Besoin d'aide contre win32:Vundo@dll
Fermé
Lucie
-
28 mai 2008 à 14:03
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 28 mai 2008 à 16:16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 28 mai 2008 à 16:16
A voir également:
- Besoin d'aide contre win32:Vundo@dll
- Win32:malware-gen ✓ - Forum Virus
- Trojan win32 - Forum Virus
- Win32 pup gen ✓ - Forum Linux / Unix
- Télécharger win32 valide pour windows 7 gratuit - Forum Windows
- Virtool win32/defendertamperingrestore ✓ - Forum Antivirus
5 réponses
scorpionfred
Messages postés
328
Date d'inscription
mercredi 21 mai 2008
Statut
Membre
Dernière intervention
3 novembre 2008
42
28 mai 2008 à 14:05
28 mai 2008 à 14:05
Tu as une très bonne explication ici.
http://www.commentcamarche.net/forum/affich 6530482 aide svp infecte par win32 vundo dll trj
http://www.commentcamarche.net/forum/affich 6530482 aide svp infecte par win32 vundo dll trj
zorinho
Messages postés
821
Date d'inscription
mercredi 28 novembre 2007
Statut
Membre
Dernière intervention
29 novembre 2020
51
28 mai 2008 à 14:09
28 mai 2008 à 14:09
Salut,
peux-tu faire un scan avec un de ces logiciels???
Tu appliques en mode sans échec.
A bientôt
Zor
https://www.malekal.com/tutoriel-et-guide-superantispyware/
ou
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
peux-tu faire un scan avec un de ces logiciels???
Tu appliques en mode sans échec.
A bientôt
Zor
https://www.malekal.com/tutoriel-et-guide-superantispyware/
ou
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
bon j'avais commencé le scan en mode normal alors voici déja le premier rapport :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 170908
Temps écoulé: 46 minute(s), 26 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 41
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Users\Lucie\AppData\Local\Temp\fccbYrss.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\iifeeBTN.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Lucie\AppData\Local\Temp\fccbYrss.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\iifeeBTN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CA18YLZD (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CA48S7L2 (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CAC21QUR (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CAHZCKFV (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[10] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[11] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4CABPNNIA (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4CAMRK6S8 (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAEVTU9V (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAF65VDI (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAM160VP (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[10] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[11] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CA2IBMOW (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CA7Z1VL5 (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CACVW96I (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CAIXWCGX (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CAUYHB9U (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\eFWMCRlK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\jkkJcBsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\khfCsrqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\khfCvVpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp00018a73 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp00018b2e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp00019f89 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp0001abb9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\xxyyaARi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
je vais redémarrer en mode sans échec et je renvoie le rapport tout de suite après !
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 170908
Temps écoulé: 46 minute(s), 26 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 41
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Users\Lucie\AppData\Local\Temp\fccbYrss.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\iifeeBTN.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{0cf5d165-517e-48b6-b3c7-3054a24f8bf6} (Trojan.Vundo) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Vundo) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Lucie\AppData\Local\Temp\fccbYrss.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\iifeeBTN.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CA18YLZD (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CA48S7L2 (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CAC21QUR (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4CAHZCKFV (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[10] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[11] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\998N05A4\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4CABPNNIA (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4CAMRK6S8 (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FVKY9864\css4[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAEVTU9V (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAF65VDI (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4CAM160VP (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[10] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[11] (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O4YRDYOO\css4[4] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CA2IBMOW (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CA7Z1VL5 (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CACVW96I (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CAIXWCGX (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4CAUYHB9U (Trojan.Vundo) -> Delete on reboot.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[2] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T1D8RJX5\css4[3] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\eFWMCRlK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\jkkJcBsp.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\khfCsrqq.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\khfCvVpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp00018a73 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp00018b2e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp00019f89 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\tmp0001abb9 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Lucie\AppData\Local\Temp\xxyyaARi.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
je vais redémarrer en mode sans échec et je renvoie le rapport tout de suite après !
en mode sans echec il a retrouvé un seul fichier infecté :
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 167594
Temps écoulé: 27 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
que dois je faire maintenant ?
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 167594
Temps écoulé: 27 minute(s), 35 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
que dois je faire maintenant ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
28 mai 2008 à 16:16
28 mai 2008 à 16:16
slt,
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !
Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic
Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
________________
colle un rapport hijackthis
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.
ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste
Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."