Sujet Précédent Sujet Suivant

Virus

nolito -  
 Utilisateur anonyme -
Bonjour,
Ma Sœur c'est fait avoir, elle a cliquer sur un lien et depuis ce lien s'envoie a mes contact mais clean virus msn a détecter un trojan je l'ai supprime mais ce même lien continue a s'envoyer que faire
A voir également:

20 réponses

Réponse 1 / 20
flo1609 Messages postés 29 Statut Membre 11
 
installe spybot search and destroy (disponible sur le forum).
tu fais un scan complet de l'ordi et tu supprime tout, normalement ca devrait etre ok.
bonne chance
0
Réponse 2 / 20
nolito
 
merci je vais essayer =)
0
Réponse 3 / 20
nolito
 
Le lien ne c'est pas envoyer de toute la journée mais voila qu'il recommence
0
Réponse 4 / 20
Utilisateur anonyme
 
Salut ,

▶ Télécharge random's system information tool (RSIT) et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.

• Lis le contenu de l'écran Disclaimer puis clique sur Continue (si tu acceptes les conditions).

• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

Poste le contenu de log.txt .

• Tuto : https://forum.pcastuces.com/randoms_system_information_tool_rsit-f31s31.htm
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 20
nolito
 
Logfile of random's system information tool 1.06 (written by random/random)
Run by £'£ $K!T- R at 2009-10-22 22:43:52
Microsoft Windows XP Édition familiale Service Pack 3
System drive C: has 73 GB (49%) free of 148 GB
Total RAM: 511 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:44:50, on 22/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\EoRezo\EoEngine.exe
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\livemessenger.com
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\£'£ $K!T- R\Mes documents\Téléchargements\RSIT.exe
C:\Program Files\trend micro\£'£ $K!T- R.exe
c:\windows\system32\svchost64.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?fdr=lc&toHttps=1&redig=FA6AD360E0BE4C719380F8C470A3D3A8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FR_FR&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://troner.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/spresults.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://y.lo.st
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O2 - BHO: EoBHO - {C7B76B90-3455-4AE6-A752-EAC4D19689E5} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: GamesBarBHO Class - {CB0D163C-E9F4-4236-9496-0597E24B23A5} - C:\Program Files\GamesBar\oberontb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: (no name) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB0.dll
O3 - Toolbar: 4shared.com Toolbar - {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - C:\Program Files\4shared.com\tb4sh1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SoftwareHelper] C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [svchost64.exe] c:\windows\system32\svchost64.exe
O4 - HKLM\..\Run: [Microsoft Update] livemessenger.com
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB7425] command.com /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Désinstaller.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2061] cmd.exe /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Désinstaller.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB6985] command.com /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Live-Player.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6924] cmd.exe /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Live-Player.lnk"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8055] command.com /c del "C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\live-player\liveplayer.s3db"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7336] cmd.exe /c del "C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\live-player\liveplayer.s3db"
O4 - HKCU\..\RunOnce: [SpybotDeletingB8267] command.com /c del "C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\live-player\flv.swf"
O4 - HKCU\..\RunOnce: [SpybotDeletingD894] cmd.exe /c del "C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\live-player\flv.swf"
O4 - HKCU\..\RunOnce: [SpybotDeletingB9650] command.com /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Conditions générales.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD4738] cmd.exe /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Conditions générales.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5011] command.com /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Confidentialité.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2569] cmd.exe /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Confidentialité.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3789] command.com /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Website.url"
O4 - HKCU\..\RunOnce: [SpybotDeletingD5782] cmd.exe /c del "C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player\Website.url"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: (no name) - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra 'Tools' menuitem: GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - C:\Program Files\GamesBar\oberontb.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game07.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab57176.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.33/g_bin/eng/snooker_2_0_0_35.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Service Google Update (gupdate1ca2d83a60edabc) (gupdate1ca2d83a60edabc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
0
Réponse 6 / 20
Utilisateur anonyme
 
plusieures infections présente en plus du ver msn

télécharge ad remover sur ton bureau :

http://pagesperso-orange.fr/NosTools/C_XX/AD-R.exe

Double clic sur AD-R.exe pour lancer l outil , puis suit ce tutoriel :

http://pagesperso-orange.fr/NosTools/tuto_adr_3.html

>> post le rapport dans ta prochaine réponse stp .
0
Réponse 7 / 20
nolito
 
.
======= RAPPORT D'AD-REMOVER 1.1.4.5_Z | UNIQUEMENT XP/VISTA/7 =======
.
Mit à jour par C_XX le 17.10.2009 à 11:48
Contact: AdRemover.contact@gmail.com
Site web: http://pagesperso-orange.fr/NosTools/ad_remover.html
.
Lancé à: 23:11:15, 22/10/2009 | Mode Normal | Option: CLEAN
Exécuté de: C:\Program Files\Ad-Remover\
Système d'exploitation: Microsoft® Windows XP™ Service Pack 3 v5.1.2600
Nom du PC: NOM-D3A4C94E6FD | Utilisateur actuel: œ'œ $K!T- R
.
============== ÉLÉMENT(S) NEUTRALISÉ(S) ==============
.

HKCU\Software\EoRezo
HKLM\Software\EoRezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C7B76B90-3455-4AE6-A752-EAC4D19689E5}
HKU\S-1-5-21-3792929252-2645728743-1670671204-1014\Software\Eorezo
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\EoEngine
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SoftwareHelper
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
HKCU\software\microsoft\internet explorer\searchscopes\{CF739809-1C6C-47C0-85B9-569DBB141420}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98}
HKLM\Software\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
HKLM\Software\Classes\CLSID\{b0de3308-5d5a-470d-81b9-634fc078393b}
HKLM\Software\Classes\CLSID\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CB0D163C-E9F4-4236-9496-0597E24B23A5}
HKLM\Software\Classes\TypeLib\{AD76633E-E50D-4844-9E7F-4DFBC7C18467}
.
C:\DOCUME~1\'$K!T-~1\APPLIC~1\EoRezo
C:\DOCUME~1\'$K!T-~1\APPLIC~1\ItsLabel
C:\DOCUME~1\ALLUSE~1\APPLIC~1\gamesbar
C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\GamesBar
C:\Program Files\Ask Search Assistant
C:\Program Files\AskSearch
C:\Program Files\EoRezo
C:\Program Files\FBrowserAdvisor
C:\Program Files\FBrowsingAdvisor
C:\Program Files\GamesBar
C:\Program Files\ItsLabel
C:\Program Files\Mozilla FireFox\Components\AskSearch.js
C:\WINDOWS\Prefetch\SOFTWAREUPDATEHP.EXE-1380C89B.pf
C:\DOCUME~1\'$K!T-~1\Cookies\œ'œ_$k!t-_r@ads.eorezo[2].txt
C:\DOCUME~1\'$K!T-~1\Cookies\œ'œ_$k!t-_r@ads.eorezo[3].txt
C:\DOCUME~1\'$K!T-~1\Cookies\œ'œ_$k!t-_r@eorezo[1].txt
C:\DOCUME~1\'$K!T-~1\Cookies\œ'œ_$k!t-_r@eorezo[2].txt

(!) -- Fichiers temporaires supprimés.

.
============== Scan additionnel ==============
.
.
* Mozilla FireFox Version 3.5.3 [fr] *
.
Nom du profil: rqjthqnq.default (œ'œ $K!T- R)
.
(Prefs.js) user_pref("browser.search.defaultenginename", "Google");
(Prefs.js) user_pref("browser.search.selectedEngine", "Google");
(Prefs.js) user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=");
(Prefs.js) user_pref("browser.startup.homepage", "hxxp://lo.st");
(Prefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.3");
(Invalidprefs.js) user_pref("browser.search.defaultenginename", "Live Search");
(Invalidprefs.js) user_pref("browser.search.selectedEngine", "Live Search");
(Invalidprefs.js) user_pref("browser.search.defaulturl", "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=");
(Invalidprefs.js) user_pref("browser.startup.homepage", "hxxp://www.lo.st");
(Invalidprefs.js) user_pref("browser.startup.homepage_override.mstone", "rv:1.9.0.3");
.
(Invalidprefs.js) EFFACÉ: user_pref("browser.startup.homepage", "hxxp://www.lo.st");
.
* Internet Explorer Version 8.0.6001.18702 *
.
[HKEY_CURRENT_USER\..\Internet Explorer\Main]
.
Start Page: hxxp://fr.msn.com/
Search Page: hxxp://search.live.com
Search Bar: hxxp://go.microsoft.com/fwlink/?linkid=54896
Default_search_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Default_page_url: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\Main]
.
Default_Page_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Default_Search_URL: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Search Page: hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
Start Page: hxxp://fr.msn.com/
Search Bar: hxxp://search.msn.com/spbasic.htm
.
[HKEY_LOCAL_MACHINE\..\Internet Explorer\ABOUTURLS]
.
Tabs: res://ieframe.dll/tabswelcome.htm
.
===================================
.
2571 Octet(s) - C:\Ad-Report-CLEAN[1].log
4479 Octet(s) - C:\Ad-Report-CLEAN[2].log
.
34 Fichier(s) - C:\DOCUME~1\'$K!T-~1\LOCALS~1\Temp
3 Fichier(s) - C:\WINDOWS\Temp
.
19 Fichier(s) - C:\Program Files\Ad-Remover\BACKUP
120 Fichier(s) - C:\Program Files\Ad-Remover\QUARANTINE
.
Fin à: 23:33:59 | 22/10/2009 - CLEAN[2]
.
============== E.O.F ==============
.
0
Réponse 8 / 20
Utilisateur anonyme
 
• Télécharge UsbFix sur ton bureau .

http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
https://www.androidworld.fr/

(!) Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptible d'avoir été infectées sans les ouvrir

• Double clic sur "UsbFix.exe" présent sur ton bureau .

• Choisis l'option F pour français et tape sur [entrée] .

• Choisis l'option 1 ( Recherche ) et tape sur [entrée] .

• Laisse travailler l'outil.

Ensuite post le rapport UsbFix.txt qui apparaitra.

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque. ( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )

• Note : "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

• Tuto : http://pagesperso-orange.fr/NosTools/usbfix.html
0
Réponse 9 / 20
nolito
 
############################## | UsbFix V6.044 |

User : £'£ $K!T- R (Administrateurs) # NOM-D3A4C94E6FD
Update on 22/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 00:02:47 | 23/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
AV : avast! antivirus 4.8.1351 [VPS 091022-0] 4.8.1351 [ Enabled | Updated ]

C:\ -> Disque fixe local # 144.79 Go (70.37 Go free) [PRESARIO] # NTFS
D:\ -> Disque fixe local # 4.24 Go (1.01 Go free) [PRESARIO_RP] # FAT32
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\livemessenger.com
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdate.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system32\ping.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

C:\WINDOWS\livemessenger.com
C:\WINDOWS\system32\svchost64.exe
C:\WINDOWS\system32\tempBatFile.bat
D:\autorun.inf
D:\AUTORUN.FCB

################## | Registre # Clés Run infectieuses |

[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Microsoft Update"
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "svchost64.exe"

################## | Registre # Mountpoints2 |

HKCU\..\..\Explorer\MountPoints2\{b6d35268-16ff-11da-b1f1-806d6172696f}
Shell\AutoRun\command =D:\setupSNK.exe

HKCU\..\..\Explorer\MountPoints2\{e50ac298-1934-11de-8cde-000f20fa9c08}
Shell\AutoRun\command =C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL copy.exe

################## | Suspect | https://www.virustotal.com/gui/ |

################## | Cracks / Keygens / Serials |

################## | ! Fin du rapport # UsbFix V6.044 ! |
0
Réponse 10 / 20
Utilisateur anonyme
 
• Double clic sur "UsbFix.exe" présent sur ton bureau .

• Choisis l' option F pour français et et tape sur [entrée] .

• choisis l'option 2 ( Suppression ) et tape sur [entrée].

• Ton bureau disparaitra et le pc redémarrera .

• Au redémarrage , UsbFix scannera ton pc , laisse travailler l'outil.

Ensuite post le rapport UsbFix.txt qui apparaitra avec le bureau .

• Note : Le rapport UsbFix.txt est sauvegardé a la racine du disque.( C:\UsbFix.txt )

( CTRL+A Pour tout selectionner , CTRL+C pour copier et CTRL+V pour coller )
0
Réponse 11 / 20
nolito
 
Je n'est pas reçu de rapport mais j'ai du envoyer un fichier zip
0
Réponse 12 / 20
nolito
 
Je n'avais pas vu
0
Réponse 13 / 20
nolito
 
############################## | UsbFix V6.044 |

User : £'£ $K!T- R (Administrateurs) # NOM-D3A4C94E6FD
Update on 22/10/2009 by Chiquitine29, C_XX & Chimay8
Start at: 00:34:24 | 23/10/2009
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Celeron(R) CPU 3.06GHz
Microsoft Windows XP Édition familiale (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Enabled
AV : BitDefender Antivirus 12.0 [ (!) Disabled | Updated ]
AV : avast! antivirus 4.8.1351 [VPS 091022-0] 4.8.1351 [ Enabled | Updated ]

C:\ -> Disque fixe local # 144.79 Go (71.17 Go free) [PRESARIO] # NTFS
D:\ -> Disque fixe local # 4.24 Go (1.01 Go free) [PRESARIO_RP] # FAT32
E:\ -> Disque CD-ROM

############################## | Processus actifs |

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

################## | Fichiers # Dossiers infectieux |

Supprimé ! C:\WINDOWS\livemessenger.com
Supprimé ! C:\WINDOWS\system32\svchost64.exe
Supprimé ! C:\WINDOWS\system32\tempBatFile.bat
Supprimé ! D:\autorun.inf
Supprimé ! D:\AUTORUN.FCB

################## | Registre # Clés Run infectieuses |

Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "Microsoft Update"
Supprimé ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Run] "svchost64.exe"

################## | Registre # Mountpoints2 |

Supprimé ! HKCU\...\Explorer\MountPoints2\{e50ac298-1934-11de-8cde-000f20fa9c08}\Shell\AutoRun\Command

################## | Listing des fichiers présent |

[28/05/2009 18:44|--a------|100] C:\++.txt
[22/10/2009 22:58|--a------|2571] C:\Ad-Report-CLEAN[1].log
[22/10/2009 23:33|--a------|4812] C:\Ad-Report-CLEAN[2].log
[01/01/2005 09:29|--a------|0] C:\AUTOEXEC.BAT
[06/07/2008 23:56|-rahs----|296] C:\boot.ini
[05/08/2004 05:00|-rahs----|4952] C:\Bootfont.bin
[05/08/2004 05:00|-rahs----|263488] C:\cmldr
[01/01/2005 09:29|--a------|0] C:\CONFIG.SYS
[15/12/2008 22:43|--a------|0] C:\DBS.TXT
[31/01/2009 15:27|--a------|5689638] C:\FRAGLIST.LUAR
[?|?|?] C:\hiberfil.sys
[01/01/2005 09:39|--ah-----|2] C:\hpbi.log
[01/01/2005 09:29|-rahs----|0] C:\IO.SYS
[01/01/2005 09:29|-rahs----|0] C:\MSDOS.SYS
[05/08/2004 05:00|-rahs----|47564] C:\NTDETECT.COM
[06/10/2008 17:14|-rahs----|252240] C:\ntldr
[29/02/2004 17:44|--a------|52576] C:\orange.bmp
[?|?|?] C:\pagefile.sys
[05/06/2009 18:39|--a------|70] C:\pdfinfo.ini
[28/03/2009 14:09|--a------|29351126] C:\setup-adsltv.exe
[27/03/2008 16:16|--ah-----|232] C:\sqmdata00.sqm
[27/03/2008 16:16|--ah-----|232] C:\sqmdata01.sqm
[27/03/2008 16:18|--ah-----|232] C:\sqmdata02.sqm
[27/03/2008 16:27|--ah-----|232] C:\sqmdata03.sqm
[10/04/2008 17:37|--ah-----|232] C:\sqmdata04.sqm
[14/04/2008 05:28|--ah-----|268] C:\sqmdata05.sqm
[15/04/2008 10:35|--ah-----|232] C:\sqmdata06.sqm
[15/04/2008 10:51|--ah-----|232] C:\sqmdata07.sqm
[15/04/2008 15:27|--ah-----|232] C:\sqmdata08.sqm
[16/05/2008 17:42|--ah-----|268] C:\sqmdata09.sqm
[25/05/2008 19:05|--ah-----|268] C:\sqmdata10.sqm
[07/12/2008 20:32|--ah-----|268] C:\sqmdata11.sqm
[15/12/2008 20:52|--ah-----|232] C:\sqmdata12.sqm
[22/12/2008 13:47|--ah-----|268] C:\sqmdata13.sqm
[21/01/2009 07:47|--ah-----|268] C:\sqmdata14.sqm
[22/01/2009 08:04|--ah-----|268] C:\sqmdata15.sqm
[23/01/2009 08:06|--ah-----|268] C:\sqmdata16.sqm
[24/01/2009 07:57|--ah-----|268] C:\sqmdata17.sqm
[18/02/2008 13:42|--ah-----|232] C:\sqmdata18.sqm
[22/01/2009 15:38|--ah-----|268] C:\sqmdata19.sqm
[27/03/2008 16:16|--ah-----|244] C:\sqmnoopt00.sqm
[27/03/2008 16:16|--ah-----|244] C:\sqmnoopt01.sqm
[27/03/2008 16:18|--ah-----|244] C:\sqmnoopt02.sqm
[27/03/2008 16:27|--ah-----|244] C:\sqmnoopt03.sqm
[10/04/2008 17:37|--ah-----|244] C:\sqmnoopt04.sqm
[14/04/2008 05:28|--ah-----|244] C:\sqmnoopt05.sqm
[15/04/2008 10:35|--ah-----|244] C:\sqmnoopt06.sqm
[15/04/2008 10:51|--ah-----|244] C:\sqmnoopt07.sqm
[15/04/2008 15:27|--ah-----|244] C:\sqmnoopt08.sqm
[16/05/2008 17:42|--ah-----|244] C:\sqmnoopt09.sqm
[25/05/2008 19:05|--ah-----|172] C:\sqmnoopt10.sqm
[07/12/2008 20:32|--ah-----|244] C:\sqmnoopt11.sqm
[15/12/2008 20:52|--ah-----|244] C:\sqmnoopt12.sqm
[22/12/2008 13:47|--ah-----|244] C:\sqmnoopt13.sqm
[21/01/2009 07:47|--ah-----|244] C:\sqmnoopt14.sqm
[22/01/2009 08:04|--ah-----|244] C:\sqmnoopt15.sqm
[23/01/2009 08:06|--ah-----|244] C:\sqmnoopt16.sqm
[24/01/2009 07:57|--ah-----|244] C:\sqmnoopt17.sqm
[18/02/2008 13:42|--ah-----|244] C:\sqmnoopt18.sqm
[22/01/2009 15:38|--ah-----|244] C:\sqmnoopt19.sqm
[05/05/2009 17:25|--ahs----|17408] C:\Thumbs.db
[23/10/2009 00:39|--a------|6088] C:\UsbFix.txt
[28/07/2001 07:07|---hs----|0] D:\AUTOEXEC.BAT
[09/01/2002 20:52|---hs----|244] D:\BOOT.INI
[17/08/2001 10:26|---hs----|237728] D:\CMLDR
[28/07/2001 07:07|---hs----|0] D:\CONFIG.SYS
[10/09/2002 00:14|---hs----|100] D:\Desktop.ini
[24/02/2004 17:38|--a------|498] D:\BATCH.OLD
[30/04/2004 23:00|---hs----|73728] D:\Info.exe
[28/07/2001 07:07|---hs----|0] D:\IO.SYS
[28/07/2001 07:07|---hs----|0] D:\MSDOS.SYS
[25/07/2001 23:00|---hs----|45124] D:\NTDETECT.COM
[25/07/2001 23:00|---hs----|222880] D:\NTLDR
[13/04/2008 19:34|--a------|28672] D:\setupSNK.exe
[03/03/2003 22:41|---hs----|88038] D:\Warning.bmp
[12/11/2004 01:14|---hs----|26] D:\BLOCK.RIN
[25/01/2002 19:21|---hs----|0] D:\GRAPH16
[30/04/2001 21:16|---hs----|14] D:\Graph
[18/04/2007 12:53|---hs----|984] D:\MASTER.LOG
[17/08/2001 16:32|---hs----|0] D:\NTFS
[12/11/2004 00:48|---hs----|36] D:\SAVEFILE.DIR
[30/04/2001 21:16|---hs----|14] D:\SVGA
[18/08/2001 16:00|---hs----|10] D:\WIN51
[22/01/2001 16:00|---hs----|11] D:\WIN51.B2
[25/07/2001 16:00|---hs----|11] D:\WIN51.RC1
[25/07/2001 21:47|---hs----|11] D:\WIN51.RC2
[18/08/2001 16:00|---hs----|10] D:\WIN51IC
[20/03/2001 16:00|---hs----|11] D:\WIN51IC.B2
[25/07/2001 16:00|---hs----|11] D:\WIN51IC.RC1
[25/07/2001 16:00|---hs----|11] D:\WIN51IC.RC2
[17/08/2001 16:00|---hs----|10] D:\WIN51IP
[22/01/2001 16:00|---hs----|11] D:\WIN51IP.B2
[25/07/2001 21:47|---hs----|11] D:\WIN51IP.RC2
[17/08/2001 14:17|---hs----|184] D:\WINBOM.INI
[10/09/2002 18:21|---hs----|7850] D:\Folder.htt
[03/03/2003 15:46|---hs----|111377] D:\protect.ed
[12/11/2004 01:16|--ahs----|984] D:\USER
[01/01/2005 01:14|--ahs----|1552] D:\BATCH.LOG
[18/04/2007 12:53|-r-hs----|0] D:\RCBoot.sys
[18/04/2007 13:15|--ahs----|0] D:\HPCD.sys

################## | Vaccination |

# C:\autorun.inf -> Folder created by UsbFix.
# D:\autorun.inf -> Folder created by UsbFix.

################## | Suspect | https://www.virustotal.com/gui/ |

################## | Cracks / Keygens / Serials |

################## | Upload |

Veuillez envoyer le fichier : C:\DOCUME~1\'$K!T-~1\Bureau\UsbFix_Upload_Me_NOM-D3A4C94E6FD.zip : https://www.androidworld.fr/
Merci pour votre contribution .

################## | ! Fin du rapport # UsbFix V6.044 ! |
0
Réponse 14 / 20
Utilisateur anonyme
 
merci pour l upload , tu ne devrais plus avoir de soucis avec msn

▶ Télécharge OTM de OldTimer sur ton Bureau.

• Double-clique sur OTM.exe afin de le lancer.

• Copie (Ctrl+C) le texte suivant ci-dessous :

:processes
explorer.exe

:files
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\live-player

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingB7425"=-
"SpybotDeletingD2061"=-
"SpybotDeletingB6985"=-
"SpybotDeletingD6924"=-
"SpybotDeletingB8055"=-
"SpybotDeletingD7336"=-
"SpybotDeletingB8267"=-
"SpybotDeletingD894"=-
"SpybotDeletingB9650"=-
"SpybotDeletingD4738"=-
"SpybotDeletingB5011"=-
"SpybotDeletingD2569"=-
"SpybotDeletingB3789"=-
"SpybotDeletingD5782"=-

:commands
[emptytemp]
[reboot]

• Colle (Ctrl+V) le texte précédemment copié dans le cadre Paste Instructions for Items to be Moved.

• Clique maintenant sur le bouton MoveIt! puis ferme OTM.

▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
▶ Accepte en cliquant sur YES.

Poste le rapport situé dans ce dossier : C:\_OTM\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

############

• Telecharge malwarebytes

• Tu l´instale, le programme va se mettre automatiquement a jour.

• Une fois a jour, le programme va se lancer.

• Click sur l´onglet parametre, et coche la case : "Arreter internet explorer pendant la suppression".

• Click maintenant sur l´onglet recherche et coche la case : "executer un examen rapide".

• Puis click sur "rechercher".

• Laisse le scanner le pc...

• Si des elements on ete trouvés > click sur supprimer la selection.

• Si il t´es demandé de redemarrer > click sur "yes".

• A la fin un rapport va s´ouvrir, sauvegarde le de maniere a le retrouver en vu de le poster sur le forum.
• Copie et colle le rapport stp.

▶ PS : les rapport sont aussi rangé dans l onglet rapport/log
▶ Tuto : https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
▶ Tuto : https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
Réponse 15 / 20
Utilisateur anonyme
 
on finira demain , bonne nuit .
0
Réponse 16 / 20
nolito
 
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Live-Player not found.
File/Folder C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\live-player not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB7425 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2061 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB6985 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD6924 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8055 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD7336 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB8267 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD894 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB9650 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD4738 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB5011 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD2569 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingB3789 not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpybotDeletingD5782 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Compaq_Propriétaire
->Temp folder emptied: 658737194 bytes
->Temporary Internet Files folder emptied: 1205047 bytes
->FireFox cache emptied: 6474458 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Emma

User: Inès
->Temp folder emptied: 23598075 bytes
->Temporary Internet Files folder emptied: 119528489 bytes
->Java cache emptied: 460921 bytes
->FireFox cache emptied: 24040817 bytes

User: KaZ KamiKaZ
->Temp folder emptied: 1411481202 bytes
->Temporary Internet Files folder emptied: 829017710 bytes
->Java cache emptied: 40372369 bytes
->FireFox cache emptied: 98924271 bytes

User: LocalService
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
->Temp folder emptied: 115348 bytes
->Temporary Internet Files folder emptied: 8550139 bytes
->FireFox cache emptied: 3383583 bytes

User: Manu.NOM-D3A4C94E6FD

User: necas68
->Temp folder emptied: 112443 bytes
->Temporary Internet Files folder emptied: 18854928 bytes

User: necas68.NOM-D3A4C94E6FD
->Temp folder emptied: 78883734 bytes
->Temporary Internet Files folder emptied: 82990647 bytes
->Java cache emptied: 25493442 bytes
->FireFox cache emptied: 86855739 bytes
->Google Chrome cache emptied: 7651175 bytes

User: NetworkService
->Temp folder emptied: 115616 bytes
->Temporary Internet Files folder emptied: 112560695 bytes

User: sophie
->Temp folder emptied: 6106727 bytes
->Temporary Internet Files folder emptied: 144716668 bytes
->Java cache emptied: 969029 bytes

User: £'£ $K!T- R
->Temp folder emptied: 2290765 bytes
->Temporary Internet Files folder emptied: 2489068 bytes
->Java cache emptied: 25493442 bytes
->FireFox cache emptied: 44141375 bytes

%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\msdownld.tmp folder deleted successfully.
%systemroot% .tmp files removed: 19569 bytes
%systemroot%\System32 .tmp files removed: 10890752 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 33432 bytes
RecycleBin emptied: 214 bytes

Total Files Cleaned = -398.99 mb

OTM by OldTimer - Version 3.0.0.6 log created on 10232009_011050

Files moved on Reboot...
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_7a0.dat moved successfully.

Registry entries deleted on Reboot...
0
Réponse 17 / 20
nolito
 
Malwarebytes' Anti-Malware 1.41
Version de la base de données: 3014
Windows 5.1.2600 Service Pack 3

23/10/2009 02:03:36
mbam-log-2009-10-23 (02-03-36).txt

Type de recherche: Examen rapide
Eléments examinés: 145292
Temps écoulé: 26 minute(s), 54 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 22
Valeur(s) du Registre infectée(s): 4
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 14
Fichier(s) infecté(s): 34

Processus mémoire infecté(s):
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{cc11617c-259e-429c-9063-7d70b8355ebd} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{15421b84-3488-49a7-ad18-cbf84a3efaf6} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{af7e9ebb-e1cf-7f7c-c608-13185698f3e9} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\DBReg (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\IGB (Rogue.Residue) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\xInsiDERexe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\EoRezo (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\IGB (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SudoPlanet (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SudoPlanet (Rogue.SudoPlanet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WebMediaPlayer (Rogue.WebMedia) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\softwarehelper (Rogue.Eorezo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost64.exe (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\CPV (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\JavaCore (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\nvcoi (Trojan.Stars) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SudoPlanet (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\SudoPlanet\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\Temporary (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WinUpdater (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\hijkcdefza_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\hijkcdefza_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\hijkcdefza.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\ayauq_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\ayauq_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\ayauq.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\qykiy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\qykiy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\qykiy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\tagtae_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\tagtae_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\tagtae.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\tagtae.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Local Settings\Application Data\eusjh_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Application Data\EoRezo\SoftwareUpdate\SoftwareUpdateHP.exe (Rogue.Eorezo) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebates.ini (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SelectRebates\SelectRebatesApi.ini (Adware.SelectRebates) -> Quarantined and deleted successfully.
C:\Program Files\SudoPlanet\SudoPlanet.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WinUpdater\update.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet\Conditions générales.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet\Confidentialité.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet\Désinstaller.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet\SudoPlanet.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\SudoPlanet\Website.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Documents and Settings\necas68.NOM-D3A4C94E6FD\Bureau\WebMediaPlayer.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kkshye_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkaxignh_nav.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kkshye_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkaxignh_navps.dat (Adware.NaviPromo) -> Quarantined and deleted successfully.
0
Réponse 18 / 20
nolito
 
Merci =) A Demain
0
Réponse 19 / 20
Utilisateur anonyme
 
Bonjour ,

réouvre malewarebyte's , va sur quarantaine , supprime tout

#######

Télécharge Navilog1 (de IL-MAFIOSO) sur le bureau

• Double-clique sur "Navilog1" sur ton bureau que tu viens de télécharger.
• Appuie sur le chiffre 1 de ton clavier puis sur la touche Entrée pour sélectionner la langue française.
• Appuie sur une touche de ton clavier pour continuer... (Il te le sera demandé plusieurs fois).
• Tape 1, puis appuie sur la touche Entrée de ton clavier pour sélectionner l’option "Recherche / Désinfection automatique"
• Sois patient, cela peut prendre une dizaine de minutes voire plus.
• Navilog1 t’informe que la recherche est terminée
• Appuie sur une touche de ton clavier pour afficher le rapport qu’il a généré
• Le rapport sera sauvegardé dans le fichier suivant : "fixnavi.txt" à la racine de ton disque dur (C:\fixnavi.txt).
• Poste le rapport généré

0
nolito
 
bonjour ce matin mon père à allumé l'ordinateur tout étais normal plus tard dans l' après midi j' essaye d'allumer le pc mais je n'arrive pas à demarer une page bleu s'affiche me disans qu'il y a un probleme
j'ecris de mon 2eme pc
0
Réponse 20 / 20
Utilisateur anonyme
 
Salut , il démarre en mode sans echec ?
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses