Bonjour,
J'ai je pense un spyware qui ouvre une popup de façon intempestive en bas à droite avec le message "your computer is infected". Si je clique sur la popup cela m'envoit ver sle site Spyware Quake.
Comment me débarasser de ce truc?

Je vous poste mon rapport Hijackthis

Merci

Logfile of HijackThis v1.99.1
Scan saved at 02:42:58, on 29/09/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Permeo\e-Border Driver\nbproxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mnmsrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Intoan\Agent\IntoanAgent.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Permeo\e-Border Driver\ebicon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Philips ToUcam Camera\VProperty.exe
C:\WINDOWS\CTRegRun.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Creative\Enregistrement du produit\French\InetReg.exe
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
C:\Program Files\SpyQuake2.com\Spy-Quake2.exe
D:\Download\HijackThis-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.searchgateway.net/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aliceadsl.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fr.capgemini.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.aliceadsl.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.searchgateway.net/search/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.aliceadsl.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fr.capgemini.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.48.132.12:6588
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O1 - Hosts: 194.2.93.52 esm01
O1 - Hosts: 159.173.226.175 dm_smh03 dm_smh03.frsmh.rm.corp.local # Modular Data Router L700 Networker
O1 - Hosts: 159.173.226.176 dm_smh04 dm_smh04.frsmh.rm.corp.local # Modular Data Router L700 Netbackup
O1 - Hosts: 159.173.226.177 dm_smh01 dm_smh01.frsmh.rm.corp.local # Modular Data Router TL892
O1 - Hosts: 146.249.251.5 sapd4x
O1 - Hosts: 146.249.251.6 sapdm2
O1 - Hosts: 146.249.251.12 sapadmp1
O1 - Hosts: 146.249.251.13 sapcom
O1 - Hosts: 146.249.251.14 sapadmin
O1 - Hosts: 146.249.251.70 sapp22
O1 - Hosts: 146.249.251.78 sapiw1 # serveur d integration BW RM
O1 - Hosts: 146.249.251.83 sapdw1
O1 - Hosts: 146.249.251.87 sapbw1
O1 - Hosts: 146.249.251.88 sappw1 # serveur de prod BW RM
O1 - Hosts: 146.249.251.94 saptld02
O1 - Hosts: 146.249.251.100 sapd24
O1 - Hosts: 146.249.251.107 sapp2201 # Ajout temporaire pour J-J DEVAUD
O1 - Hosts: 146.249.251.115 sappw101
O1 - Hosts: 146.249.251.116 sappw102
O1 - Hosts: 147.204.2.5 sapserv3 # serveur OSS walldorf
O1 - Hosts: 146.249.254.90 rs1.total.com # Serveur de temps PLD
O1 - Hosts: 146.249.254.91 rs2.total.com # Serveur de temps PLD
O1 - Hosts: 146.249.251.33 ecomprd1 # adresse physique No 1 TOTAL EDI
O1 - Hosts: 146.249.251.34 ecomprd1 # adresse physique No 2 TOTAL EDI
O1 - Hosts: 146.249.251.36 ecomedi # adresse logique du cluster TOTAL EDI
O1 - Hosts: 146.249.251.46 ecomedi2
O1 - Hosts: 159.173.24.5 TF-PLD06
O1 - Hosts: 159.173.58.11 gie_anac1 # GIE ANAC LYON (348200) pour PART CFT
O1 - Hosts: 159.173.58.12 gie_anac2 # GIE ANAC LYON (348200) pour PART CFT BACKUP
O1 - Hosts: 159.173.58.15 sf-anac03 # GIE ANAC LYON partenaire CFT.
O1 - Hosts: 159.173.45.155 gf_ese03 GF_ESE03 # Server NT 3.51 Admon (JEGGE Tel 3811).
O1 - Hosts: 195.25.232.74 xpedite # Serveur SUN XPEDITE gestion fax (CONCERTO)
O1 - Hosts: 159.173.21.132 sf_pld50 # win nt MARILINE
O1 - Hosts: 159.173.22.5 sf_pld34 # winnt micro soute.
O1 - Hosts: 159.173.20.15 df_pld02 # Modle Escala MT 201 - Dvt SEC
O1 - Hosts: 159.173.20.29 sf-pld21 sdm-serv # Escala S120 - Backup SDM
O1 - Hosts: 159.173.20.30 sf_pld21 # Mod C10 - Serveur Sectoriel Medissys/Jupiter/Supply
O1 - Hosts: 159.173.226.13 pf_smh20 # papyrus.
O1 - Hosts: 159.173.226.22 pf_smh04 PF_SMH04 pf_smh04.eaf.elf-antar.fr # PRIMVR
O1 - Hosts: 159.173.226.46 rf_smh05_e # BL1 BCL
O1 - Hosts: 159.173.226.63 du41387 # pc surveillance reseau.
O1 - Hosts: 159.173.226.140 nv_serv # ControlM
O1 - Hosts: 159.173.226.144 giga_serv # Test Giga Ethernet ASE (pf_smh02/pf_smh03).
O1 - Hosts: 159.173.226.210 # concentrateur dec (ES40 Arche).
O1 - Hosts: 159.173.226.220 # concentrateur dec (ES40 Arche).
O1 - Hosts: 159.173.244.53 ff_pld02 ff-pld02 # Proxy Elf.
O1 - Hosts: 159.173.32.231 af_smh07 # Surveillance Multia station X
O1 - Hosts: 159.173.32.232 af_smh08 # Surveillance Multia station X
O1 - Hosts: 159.173.33.132 pf_smh16_e # DIL RIL
O1 - Hosts: 159.173.33.136 pf_smh11_e # PIL
O1 - Hosts: 159.173.33.145 rf_smh10_e # DL1 RL1
O1 - Hosts: 159.173.33.147 df_smh01 # Comelf
O1 - Hosts: 159.173.44.18 sf_smh15 # NT Cassiope.
O1 - Hosts: 159.173.44.37 bf-smh96 elf-news # News SMH
O1 - Hosts: 159.173.44.193 af_smh14 # Test NT P.Ribes
O1 - Hosts: 159.173.45.74 af_smh02 # Rs6000/220
O1 - Hosts: 159.173.45.75 af_smh10 # IBM os2 iso-serpent
O1 - Hosts: 159.173.48.254 bigvax
O1 - Hosts: 159.173.226.15 pf_smh11_a # PIL
O1 - Hosts: 159.173.226.95 pf-smh12_ent3
O1 - Hosts: 159.173.226.145 pf_smh09_e # PL1 as2
O1 - Hosts: 159.173.226.146 pf_smh10_e # PL1 as3
O1 - Hosts: 159.173.226.147 rf_smh10_a # DL1 RL1
O1 - Hosts: 159.173.226.148 pf_smh07_e # PL1 db
O1 - Hosts: 159.173.226.171 pf_smh08_e # PL1 as1
O1 - Hosts: 159.173.228.12 pf_smh07_gen
O1 - Hosts: 159.173.228.19 pf-smh12_gen ctm-secto sdm-e bsm-serv plu-serv pri-serv pro-serv cml_serv mot-serv # EPC400 Bull Serveur Applis Sectorielles Sirius.
O1 - Hosts: 159.173.228.34 af_smh34_gen # ECS et Command Post.
O1 - Hosts: 159.173.228.39 af_gen90
O1 - Hosts: 159.173.228.50 af_smh04_gen
O1 - Hosts: 159.173.228.51 af_smh05_gen
O1 - Hosts: 159.173.228.60 af-smh36_gen # UniqPrint Sirius
O1 - Hosts: 159.173.228.64 df-smh06_gen # Factice.
O1 - Hosts: 159.173.228.110 pf_smh05_gen
O1 - Hosts: 159.173.228.111 pf_smh06_gen
O1 - Hosts: 159.173.228.112 pf_smh14_gen
O1 - Hosts: 159.173.228.145 pf_smh09_gen
O1 - Hosts: 159.173.228.146 pf_smh10_gen
O1 - Hosts: 159.173.228.171 pf_smh08_gen
O1 - Hosts: 159.173.228.172 af_smh15_gen
O1 - Hosts: 159.173.230.12 pf_smh07_smh
O1 - Hosts: 159.173.230.19 pf-smh12_smh ctm-secto sdm-e bsm-serv plu-serv pri-serv pro-serv cml_serv mot-serv # EPC400 Bull Serveur Applis Sectorielles Sirius.
O1 - Hosts: 159.173.230.34 af_smh34_smh # ECS et Command Post.
O1 - Hosts: 159.173.230.50 af_smh04_smh
O1 - Hosts: 159.173.230.51 af_smh05_smh
O1 - Hosts: 159.173.230.60 af-smh36_smh # UniqPrint Sirius
O1 - Hosts: 159.173.230.64 df-smh06_smh # Dvt Secto.
O1 - Hosts: 159.173.230.110 pf_smh05_smh
O1 - Hosts: 159.173.230.111 pf_smh06_smh
O1 - Hosts: 159.173.230.112 pf_smh14_smh
O1 - Hosts: 159.173.230.145 pf_smh09_smh
O1 - Hosts: 159.173.230.146 pf_smh10_smh
O1 - Hosts: 159.173.230.171 pf_smh08_smh
O1 - Hosts: 159.173.226.1 cisco_smh1 # Routeur Cisco1 SMH
O1 - Hosts: 159.173.226.2 cisco_smh2 # Routeur Cisco2 SMH
O1 - Hosts: 159.173.226.3 ha2 # IpSwitch 900EF
O1 - Hosts: 159.173.226.82 cisco_hsrt # Routeur Cisco France Telecom.
O1 - Hosts: 159.173.226.200 gia # GigaSwitch Fddi
O1 - Hosts: 159.173.226.207 ha # Dechub A MAM
O1 - Hosts: 159.173.226.211 ha3 # DecConcentrateur 900MX
O1 - Hosts: 159.173.226.212 ha4 # DecConcentrateur 900MX
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Intoan] C:\Program Files\Intoan\Agent\IntoanAgent.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Fichiers communs\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [e-Border Credential] C:\Program Files\Permeo\e-Border Driver\ebicon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ToUcamVProperty] C:\Program Files\Philips ToUcam Camera\VProperty.exe
O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: SSO - {2FBE4EA9-CA44-470A-98EF-142DE942AA76} - https://sso.capgemini.com/autologon.asp?url=home (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O10 - Unknown file in Winsock LSP: c:\program files\permeo\e-border driver\s5spi.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.fr.capgemini.com
O15 - Trusted Zone: door.capgemini.com
O15 - Trusted Zone: sso.capgemini.com
O16 - DPF: {9b935470-ad4a-11d5-b63e-00c04faedb18} (Oracle JInitiator 1.1.8.16) - http://chronos.v11:8075/jinitiator/oajinit.exe
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.photoways.com/clients/ImageUploader3.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cgeyfr.cgey.fr
O17 - HKLM\Software\..\Telephony: DomainName = cgeyfr.cgey.fr
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cgeyfr.cgey.fr
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O21 - SSODL: cinnamomum - {93ac7c30-3878-4eaa-9420-7977285df5b1} - C:\WINDOWS\system32\pmnqguh.dll
O23 - Service: Service Elève pcAnywhere (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Unknown owner - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (file missing)
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Security Driver NetBT Proxy (nbproxy) - Permeo Technologies, Inc. - C:\Program Files\Permeo\e-Border Driver\nbproxy.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\orant\BIN\ONRSD80.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Bonjour

* Télécharge
SmitfraudFix de S!Ri:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
Tu le dézippes sur le Bureau.

Ewido
http://www.ewido.net/en/download/
Tu l'installes.
Lance Ewido et clique sur le bouton Update (barre d'outils - au haut).
Sous Manual Update clique Start update. Patiente jusqu'à l'affichage "Update successful".

CCleaner.
http://www.filehippo.com/download_ccleaner.html
Installe le dans un répertoire dédié.

* Tu ouvres SmitfraudFix, tu double cliques sur SmitfraudFix.cmd et tu choisis l’option 1
Postes le rapport.

* Redémarre en mode sans échec. Attention, tu n'as pas accès à internet dans ce mode, note bien ce que tu as à faire.
Démarres l'ordinateur.
Une fois le chargement du BIOS terminé, il y a un écran noir. Appuyes sur la touche F8 ou F5 jusqu'à l'affichage du menu des options avancées de Windows.
En utilisant les touches du curseur, sélectionnes le mode sans échec approprié et appuyes sur Entrée.

* Relances SmitfraudFix et choisis cette fois l’option 2 et réponds oui à tout.

* Lance le nettoyage avec CCleaner.

* Lance Ewido. Clique sur le bouton Scanner (de la barre d'outils)
Puis sur l'onglets Settings, pour How to Act. Clique sur Recommanded Actions. Sélectionne Quarantine.
Reviens a l'onglet Scan. Clique Complete system Scan
A la fin du scan, choisis l'option " Apply All Actions " en bas.
Clique sur "Save Report", puis "Save Report As". Ceci génère un rapport en fichier texte. Assure-toi de le sauvegarder dans un endroit facile à retrouver.

* Redémarres normalement et communiques le deuxième rapport de SmitfraudFix, celui d'Ewido avec un nouveau rapport Hijackthis.