[Virus] infecté p/ Winativirus, driveclean..
skalae
Messages postés
1
Statut
Membre
-
blondin777 Messages postés 6162 Statut Contributeur -
blondin777 Messages postés 6162 Statut Contributeur -
Bonjour à tous!
Mon PC est surinfecté par drivecleaner, winantivirus, et autres pop-ups fort désagréables!!!!
Impossible de m'en débarasser, ca revient toujours après mes analyses spybot et adaware.
Avant que je lance l'ordi par la fenêtre, pourriez vous me venir en aide?
Merci d'avance, voila mon rapport hijackthis.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:59:21, on 15/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric MORANGE\Bureau\VundoFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric MORANGE\Bureau\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww25.planetis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8528BD1A-4D94-4D49-BCAA-0E098E80F02F} - C:\WINDOWS\system32\fccyyxu.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} - C:\WINDOWS\System32\awvvv.dll (file missing)
O2 - BHO: (no name) - {9E850E3D-4CC2-44DD-BCFC-E0FC5C8C74A9} - C:\WINDOWS\System32\awtst.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} - C:\WINDOWS\System32\gebcb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://ww25.planetis.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet/static/controls/root.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip/RdxIE601_fr.cab
O20 - Winlogon Notify: awtst - C:\WINDOWS\System32\awtst.dll
O20 - Winlogon Notify: fccyyxu - C:\WINDOWS\SYSTEM32\fccyyxu.dll
O20 - Winlogon Notify: khffgec - C:\WINDOWS\SYSTEM32\khffgec.dll
O20 - Winlogon Notify: ljjjjih - C:\WINDOWS\SYSTEM32\ljjjjih.dll
O20 - Winlogon Notify: pmnkiih - C:\WINDOWS\SYSTEM32\pmnkiih.dll
O20 - Winlogon Notify: ssqpnmk - C:\WINDOWS\SYSTEM32\ssqpnmk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
Mon PC est surinfecté par drivecleaner, winantivirus, et autres pop-ups fort désagréables!!!!
Impossible de m'en débarasser, ca revient toujours après mes analyses spybot et adaware.
Avant que je lance l'ordi par la fenêtre, pourriez vous me venir en aide?
Merci d'avance, voila mon rapport hijackthis.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:59:21, on 15/04/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\Dantz\Retrospect\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Apps\ActivBoard\MMKeybd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric MORANGE\Bureau\VundoFix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Eric MORANGE\Bureau\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ww25.planetis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {67C55A8D-E808-4caa-9EA7-F77102DE0BB6} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {8528BD1A-4D94-4D49-BCAA-0E098E80F02F} - C:\WINDOWS\system32\fccyyxu.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {97D8A8C7-CA24-41BB-AFBA-98C63A3166AE} - C:\WINDOWS\System32\awvvv.dll (file missing)
O2 - BHO: (no name) - {9E850E3D-4CC2-44DD-BCFC-E0FC5C8C74A9} - C:\WINDOWS\System32\awtst.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: (no name) - {FCE0421E-A3A1-44BA-A7EC-8FAFDAE5F8BC} - C:\WINDOWS\System32\gebcb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ActivSurf] C:\apps\ActivSurf\4448364\Program\backweb-4448364.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://ww25.planetis.com/
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/haphazard/raptisoftgameloader.cab
O16 - DPF: {321FB770-1FBE-4BFE-BDC1-6F622D4FA497} - https://activation.club-internet.fr/wizlet/clubinternet/static/controls/root.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/31a6e1ee318159719506/netzip/RdxIE601_fr.cab
O20 - Winlogon Notify: awtst - C:\WINDOWS\System32\awtst.dll
O20 - Winlogon Notify: fccyyxu - C:\WINDOWS\SYSTEM32\fccyyxu.dll
O20 - Winlogon Notify: khffgec - C:\WINDOWS\SYSTEM32\khffgec.dll
O20 - Winlogon Notify: ljjjjih - C:\WINDOWS\SYSTEM32\ljjjjih.dll
O20 - Winlogon Notify: pmnkiih - C:\WINDOWS\SYSTEM32\pmnkiih.dll
O20 - Winlogon Notify: ssqpnmk - C:\WINDOWS\SYSTEM32\ssqpnmk.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe
A voir également:
- [Virus] infecté p/ Winativirus, driveclean..
- Virus mcafee - Accueil - Piratage
- Mkdir - p signification ✓ - Forum Linux / Unix
- Virus facebook demande d'amis - Accueil - Facebook
- Softonic virus ✓ - Forum Virus
- Artemis virus - Forum Virus
3 réponses
Salut.
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton "Scan for Vundo"
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer.
Clique sur le bouton "Scan for Vundo"
Lorsque le scan est complété, clique sur le bouton Remove Vundo.
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers.
Tu verras une invite qui t'annonce que ton PC va s'éteindre ("shutdown"); clique OK
Démarre ton PC à nouveau.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt
Merci beaucoup de ton aide!
Voilà le rapport de Vundo:
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 19:36:24 15/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\bcbeg.bak1
C:\WINDOWS\System32\bcbeg.bak2
C:\WINDOWS\System32\bcbeg.ini
C:\WINDOWS\System32\bcbeg.ini2
C:\WINDOWS\System32\bcbeg.tmp
C:\WINDOWS\system32\cchtfdky.dll
C:\WINDOWS\system32\csleescr.dll
C:\WINDOWS\system32\cwaireyv.dll
C:\WINDOWS\system32\fulvnyos.dll
C:\WINDOWS\System32\gebcb.dll
C:\WINDOWS\system32\jcfrtcyt.dll
C:\WINDOWS\system32\nbtgtich.dll
C:\WINDOWS\system32\nfkuajbd.dll
C:\WINDOWS\system32\qducbpsg.dll
C:\WINDOWS\system32\sktwreoi.dll
C:\WINDOWS\system32\xpcgnafy.dll
Beginning removal...
Attempting to delete C:\WINDOWS\System32\bcbeg.bak1
C:\WINDOWS\System32\bcbeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.bak2
C:\WINDOWS\System32\bcbeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.ini
C:\WINDOWS\System32\bcbeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.ini2
C:\WINDOWS\System32\bcbeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.tmp
C:\WINDOWS\System32\bcbeg.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\cchtfdky.dll
C:\WINDOWS\system32\cchtfdky.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\csleescr.dll
C:\WINDOWS\system32\csleescr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cwaireyv.dll
C:\WINDOWS\system32\cwaireyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fulvnyos.dll
C:\WINDOWS\system32\fulvnyos.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\gebcb.dll
C:\WINDOWS\System32\gebcb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jcfrtcyt.dll
C:\WINDOWS\system32\jcfrtcyt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nbtgtich.dll
C:\WINDOWS\system32\nbtgtich.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nfkuajbd.dll
C:\WINDOWS\system32\nfkuajbd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qducbpsg.dll
C:\WINDOWS\system32\qducbpsg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sktwreoi.dll
C:\WINDOWS\system32\sktwreoi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xpcgnafy.dll
C:\WINDOWS\system32\xpcgnafy.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 20:51:33 15/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\awvvv.dll
C:\WINDOWS\system32\claqrmlx.dll
C:\WINDOWS\System32\vvvwa.bak1
C:\WINDOWS\System32\vvvwa.ini
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awvvv.dll
C:\WINDOWS\System32\awvvv.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\claqrmlx.dll
C:\WINDOWS\system32\claqrmlx.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\vvvwa.bak1
C:\WINDOWS\System32\vvvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\vvvwa.ini
C:\WINDOWS\System32\vvvwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awvvv.dll
C:\WINDOWS\System32\awvvv.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\vvvwa.ini
C:\WINDOWS\System32\vvvwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 22:49:33 15/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\system32\mleiwnok.dll
C:\WINDOWS\System32\tstwa.bak1
C:\WINDOWS\System32\tstwa.ini
Beginning removal...
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 12:56:56 16/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\system32\mleiwnok.dll
C:\WINDOWS\System32\tstwa.bak1
C:\WINDOWS\System32\tstwa.ini
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\System32\awtst.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mleiwnok.dll
C:\WINDOWS\system32\mleiwnok.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\tstwa.bak1
C:\WINDOWS\System32\tstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\tstwa.ini
C:\WINDOWS\System32\tstwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
Voilà le rapport de Vundo:
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 19:36:24 15/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\bcbeg.bak1
C:\WINDOWS\System32\bcbeg.bak2
C:\WINDOWS\System32\bcbeg.ini
C:\WINDOWS\System32\bcbeg.ini2
C:\WINDOWS\System32\bcbeg.tmp
C:\WINDOWS\system32\cchtfdky.dll
C:\WINDOWS\system32\csleescr.dll
C:\WINDOWS\system32\cwaireyv.dll
C:\WINDOWS\system32\fulvnyos.dll
C:\WINDOWS\System32\gebcb.dll
C:\WINDOWS\system32\jcfrtcyt.dll
C:\WINDOWS\system32\nbtgtich.dll
C:\WINDOWS\system32\nfkuajbd.dll
C:\WINDOWS\system32\qducbpsg.dll
C:\WINDOWS\system32\sktwreoi.dll
C:\WINDOWS\system32\xpcgnafy.dll
Beginning removal...
Attempting to delete C:\WINDOWS\System32\bcbeg.bak1
C:\WINDOWS\System32\bcbeg.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.bak2
C:\WINDOWS\System32\bcbeg.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.ini
C:\WINDOWS\System32\bcbeg.ini Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.ini2
C:\WINDOWS\System32\bcbeg.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\System32\bcbeg.tmp
C:\WINDOWS\System32\bcbeg.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\cchtfdky.dll
C:\WINDOWS\system32\cchtfdky.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\csleescr.dll
C:\WINDOWS\system32\csleescr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\cwaireyv.dll
C:\WINDOWS\system32\cwaireyv.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\fulvnyos.dll
C:\WINDOWS\system32\fulvnyos.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\gebcb.dll
C:\WINDOWS\System32\gebcb.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\jcfrtcyt.dll
C:\WINDOWS\system32\jcfrtcyt.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nbtgtich.dll
C:\WINDOWS\system32\nbtgtich.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\nfkuajbd.dll
C:\WINDOWS\system32\nfkuajbd.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\qducbpsg.dll
C:\WINDOWS\system32\qducbpsg.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\sktwreoi.dll
C:\WINDOWS\system32\sktwreoi.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\xpcgnafy.dll
C:\WINDOWS\system32\xpcgnafy.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 20:51:33 15/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\awvvv.dll
C:\WINDOWS\system32\claqrmlx.dll
C:\WINDOWS\System32\vvvwa.bak1
C:\WINDOWS\System32\vvvwa.ini
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awvvv.dll
C:\WINDOWS\System32\awvvv.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\claqrmlx.dll
C:\WINDOWS\system32\claqrmlx.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\vvvwa.bak1
C:\WINDOWS\System32\vvvwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\vvvwa.ini
C:\WINDOWS\System32\vvvwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awvvv.dll
C:\WINDOWS\System32\awvvv.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\vvvwa.ini
C:\WINDOWS\System32\vvvwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 22:49:33 15/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\system32\mleiwnok.dll
C:\WINDOWS\System32\tstwa.bak1
C:\WINDOWS\System32\tstwa.ini
Beginning removal...
VundoFix V6.3.19
Checking Java version...
Java version is 1.5.0.11
Scan started at 12:56:56 16/04/2007
Listing files found while scanning....
C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\system32\mleiwnok.dll
C:\WINDOWS\System32\tstwa.bak1
C:\WINDOWS\System32\tstwa.ini
Beginning removal...
Attempting to delete C:\WINDOWS\System32\awtst.dll
C:\WINDOWS\System32\awtst.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\mleiwnok.dll
C:\WINDOWS\system32\mleiwnok.dll Has been deleted!
Attempting to delete C:\WINDOWS\System32\tstwa.bak1
C:\WINDOWS\System32\tstwa.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\System32\tstwa.ini
C:\WINDOWS\System32\tstwa.ini Has been deleted!
Performing Repairs to the registry.
Done!
Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.bat
Laisses-toi guider. Au menu principal, choisis 1 et valides.
Patientes jusqu'au message :
"Analyse Termine le ..... "
Appuies sur une touche comme demandé, le bloc-notes va s'ouvrir.
Copies-colles l'intégralité içi. Refermes le bloc-notes.
Repostes un log hijackthis ensuite
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.bat
Laisses-toi guider. Au menu principal, choisis 1 et valides.
Patientes jusqu'au message :
"Analyse Termine le ..... "
Appuies sur une touche comme demandé, le bloc-notes va s'ouvrir.
Copies-colles l'intégralité içi. Refermes le bloc-notes.
Repostes un log hijackthis ensuite
