Navilog1, besoin d'aide svp.
Laura
-
Laura -
Laura -
Bonjour,
Tout d'abord je suis désolée de créer un topic de + sur ce sujet. Je suis nouvelle, et je voudrais que quelqu'un m'aide pour utilser Navilog1. En effet, mon pc est infecté, j'ai pleins de fenêtres publicitaires qui s'affichent alors que les pop ups sont normalement bloqués & mon ordi est + lent que d'habitude. Je vous remercie d'avance.
Tout d'abord je suis désolée de créer un topic de + sur ce sujet. Je suis nouvelle, et je voudrais que quelqu'un m'aide pour utilser Navilog1. En effet, mon pc est infecté, j'ai pleins de fenêtres publicitaires qui s'affichent alors que les pop ups sont normalement bloqués & mon ordi est + lent que d'habitude. Je vous remercie d'avance.
59 réponses
Oui ok. Maintenant 59... :/ Si on supprime la selection, on supprime juste les virus, pas les fichiers infectés ??
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
le mode sans echec pourquoi, parce que
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
comme bcp je l ai effectue en mode sans echec et il m a trouve quelquechose, a priori il repere mieux en mode sans echec
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
comme bcp je l ai effectue en mode sans echec et il m a trouve quelquechose, a priori il repere mieux en mode sans echec
A ok je comprends mieux. Quand je supprimais des virus avec Avast, quand je redémarrais l'ordi, il me disait comme quoi il manquait un tel fichier .dll, or j'essayais d'en télécharger un sur le net, mais il était introuvable. C'était Checkwin.dll..
écoute j ai pas envie de polymiquer la dessus sache seulement que je ne suis pas le seul a proceder ainsi
de plus pour pas poluer le topic tu peux mettre un message au bureau a ce sujet et demendé l avis d autres menbres
du forum virus/securité je pense que la question serait interressante
de plus pour pas poluer le topic tu peux mettre un message au bureau a ce sujet et demendé l avis d autres menbres
du forum virus/securité je pense que la question serait interressante
Malwarebytes' Anti-Malware 1.20
Version de la base de données: 941
Windows 6.0.6001 Service Pack 1
22:37:31 11/07/2008
mbam-log-7-11-2008 (22-37-31).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 141543
Temps écoulé: 38 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 50
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Users\Laura\AppData\Local\Temp\xxyvTNef.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\fccdcBUM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\iifdaaWq.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cc9d105-c1bc-4058-a156-e53973a37d6d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0cc9d105-c1bc-4058-a156-e53973a37d6d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{684bfe7f-f5b2-4ab3-a95e-eb5036a2d286} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{07ac06e9-59c5-448b-9e04-918ad5dd7881} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2368247e-da36-4135-86c3-9abff639e38f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{485216e7-40ff-4c92-a879-01bf2596e075} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8809a72b-becf-4299-9f65-41cbd28240fa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b587702b-7c1d-4f85-b528-37471bfb1440} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bwbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{684bfe7f-f5b2-4ab3-a95e-eb5036a2d286} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DelayLoad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\users\laura\appdata\local\temp\xxyvtnef -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\users\laura\appdata\local\temp\xxyvtnef -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Laura\AppData\Local\Temp\xxyvTNef.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Laura\AppData\Local\Temp\feNTvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\feNTvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fccdcBUM.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\iifdaaWq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A61G10M2\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXLUJK5C\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\awtqrpqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\cbXOGXPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\efcDVnMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\fccaARLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\fccaBUKd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\hgGvSiJD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\hgGyxXnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\iifgGwTk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\iyqlyfks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\jkgeqrdv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\jkkKcDVP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\jsoewkbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\nnnOHYpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\opnnkhGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\pmnljJCt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\pmnmlmnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\qoMdAQgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\rqRKCurs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000b759 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000d37c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000dd8e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000e232 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000e520 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000e5ac (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000efce (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000f0d8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000fa00 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp000105b8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00012dc2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00015dda (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00016f10 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0002b25e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00033857 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0003be50 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0060a48a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tuvWpPJD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\vtUmJCUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\wvUljGXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\wvUmkiIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\yrjubatf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\egxk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnnopMe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\fsrpknov.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Version de la base de données: 941
Windows 6.0.6001 Service Pack 1
22:37:31 11/07/2008
mbam-log-7-11-2008 (22-37-31).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 141543
Temps écoulé: 38 minute(s), 27 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 3
Clé(s) du Registre infectée(s): 10
Valeur(s) du Registre infectée(s): 7
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 50
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
C:\Users\Laura\AppData\Local\Temp\xxyvTNef.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\fccdcBUM.dll (Trojan.Vundo) -> Unloaded module successfully.
C:\Windows\System32\iifdaaWq.dll (Trojan.Vundo) -> Unloaded module successfully.
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0cc9d105-c1bc-4058-a156-e53973a37d6d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{0cc9d105-c1bc-4058-a156-e53973a37d6d} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{684bfe7f-f5b2-4ab3-a95e-eb5036a2d286} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{07ac06e9-59c5-448b-9e04-918ad5dd7881} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{2368247e-da36-4135-86c3-9abff639e38f} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{485216e7-40ff-4c92-a879-01bf2596e075} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8809a72b-becf-4299-9f65-41cbd28240fa} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b587702b-7c1d-4f85-b528-37471bfb1440} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bwbf (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cmds (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{684bfe7f-f5b2-4ab3-a95e-eb5036a2d286} (Trojan.Vundo) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msserver (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DelayLoad (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSServer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\users\laura\appdata\local\temp\xxyvtnef -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\users\laura\appdata\local\temp\xxyvtnef -> Quarantined and deleted successfully.
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\Users\Laura\AppData\Local\Temp\xxyvTNef.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Laura\AppData\Local\Temp\feNTvyxx.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\feNTvyxx.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\fccdcBUM.dll (Trojan.Vundo) -> Delete on reboot.
C:\Windows\System32\iifdaaWq.dll (Trojan.Vundo) -> Delete on reboot.
C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A61G10M2\kb456456[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GXLUJK5C\kb767887[1] (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\awtqrpqo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\cbXOGXPJ.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\efcDVnMF.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\fccaARLB.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\fccaBUKd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\hgGvSiJD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\hgGyxXnO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\iifgGwTk.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\iyqlyfks.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\jkgeqrdv.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\jkkKcDVP.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\jsoewkbd.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\nnnOHYpo.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\opnnkhGA.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\pmnljJCt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\pmnmlmnn.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\qoMdAQgf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\rqRKCurs.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000b759 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000d37c (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000dd8e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000e232 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000e520 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000e5ac (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000efce (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000f0d8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0000fa00 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp000105b8 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00012dc2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00015dda (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00016f10 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0002b25e (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp00033857 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0003be50 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tmp0060a48a (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\tuvWpPJD.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\vtUmJCUK.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\wvUljGXO.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\wvUmkiIC.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Users\Laura\AppData\Local\Temp\yrjubatf.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\egxk.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\System32\pmnnopMe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\fsrpknov.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
redémarre le pc si ça n a pas été fait
ensuite réouvre malewarebyte
va sur quarantaine
supprime tout
ensuite refais un scan hijackthis (do a system scan and save a logfile) et post le rapport stp
ensuite réouvre malewarebyte
va sur quarantaine
supprime tout
ensuite refais un scan hijackthis (do a system scan and save a logfile) et post le rapport stp
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:37, on 11/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D45856E4-DDFD-44D2-882B-036567B4C6E7} - (no file)
O3 - Toolbar: (no name) - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
Scan saved at 22:49:37, on 11/07/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Orange HSS\Systray\SystrayApp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Orange HSS\Launcher\Launcher.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Orange HSS\Deskboard\deskboard.exe
C:\Program Files\Orange HSS\connectivity\connectivitymanager.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange HSS\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.asus.com/fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange HSS\SearchURLHook\SearchPageURL.dll
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {D45856E4-DDFD-44D2-882B-036567B4C6E7} - (no file)
O3 - Toolbar: (no name) - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange HSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange HSS\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [BigDogPath] C:\Windows\VM_STI.EXE Vimicro USB PC Camera (VC0305)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
ferme hijackthis
fais un clic droit sur hijackthis
choisi executer en tant qu administrateur
fait scan only
coches ces lignes :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D45856E4-DDFD-44D2-882B-036567B4C6E7} - (no file)
O3 - Toolbar: (no name) - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - (no file)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
tu les coches et tu clic sur fix checked
ensuite si c est la version gratuite, désinstal adobe reader acrobar car pas a jours et telecharge et instal cette version :
https://get2.adobe.com/reader/otherversions/
a lire : http://forum.malekal.com/ftopic3452.php
ensuite :
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59
Pour désinstaller Avast telecharge cet outil
https://www.avast.com/fr-fr/uninstall-utility
ensuite
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite :
Télecharge et instal AVG anti spyware:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
instal le et met le a jours
ensuite lance le scan et supprime
puis poste le rapport sur le forum stp
ensuite :
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
fais un clic droit sur hijackthis
choisi executer en tant qu administrateur
fait scan only
coches ces lignes :
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D45856E4-DDFD-44D2-882B-036567B4C6E7} - (no file)
O3 - Toolbar: (no name) - {9437C997-89E6-4B84-A745-BEFD3A910FF5} - (no file)
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/win/ActiveXPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
tu les coches et tu clic sur fix checked
ensuite si c est la version gratuite, désinstal adobe reader acrobar car pas a jours et telecharge et instal cette version :
https://get2.adobe.com/reader/otherversions/
a lire : http://forum.malekal.com/ftopic3452.php
ensuite :
regarde ceci concernant avast :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
tuto : http://www.swl1f.net/viewtopic.php?f=14&t=59
Pour désinstaller Avast telecharge cet outil
https://www.avast.com/fr-fr/uninstall-utility
ensuite
-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-> L´installer.
-> Une fois installé et lancé :
Dans la colonne de gauche, click sur :
->"registre" :
Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.
->"nettoyeur"
quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.
-> Tutoriel en image :
https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
ensuite :
Télecharge et instal AVG anti spyware:
http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware
instal le et met le a jours
ensuite lance le scan et supprime
puis poste le rapport sur le forum stp
ensuite :
* pour supprimer les outils/fix utilisés :
Télécharge ToolsCleaner sur ton bureau.
-->
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
Quand je fais fix checked ca me met " Hijackthis is about to remove a BHO and the corresponding file from your system (..)" je fais ok ?
