Dernier recours avant la dépression !!!

[TheGrail]

J'ai fais la procédure voici le log en espérant en venir à bout !!!

 

"Silent Runners.vbs", revision 37, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"Default" = (no data)

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"paint.exe" = "shnlog.exe" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"MediaFace Integration" = "C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" ["Fellowes, Inc."]

"zSPGuard" = "c:\program files\pjw\spguard\spguard.exe /s /r " ["Piotr J. Walczak"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}" = "MediaFace extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]

 

 

Enabled Active Desktop and Wallpaper:

-------------------------------------

 

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Active Desktop web content:

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"FriendlyName" = "Security v2"

"Source" = "C:\WINDOWS\desktop.html"

"SubscribedURL" = ""

 

 

 

Startup items in "Jonathan Boyer" & "All Users" startup folders:

----------------------------------------------------------------

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"Picture Package Menu" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe" ["Sony Corporation"]

"Picture Package VCD Maker" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h" ["Sony Corporation."]

"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]

"SpySubtract" -> shortcut to: "C:\Program Files\interMute\SpySubtract\SpySub.exe -autostart" ["InterMute, Inc."]

 

 

Enabled Scheduled Tasks:

------------------------

 

"HP DArC Task #Hewlett-Packard#hp psc 1300 series#1078365060" -> launches: "C:\Program Files\HP\hpcoretech\comp\hpdarc.exe /#Hewlett-Packard#hp psc 1300 series#1078365060" ["Hewlett-Packard Company"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

[chercheur]

Bonjour,

 

Le rapport n'est pas complet, tu n'as pas assez attendu.

 

Il manque une partie. et tout à la fin du rapport, tu doit avoir ceci

This report excludes default entries except where indicated.

To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter

[TheGrail]

Oups désolé j'étais trop pressé d'en finir Voici le rapport complet

 

 

 

"Silent Runners.vbs", revision 37, http://www.silentrunners.org/

Operating System: Windows XP

Output limited to non-default values, except where indicated by "{++}"

 

 

Startup items buried in registry:

---------------------------------

 

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"CTFMON.EXE" = "C:\WINDOWS\System32\ctfmon.exe" [MS]

"Default" = (no data)

"McAfee.InstantUpdate.Monitor" = ""C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR" ["Network Associates, Inc."]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}

"paint.exe" = "shnlog.exe" [file not found]

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}

"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]

"HP Component Manager" = ""C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"" ["Hewlett-Packard Company"]

"Zone Labs Client" = ""C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"" ["Zone Labs Inc."]

"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]

"NvMediaCenter" = "RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit" [MS]

"NeroFilterCheck" = "C:\WINDOWS\system32\NeroCheck.exe" ["Ahead Software Gmbh"]

"MediaFace Integration" = "C:\Program Files\Fellowes\MediaFACE 4.0\SetHook.exe" ["Fellowes, Inc."]

"zSPGuard" = "c:\program files\pjw\spguard\spguard.exe /s /r " ["Piotr J. Walczak"]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\

"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"

-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]

"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]

"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]

"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office10\msohev.dll" [MS]

"{52B87208-9CCF-42C9-B88E-069281105805}" = "Trojan Remover Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1\Trshlex.dll" [file not found]

"{A70C977A-BF00-412C-90B7-034C51DA2439}" = "NvCpl DesktopContext Class"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{FFB699E0-306A-11d3-8BD1-00104B6F7516}" = "Play on my TV helper"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvcpl.dll" ["NVIDIA Corporation"]

"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{1E9B04FB-F9E5-4718-997B-B8DA88302A48}" = "nView Desktop Context Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]

"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]

"{6E3C607A-B99C-4FA8-98F5-1AC1ADF7F5B9}" = "MediaFace extension"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Fellowes\MediaFACE 4.0\MFShlExt.dll" ["Fellowes, Inc."]

"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"

-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]

"{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\

INFECTION WARNING! "{FA010552-4A27-4cb1-A1BB-3E2D697F1639}" = "SpySubtract Shell Extension"

-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\interMute\SpySubtract\sshook.dll" ["InterMute, Inc."]

 

 

Enabled Active Desktop and Wallpaper:

-------------------------------------

 

Active Desktop is enabled at this entry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

 

Active Desktop web content:

 

HKCU\Software\Microsoft\Internet Explorer\Desktop\Components\1\

"FriendlyName" = "Security v2"

"Source" = "C:\WINDOWS\desktop.html"

"SubscribedURL" = ""

 

 

 

Startup items in "Jonathan Boyer" & "All Users" startup folders:

----------------------------------------------------------------

 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]

"Picture Package Menu" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe" ["Sony Corporation"]

"Picture Package VCD Maker" -> shortcut to: "C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe -h" ["Sony Corporation."]

"Rappels du Calendrier Microsoft Works" -> shortcut to: "C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe" ["Microsoft® Corporation"]

"SpySubtract" -> shortcut to: "C:\Program Files\interMute\SpySubtract\SpySub.exe -autostart" ["InterMute, Inc."]

 

 

Enabled Scheduled Tasks:

------------------------

 

"HP DArC Task #Hewlett-Packard#hp psc 1300 series#1078365060" -> launches: "C:\Program Files\HP\hpcoretech\comp\hpdarc.exe /#Hewlett-Packard#hp psc 1300 series#1078365060" ["Hewlett-Packard Company"]

 

 

Winsock2 Service Provider DLLs:

-------------------------------

 

Namespace Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}

000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]

000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

 

Transport Service Providers

 

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}

0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:

%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 13

%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

 

 

Toolbars, Explorer Bars, Extensions:

------------------------------------

 

Toolbars

 

HKLM\Software\Microsoft\Internet Explorer\Toolbar\

"{ACB1E670-3217-45C4-A021-6B829A8A27CB}"

-> {CLSID}\(Default) = "McAfee VirusScan"

-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll" ["Network Associates, Inc."]

 

 

Running Services (Display Name, Service Name, Path {Service DLL}):

------------------------------------------------------------------

 

Diskeeper, Diskeeper, "C:\Program Files\Executive Software\Diskeeper\DkService.exe" ["Executive Software International, Inc."]

NVIDIA Display Driver Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]

TrueVector Internet Monitor, vsmon, "C:\WINDOWS\system32\ZONELABS\vsmon.exe -service" ["Zone Labs Inc."]

Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]

 

 

----------

This report excludes default entries except where indicated.

To see *everywhere* the script checks and *everything* it finds,

launch it from a command prompt or a shortcut with the -all parameter.

----------

[chercheur]

Bonsoir,

 

Si tu n'as plus PocketKillBox, retélécharge le.

 

1 Ouvre le Bloc-note et copie-colle les lignes entre --- ci-dessous (y compris la ligne vide à la fin)

-------------------------------------------------------------------------------------

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"NoDispAppearancePage"=-

"Wallpaper"=-

"WallpaperStyle"=-

"NoDispBackgroundPage"=-

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

"NoActiveDesktopChanges"=-

 

[HKEY_CURRENT_USER\Control Panel\Desktop]

"Wallpaper"=-

"WallpaperStyle"=-

 

[HKEY_CURRENT_USER\Control Panel\Colors]

"Background"="0 78 152"

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]

"notepad.exe"=-

"notepad2.exe"=-

"winlogon.exe"=-

"paint.exe"=-

 

[-HKEY_CLASSES_ROOT\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]

 

[-HKEY_CLASSES_ROOT\CLSID\VMHomepage]

 

[-HKEY_CLASSES_ROOT\CLSID\VMHomepage.1]

 

[-HKEY_CLASSES_ROOT\Interface\{1E1B2878-88FF-11D2-8D96-D7ACAC95951F}]

 

[-HKEY_CLASSES_ROOT\TypeLib\{1E1B286C-88FF-11D2-8D96-D7ACAC95951F}]

 

[-HKEY_CLASSES_ROOT\VMHomepage]

 

[-HKEY_CLASSES_ROOT\VMHomepage.1]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objecta]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\run]

 

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S]

 

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S]

 

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\r]

 

[-HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFA}]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]

"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

"CustomizeSearch"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm"

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Default_Search_URL"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main]

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Bar"="Search Bar"="http://search.msn.com/intl/searchpane/en-au/prov2.htm"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

""="http://home.microsoft.com/access/autosearch.asp?p=%s"

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\main]

"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"

"Search Bar"="http://search.msn.com/spbasic.htm"

"Use Custom Search URL"= dword:00000000

 

--------------------------------------------------------------------------------------

Enregistre ce fichier sur ton bureau (Nom du fichier : "fixme.reg" -sans inclure les guillemets- ; Type : Tous les fichiers).

 

IMPORTANT:

A partir de maintenant, tu fais toutes les corrections HORS CONNEXION. Imprime cette page.

 

2 Double-clique sur fixme.reg et clique sur Oui lorsqu'on te demande confirmation pour Fusionner.

Lorsque tu reçois un message du bon déroulement, supprime le fichier fixme.reg.

 

3 Lance PocketKillBox, coche la case "Delete on reboot".

 

Colle tout le contenu du fichier suivant dans un fichier .texte que tu nommeras CODE.

Ensuite tu fais Ctrl-A pour sélectionner tout le texte, Ctrl-C pour le copier dans le presse papier.

C:\wp.exe

C:\wp.bmp

C:\bsw.exe

C:\Windows\sites.ini

C:\Windows\popuper.exe

C:\Windows\System32\helper.exe

C:\Windows\System32\intmonp.exe

C:\Windows\System32\msmsgs.exe

C:\Windows\System32\ole32vbs.exe

C:\Windows\system32\msole32.exe

C:\WINDOWS\system32\hp5C4A.tmp

C:\WINDOWS\System32\shnlog.exe

C:\WINDOWS\System32\intmon.exe

Sur PocketKillBox-->File-->Paste from Clipboard, tu cliques ensuite sur la croix rouge

Au deux messages qui vont s'afficher,tu réponds par "YES"

 

4 Lance et exécute CleanUp!

 

5 Reposte un nouveau rapport hijackthis.

 

6 Fais une analyse antivirus en ligne sur Panda

http://www.pandasoftware.com/activescan/co...n_principal.htm

Colle aussi son rapport ici.

 

N'oublie pas les mises à jour.

Pour Windows

Pack SP1

http://www.microsoft.com/france/WINDOWS/xp...P1Commande.html

ou mieux, Pack SP2

http://www.microsoft.com/france/windows/xp/sp2/default.mspx

 

Pour Internet Explorer

http://www.microsoft.com/windows/ie_intl/f...ad/default.mspx

 

Cela permettra de corriger de nombreuses failles de sécurité