Désinstaller les CiD:
nirvan
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
Bonjour,
je voudrais désinstaller ces fameuses fenêtres j'ai qu'il fallait faire un rapport avec hijackthis donc je l'ai fait et voila ce que ça donne:
Logfile of HijackThis v1.99.1
Scan saved at 20:06:15, on 16/01/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Public\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bolivia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\Users\Pablo\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [USERELSE] "C:\ProgramData\WARN BIRD BIRD.j24isx"
O4 - HKCU\..\Run: [find trust seek mail] "C:\ProgramData\tray pure size.m4fmhp"
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Que dois-je faire ensuite?
Merci d'avance
je voudrais désinstaller ces fameuses fenêtres j'ai qu'il fallait faire un rapport avec hijackthis donc je l'ai fait et voila ce que ça donne:
Logfile of HijackThis v1.99.1
Scan saved at 20:06:15, on 16/01/2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\RALINK\Common\RaUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Public\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.bolivia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Monitor] C:\Windows\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\RunOnce: [MessengerPlusLiveUninstall] "C:\Users\Pablo\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [USERELSE] "C:\ProgramData\WARN BIRD BIRD.j24isx"
O4 - HKCU\..\Run: [find trust seek mail] "C:\ProgramData\tray pure size.m4fmhp"
O4 - Startup: Juice.lnk = C:\Program Files\Juice\Juice.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Que dois-je faire ensuite?
Merci d'avance
A voir également:
- Désinstaller les CiD:
- Desinstaller application windows - Guide
- Désinstaller mcafee - Guide
- Désinstaller onedrive - Guide
- Desinstaller edge - Guide
- Désinstaller avast - Télécharger - Antivirus & Antimalwares
12 réponses
Salut
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Télécharger ComboFix (par sUBs) sur le Bureau : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
* Démarrer en mode sans echec
* Double cliquer combofix.exe.
* Appuyer sur la touche Y (Yes) pour démarrer le scan
* Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
salut nirvan, ne t'inquiete pas pour mon intrusion, c'est pour ma formation ;o)
GreenDay.. ;-)
juste pour suivre.....( vista ).. ha ha..
GreenDay.. ;-)
juste pour suivre.....( vista ).. ha ha..
ben je comprends pas, j'ai télécharge et lancé Combofix en mode sans échec et j'ai bien cru apercevoir le rapport mais combofix a redemmarre mon ordi et donc pas moyen de copier le rapport :(
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici ce que j'ai réussi a recopier, je na sai pas si j'ai tout eu...:
Recherche de fichiers infectieux . . .
Ceci ne prend pas g‚n‚ralement plus de 10 minutes
Les temps d'analyse de machines s‚vŠrement infect‚es peut facilement doubler
grep: runs.dat: No such file or directory
grep: runs.dat: No such file or directory
grep: runs.dat: No such file or directory
SED: can't read runs.dat: No such file or directory
grep: runs.dat: No such file or directory
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
File: "c:\users\default user\ntuser.dat" does not exist"
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
ComboFix a modifi‚ le r‚glage de votre horloge.
Ne la remettez pas … l'heure. Elle sera restaur‚e plus tard
Termin‚e Etape_1
Termin‚e Etape_2
Termin‚e Etape_3
Deleting Files/Folders:
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
"C:\Windows\SW_Win2000X48.DLL"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\Conditions génér
ales.lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\Confidentialité.
lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\WebMediaPlayer.l
nk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\Website.lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Conditions généra
les.lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Confidentialité.l
nk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\WebMediaPlayer.ln
k"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Website.lnk"
"C:\Windows\system32\nvs2.inf"
"C:\Windows\pack.epk"
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Red‚marrage de Windows . . . Merci de patienter
Merci de permettre … ComboFix de red‚marrer votre machine.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Recherche de fichiers infectieux . . .
Ceci ne prend pas g‚n‚ralement plus de 10 minutes
Les temps d'analyse de machines s‚vŠrement infect‚es peut facilement doubler
grep: runs.dat: No such file or directory
grep: runs.dat: No such file or directory
grep: runs.dat: No such file or directory
SED: can't read runs.dat: No such file or directory
grep: runs.dat: No such file or directory
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
File: "c:\users\default user\ntuser.dat" does not exist"
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
ComboFix a modifi‚ le r‚glage de votre horloge.
Ne la remettez pas … l'heure. Elle sera restaur‚e plus tard
Termin‚e Etape_1
Termin‚e Etape_2
Termin‚e Etape_3
Deleting Files/Folders:
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
"C:\Windows\SW_Win2000X48.DLL"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\Conditions génér
ales.lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\Confidentialité.
lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\WebMediaPlayer.l
nk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs.\WebMediaPlayer\Website.lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Conditions généra
les.lnk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Confidentialité.l
nk"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\WebMediaPlayer.ln
k"
"C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\WebMediaPlayer\Website.lnk"
"C:\Windows\system32\nvs2.inf"
"C:\Windows\pack.epk"
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Red‚marrage de Windows . . . Merci de patienter
Merci de permettre … ComboFix de red‚marrer votre machine.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Access Denied. Administrator permissions are needed to use the selected options.
Use an administrator command prompt to complete these tasks.
Salut
fais ceci dans l'ordre stp :
# Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
# Aller dans démarrer puis panneau de configuration
# Double Cliquer sur l'icône "Comptes d'utilisateurs"
# Cliquer ensuite sur désactiver et valider.
# Démarrer en mode sans echec
# Faire un clic-droit sur combofix présent sur le bureau et choisir Exécuter en tant qu'administrateur
#Double cliquer combofix.exe.
#Appuyer sur la touche Y (Yes) pour démarrer le scan
#Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
fais ceci dans l'ordre stp :
# Désactiver le contrôle des comptes utilisateurs (le réactiver à la fin de la désinfection) :
# Aller dans démarrer puis panneau de configuration
# Double Cliquer sur l'icône "Comptes d'utilisateurs"
# Cliquer ensuite sur désactiver et valider.
# Démarrer en mode sans echec
# Faire un clic-droit sur combofix présent sur le bureau et choisir Exécuter en tant qu'administrateur
#Double cliquer combofix.exe.
#Appuyer sur la touche Y (Yes) pour démarrer le scan
#Le rapport sera crée dans: C:\Combofix.txt, poste le stp
++
Bonjour, j'ai installé un logiciel Bitdownload et j'ai vu que c'est ce logiciels qui m'avait infecter. iL OUVRE DES FENETRES CiD et on m'a dit qu'il fallait désinstaller CiD Help mais quand je vais dans ajout/supression des programes et que je clique sur supprimer, rien ne se passe, bref je n'arrive pas a le supprimer. Pourriez vous m'aider??
Merci
Merci
Salut
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
J'ai égalemet des fenêtres intempestives Cid qui s'ouvrent régulièrement lorsque je consulte des sites internet. Je ne sais pas comment le retirer d'autant plus que j'ai été voir dans les suppressions de programmes et j'ai l'impression qu'il ne figure nul part. Quid.
Merci de m'indiquer la marche à suivre.
Merci de m'indiquer la marche à suivre.
