users\Avira

2008-01-16 21:46:10 0 d-------- C:\Program Files\Avira

2008-01-16 20:56:54 0 d-------- C:\Users\HercuT\.housecall6.6

2008-01-16 10:53:02 0 d-------- C:\Program Files\Trend Micro

2008-01-15 18:41:45 0 d-------- C:\Windows\ClamWin Portable

2008-01-15 18:40:19 0 d-------- C:\Program Files\ClamWin

2008-01-15 18:40:19 0 d-------- C:\.clamwin

2008-01-14 21:26:57 0 d-------- C:\Program Files\Western Digital Technologies

2008-01-14 08:26:35 20121632 --ahs---- C:\Windows\system32\drivers\fidbox.dat

2008-01-14 08:24:56 0 d-------- C:\kav

2008-01-12 20:30:34 1722 --a------ C:\Windows\system32\tmp.reg

2008-01-12 19:32:02 0 d-------- C:\!KillBox

2008-01-12 02:02:59 0 d-------- C:\Program Files\Windows Live Safety Center

2008-01-12 02:02:19 0 d-------- C:\Program Files\CCleaner

2008-01-12 01:54:22 0 d-------- C:\Program Files\uTIPu

2008-01-08 23:50:22 26 --a------ C:\Windows\SW_Win2000X16.DLL

2008-01-08 23:49:47 79 --a------ C:\Windows\SW_Win2000X1.DLL

2008-01-08 02:13:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller

2008-01-08 02:12:59 0 d-------- C:\Program Files\Windows Live

2008-01-08 02:10:02 0 d-------- C:\Users\All Users\WLInstaller

2008-01-08 01:33:59 0 d-------- C:\vcs5BGEffects

2008-01-08 01:33:55 0 d-------- C:\vcs5core

2008-01-08 01:33:55 0 d-------- C:\AV_LOGS

2008-01-05 19:04:53 0 d-------- C:\Windows\system32\Data

2008-01-05 19:04:52 0 d-------- C:\Program Files\Creative

2008-01-04 00:53:41 0 d-------- C:\Program Files\BankPerfect

2008-01-04 00:43:24 0 d-------- C:\Program Files\MaxiCompte

 

 

-- Find3M Report ---------------------------------------------------------------

 

2008-01-25 00:34:46 0 d-------- C:\Users\HercuT\AppData\Roaming\Adobe

2008-01-24 15:37:13 0 d-------- C:\Program Files\Steam

2008-01-24 13:09:10 12 --a------ C:\Windows\bthservsdp.dat

2008-01-19 20:03:19 0 d-------- C:\Program Files\QuickTime

2008-01-18 11:00:50 0 d-------- C:\Users\HercuT\AppData\Roaming\Launchy

2008-01-16 14:17:06 0 d-------- C:\Program Files\7-Zip

2008-01-16 14:07:31 0 d-------- C:\Users\HercuT\AppData\Roaming\FileZilla

2008-01-16 14:05:33 0 d-------- C:\Program Files\FileZilla Client

2008-01-16 13:48:22 0 d-------- C:\Users\HercuT\AppData\Roaming\OpenOffice.org2

2008-01-16 00:13:03 0 d-------- C:\Program Files\MSN Messenger

2008-01-14 21:29:54 693350 --a------ C:\Windows\system32\perfh00C.dat

2008-01-14 21:29:54 118244 --a------ C:\Windows\system32\perfc00C.dat

2008-01-12 19:30:51 0 d-------- C:\Program Files\Teamspeak2_RC2

2008-01-12 17:33:14 0 d-------- C:\Program Files\xmplay

2008-01-12 12:07:41 0 d-------- C:\Program Files\a-squared Free

2008-01-12 11:19:09 0 d-------- C:\Program Files\Common Files\Steam

2008-01-12 00:05:22 0 d---s---- C:\Program Files\HLSW

2008-01-11 18:55:49 0 d-------- C:\Users\HercuT\AppData\Roaming\XnView

2008-01-09 11:43:38 0 d-------- C:\Program Files\Windows Mail

2008-01-09 08:51:13 0 d-------- C:\Program Files\Windows Sidebar

2008-01-08 09:12:12 0 d-------- C:\Users\HercuT\AppData\Roaming\Weezo

2008-01-08 02:20:40 0 d-------- C:\Program Files\Notepad++

2008-01-08 02:13:24 0 d-------- C:\Program Files\Common Files

2008-01-08 02:08:32 0 d-------- C:\Program Files\XnView

2008-01-08 02:02:46 0 d-------- C:\Program Files\Picasa2

2008-01-07 22:32:39 0 d-------- C:\Users\HercuT\AppData\Roaming\Ventrilo

2008-01-07 14:32:15 0 d-------- C:\Program Files\UltraVNC

2008-01-05 19:04:38 0 d--h----- C:\Program Files\InstallShield Installation Information

2008-01-04 10:00:08 0 d-------- C:\Program Files\EsetOnlineScanner

2008-01-03 01:07:10 0 d-------- C:\Program Files\Launchy

2007-12-16 18:35:56 0 d-------- C:\Program Files\DivX

2007-12-15 14:38:45 0 d-------- C:\Program Files\FlashGet

2007-12-15 14:38:12 0 d-------- C:\Users\HercuT\AppData\Roaming\FlashGet

2007-12-10 19:30:03 0 d-------- C:\Program Files\WinSCP

2007-12-09 15:41:10 0 d-------- C:\Users\HercuT\AppData\Roaming\Google

2007-12-09 12:48:39 0 d-------- C:\Program Files\Google

2007-12-09 11:44:08 0 d-------- C:\Program Files\PrintFolder

2007-12-09 01:00:43 0 d-------- C:\Users\HercuT\AppData\Roaming\uTorrent

2007-12-07 10:12:59 0 d-------- C:\Program Files\uTorrent

2007-12-07 01:57:13 0 d-------- C:\Users\HercuT\AppData\Roaming\Voxmobili

2007-12-07 01:56:23 0 d-------- C:\Program Files\Orange

2007-12-05 23:51:08 0 d-------- C:\Program Files\Common Files\InstallShield

2007-12-05 23:47:53 0 d-------- C:\Program Files\ASUS

2007-12-05 21:50:51 0 d-------- C:\Program Files\Intel

2007-12-05 21:44:08 0 d-------- C:\Program Files\ma-config.com

2007-12-05 21:44:07 0 d-------- C:\Users\HercuT\AppData\Roaming\ma-config.com

2007-12-02 23:55:48 0 d-------- C:\Program Files\Common Files\Adobe

2007-12-02 12:56:45 0 d-------- C:\Users\HercuT\AppData\Roaming\Apple Computer

2007-12-01 15:06:37 0 d-------- C:\Program Files\The GodFather

2007-12-01 14:56:56 0 d-------- C:\Program Files\TagScanner

2007-11-30 17:19:38 0 d-------- C:\Program Files\Apple Software Update

2007-11-30 17:18:16 0 d-------- C:\Program Files\Common Files\Apple

2007-11-29 18:47:42 0 d-------- C:\Program Files\Nokia

2007-11-28 20:29:02 0 d-------- C:\Users\HercuT\AppData\Roaming\NSeries

2007-11-28 20:26:42 0 d-------- C:\Users\HercuT\AppData\Roaming\Nokia

2007-11-28 20:17:33 0 d-------- C:\Users\HercuT\AppData\Roaming\PC Suite

2007-11-28 13:32:08 0 d-------- C:\Program Files\PC Connectivity Solution

2007-11-26 08:23:59 0 d-------- C:\Program Files\SuperCopier2

2007-10-28 20:20:48 1025 --a------ C:\Windows\system32\sysprs7.dll

2007-10-28 20:20:48 73 --a------ C:\Windows\system32\ssprs.dll

2007-10-28 20:20:48 205 --a------ C:\Windows\system32\lsprst7.dll

2007-10-28 20:20:48 1025 --a------ C:\Windows\system32\clauth2.dll

2007-10-28 20:20:48 1025 --a------ C:\Windows\system32\clauth1.dll

 

 

-- Registry Dump ---------------------------------------------------------------

 

*Note* empty entries & legit default entries are not shown

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-12 01:20]

"ImageShackUtil"="C:\Program Files\ImageShack\QuickShot\QuickShot.exe" [2006-04-29 23:42]

"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 21:28]

"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 21:28]

"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 21:28]

"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-08 02:07]

"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27]

"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22]

"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-24 16:00]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files\steam\steam.exe" [2007-11-30 12:56]

"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-11-06 15:03]

"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 22:18]

 

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]

"Zeb-Fix_"=C:\gof\FixHercut.exe Resume:16

 

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Launchy.lnk - C:\Program Files\Launchy\Launchy.exe [2007-09-12 02:15:15]

Serveur UltraVNC (2).lnk - C:\Program Files\UltraVNC\winvnc.exe [2007-09-13 00:51:34]

TeamSpeak 2 Server.lnk - C:\Program Files\Teamspeak2_RC2\server_windows.exe [2007-09-12 11:35:56]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"appinit_dlls"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]

@="Service"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

@="Driver"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

@="Volume shadow copy"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

@="IEEE 1394 Bus host controllers"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

@="SBP2 IEEE 1394 Devices"

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

@="SecurityDevices"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk

backup=C:\Windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Lancement rapide d'Adobe Acrobat.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Lancement rapide d'Adobe Acrobat.lnk

backup=C:\Windows\pss\Lancement rapide d'Adobe Acrobat.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logiciel de Synchronisation Orange.lnk]

path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logiciel de Synchronisation Orange.lnk

backup=C:\Windows\pss\Logiciel de Synchronisation Orange.lnk.CommonStartup

backupExtension=.CommonStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^HercuT^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.2.lnk]

path=C:\Users\HercuT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk

backup=C:\Windows\pss\OpenOffice.org 2.2.lnk.Startup

backupExtension=.Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AAWTray]

C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]

"C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]

C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eyeBeam SIP Client]

"C:\Program Files\CounterPath\X-Lite\x-lite.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gestionnaire Antidote.exe]

C:\Program Files\Druide\Antidote\Gestionnaire Antidote.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]

"C:\Program Files\Gizmo Project\Gizmo.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

"C:\Program Files\iTunes\iTunesHelper.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LGDCore]

"C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]

C:\Program Files\Picasa2\PicasaMediaDetector.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

"C:\Program Files\QuickTime\QTTask.exe" -atboottime

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

"C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

"C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

"C:\Program Files\Unlocker\UnlockerAssistant.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]

"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]

"C:\Program Files\Winamp\winampa.exe"

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]

%windir%\WindowsMobile\wmdc.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

WindowsMobile wcescomm rapimgr

LocalServiceRestricted WcesComm RapiMgr

bthsvcs BthServ

 

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22622b36-754d-11dc-9065-0017312289b4}]

AutoRun\command- K:\Autorun.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{91cd67ce-a635-11dc-8f0b-0017312289b4}]

AutoRun\command- L:\RavMon.exe

explore\Command- L:\RavMon.exe -e

open\Command- L:\RavMon.exe

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b44850a3-6807-11dc-9ac5-0017312289b4}]

AutoRun\command- C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Boot.exe e

Open\command- Boot.exe e

 

*Newly Created Service* - AVGIO

*Newly Created Service* - AVGNTFLT

*Newly Created Service* - AVIPBB

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]

C:\Windows\system32\unregmp2.exe /ShowWMP

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]

%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

 

 

 

-- End of Deckard's System Scanner: finished at 2008-01-25 00:38:23 ------------

 

 

 

Voila, Merci vraiment, de ton aide.

En espérant que ca soit clean, et que j'ai plus rien.

 

Pour le pc tout semble allé pour le mieux j'ai mit antivir qui s'est installé sans souci.

 

Encore merci si tout est fini.

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Re Hercut :P

 

Oui, FlashDisinfector ne génère pas de rapports, mais supprime les autorun.inf infectieux pour les remplacer par un "sain". Tu peux lire ce sujet pour voir de quoi il s'agit. Pour ton deuxième pc, créé un nouveau sujet, ce sera plus facile pour tout le monde :P

 

Pour ton PC sous Vista. Maintenant que tu as pu installer Antivir, assure toi qu'il soit à jou et correctement configuré. Puis Lance une analyse complète de ton système. Communique moi le rapport à l'issue. On n'a pas tout à fait fini encore, il y a quelques restes après à traiter (fichiers et registre), et les outils à désinstaller s'il est confirmé que l'on a rien oublié.

 

A bientôt.

hercut Mega Power Member

hercut

Posté(e)
  • Auteur
Posté(e)

Voila se fut long car j'ai scan tout mes HD...

 

AntiVir PersonalEdition Classic

Report file date: samedi 26 janvier 2008 15:03

 

Scanning for 1070348 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows Vista

Windows version: (plain) [6.0.6000]

Username: SYSTEM

Computer name: PC-DE-HERCUT

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:00:35

ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 14:58:23

ANTIVIR3.VDF : 7.0.2.50 2048 Bytes 25/01/2008 14:58:23

AVEWIN32.DLL : 7.6.0.56 3215872 Bytes 26/01/2008 13:58:30

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.6.0.3 360488 Bytes 24/01/2008 15:00:35

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: P:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: samedi 26 janvier 2008 15:03

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned

Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'server_windows.exe' - '1' Module(s) have been scanned

Scan process 'winvnc.exe' - '1' Module(s) have been scanned

Scan process 'Launchy.exe' - '1' Module(s) have been scanned

Scan process 'PicasaMediaDetector.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'LogMeInSystray.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'QuickShot.exe' - '1' Module(s) have been scanned

Scan process 'MSASCui.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'ramaint.exe' - '1' Module(s) have been scanned

Scan process 'LogMeIn.exe' - '1' Module(s) have been scanned

Scan process 'msiexec.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SLsvc.exe' - '1' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

58 processes with 58 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'E:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] No virus was found!

Boot sector 'H:\'

[NOTE] No virus was found!

Boot sector 'P:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '16' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\$Recycle.Bin\S-1-5-21-11703961-164064394-2157259392-1000\$R2GUNNM.zip

[0] Archive type: ZIP

--> srosa.sys

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

[iNFO] The file was deleted!

C:\Windows\System32\drivers\sptd.sys

[WARNING] The file could not be opened!

Begin scan in 'D:\'

D:\A EFFACER\system32:lzx32.sys

[DETECTION] Is the Trojan horse TR/Rootkit.Gen

[iNFO] The file was deleted!

Begin scan in 'E:\' <HercuT>

E:\!! Bureau-XP\## Entretiens\SmitfraudFix.exe

[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.27

[WARNING] The file was ignored!

Begin scan in 'F:\' <HprodE>

Begin scan in 'G:\' <FrProduction>

Begin scan in 'H:\' <FrProde>

Begin scan in 'P:\' <HD HERCUT>

P:\Boot.exe

[DETECTION] Is the Trojan horse TR/Ciador.VB.A

[iNFO] The file was deleted!

 

 

End of the scan: samedi 26 janvier 2008 17:51

Used time: 2:47:50 min

 

The scan has been done completely.

 

29450 Scanning directories

1054961 Files were scanned

4 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

3 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

3 Files cannot be scanned

1054957 Files not concerned

9134 Archives were scanned

4 Warnings

29 Notes

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour hercut :P

 

Bien Antivir a traité quelques "archives" de fichiers infectieux, rien de grave. Je vais te faire procéder à la désinstallation des outils et te faire réaliser une analyse en ligne de confirmation à l'issue. Pour chacune des commandes à exécuter, effectue toujours "exécuter en tant qu'administrateur".

 

  • Supprime ELIBAGLA.exe et ses rapports sous C:\InfoSat.txt
  • Rends toi dans ton répertoire windows, trouve et exécute gmer_uninstall.cmd
    Supprime l'archive gmer.zip que tavais précédemment téléchargée.
  • Rends toi dans ton menu démarrer> Exécuter et copie colle: ComboFix /u
    Assure toi que le répertoire c:\qoobox ait bien été supprimé, sinon supprime le.
  • Tu peux supprimer Diaghelp.zip et le répertoire dans lequel tu l'as décompressé (sur ton bureau). Vérifie que les fichiers se trouvant normalement sous C:\ ne soient pas présents, sinon supprime les : Diff.exe, grep.exe, ntbtlog_check.txt, et reboot.cmd.
  • Supprime l'exécutable OTMoveIt et le répertoire : C:\_OTMoveIt
  • Supprime FixHercut.exe
  • Supprime le répertoire c:\Gof
  • Supprime l'exécutable Flash_Disinfector.exe
  • Désinstalle :
      • Java 6 Update 2
        Java SE Runtime Environment 6

  • Vide ta corbeille

 

Télécharge ATF Cleaner par Atribune.

  • Double-clique ATF-Cleaner.exe afin de lancer le programme.

  • Pour internet explorer
    Sous l'onglet Main, choisis : Select All
    Clique sur le bouton Empty Selected

  • Pour Firefox (si présents sur le système, idem pour Opera)
    Sous l'onglet Firefox, choisis : Select All
    Clique le bouton Empty Selected
    NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

  • Clique Exit, du menu prinicipal, afin de fermer le programme.

Refais une analyse en ligne Kaspersky et joins moi le rapport avec un nouveau HijackThis. A bientôt :P

  • Modérateurs
Gof Devil Member !

Gof

Posté(e)
  • Modérateurs
Posté(e)

Bonjour Hercut :P

 

Le rapport Kaspersky est propre. :P

 

Esque je peux faire une restauration, car j'ai encore des osucit avec le controle de compte de vista, et ca commence a me lacer?

 

As-tu suivi mes consignes précédentes, ou m'attendais tu avant de les appliquer (je pense à la suppression des points de restauration infectés) ? Si tu les as appliquées, tu n'as lus de points de restauration antérieurs à la réactivation de celle-ci. Si tu nes les as pas appliqué, tu dois les avoir encore, mais infecté par Bagle. Il vaut donc mieux éviter de restaurer.

 

Raconte moi par le détail les soucis d'UAC qui persistent.

hercut Mega Power Member

hercut

Posté(e)
  • Auteur
Posté(e)

Oui jai vu que les point de restoration n'etais plus la.

 

Pour UAC, et bien elle me block tout, comme par exemple hier j'ai essaye de retaguer des mp3 j'ai du passer par le clique droit ouvrie en admin.

 

Des que je suprime un fichier UAC interviens, et pas moyen de le desactivé, surment dans les processus...

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...