Probleme virus msn

sandnoz -  
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
voila hier j ai recu un lien photo par une amie en discussion sur messenger j ai cliqué dessus et depuis il s envoi a tt mon carnet d adresse impossible de communiquer avc kk1 mes fenetres de discussions s ouvrent et se referme aussi tot. de plus il semplerait changer de nom. KK 1 pourrait il m aider je ne sais pas comment faire pour l enlever? j ai deja fait plusieur scan minutieux avc avast et nettoyage avc tune up utilities rien a faire il reviens. merci de m aider.
Configuration: Windows Vista
Internet Explorer 7.0

9 réponses

  2. sandnoz
     
    merci mais je suis pas du tout callé en informatique alors je fais quoi apres? ca va ma l enlever tt seul?
    cette apres M g telecharger clean virus msn et il a rien trouvé mais g tjs des fenetres qui se s ouvrent et se ferment ttes seules!
    0
  3. sandnoz
     
    voila le rapport si vs pouvez m aider merci d avance
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:12:59, on 02/12/2008
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Windows\Ctregrun.exe
    C:\Program Files\Creative\Enregistrement du produit\French\InetReg.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
    C:\Program Files\Orange\Systray\SystrayApp.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\fxstaller.exe
    C:\Program Files\Orange\Launcher\Launcher.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    C:\Program Files\TomTom HOME 2\HOMERunner.exe
    C:\Program Files\Creative\Shared Files\CamTray.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Users\sandrine\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    C:\Users\sandrine\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\ehome\ehmsas.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
    C:\Program Files\Orange\Deskboard\deskboard.exe
    C:\Program Files\Orange\connectivity\connectivitymanager.exe
    C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
    C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
    C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\Program Files\MSN\Toolbar\3.0.0621.0\msntask.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\Users\sandrine\AppData\Local\Temp\Rar$EX06.739\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [V0260Cfg.exe] V0260Cfg.exe /d:2
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
    O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
    O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_S8D8F.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
    O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
    O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Startup: Outil de notification Live Search.lnk = sandrine\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O15 - Trusted Zone: https://www.orange.fr/portail
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
    O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
    O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    0
  4. token
     
    C:\Windows\fxstaller.exe - programme malveillant. ( http://www.siteadvisor.cn/sites/82.213.5.228 )

    Faire la même manipulation que l'autre sujet ; Télécharge MBAM
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    0
    1. sandnoz
       
      merci bcp je vais essayé ca tt a l heure je vous dirais si ca a bien marché encore merci bonne soirée
      0
    2. sandnoz
       
      bonjour voila j ai un scan avc malware il m a trouvé 98 elements infectieux. voici le rapport j ai tout supprimé mais je ne sais pas si c est bien parti dois je refaire un hijackthis? encore merci pour votre aide

      Malwarebytes' Anti-Malware 1.30
      Version de la base de données: 1454
      Windows 6.0.6001 Service Pack 1

      03/12/2008 13:32:41
      mbam-log-2008-12-03 (13-32-40).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 183625
      Temps écoulé: 1 hour(s), 27 minute(s), 18 second(s)

      Processus mémoire infecté(s): 1
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 16
      Valeur(s) du Registre infectée(s): 3
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 11
      Fichier(s) infecté(s): 67

      Processus mémoire infecté(s):
      C:\Windows\fxstaller.exe (Backdoor.Bot) -> Unloaded process successfully.

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgaloregames (Adware.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\TypeLib\{94a1cc24-f9d8-4f24-ba35-19084dce257f} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{35cd119c-b6c1-46f7-8403-53e8337320ec} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\Interface\{6f662691-d05b-458e-b223-27dc1ad46dfc} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_CLASSES_ROOT\CLSID\{197a8585-9fb4-4cf3-90ca-03892e68c7eb} (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
      HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\VolumeControl.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\MessengerSkinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\download (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\resources (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\skins (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\updates (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\Users\MIKE\Local Settings\Application Data\mugqyce_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Local Settings\Application Data\mugqyce_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Local Settings\Application Data\mugqyce.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Local Settings\Application Data\mugqyce.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Local Settings\Application Data\uhdmspz_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Local Settings\Application Data\uhdmspz_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Local Settings\Application Data\uhdmspz.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\sandrine\Local Settings\Application Data\ileadebd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\sandrine\Local Settings\Application Data\ileadebd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\sandrine\Local Settings\Application Data\ileadebd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\sandrine\Local Settings\Application Data\ycqoy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\sandrine\Local Settings\Application Data\ycqoy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Users\sandrine\Local Settings\Application Data\ycqoy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
      C:\Windows\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Users\MIKE\AppData\Local\Temp\Temp1_virtual dj pro crack.zip\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Documents\virtual dj pro crack\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Music\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Users\MIKE\Music\virtual dj pro crack\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Users\sandrine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74J3WE3W\viewimage[1].com (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\Users\sandrine\AppData\Local\Temp\IXP000.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\Users\sandrine\AppData\Local\Temp\IXP001.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\Users\sandrine\AppData\Local\Temp\IXP002.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\Users\sandrine\AppData\Local\Temp\IXP003.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
      C:\$Recycle.Bin\S-1-5-21-4121803266-1278076463-1583653822-1001\$RPHEAK9\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\uninst.exe (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\download\defaultPack.cab (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\appconfig.xml (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btn.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnOver.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\MessengerSkinner\resources\languages_v2.xml (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\sqlite3.dll (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\uninst.exe (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\resources\webmedias (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\WebMediaPlayer\skins\classic.skn (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
      C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk (Adware.Agent) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
      C:\Windows\System32\VolumeControl.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
      C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
      C:\Users\Public\Desktop\WebMediaPlayer.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer (Rogue.WebMediaPlayer) -> Delete on reboot.
      0

  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  7. kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
     
    Salut

    Clique sur ce lien :
    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
    Clique sur navilog1.exe pour télécharger navilog1
    Choisis Enregistrer

    et enregistre-le sur ton bureau.

    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, le fix s'exécutera automatiquement.
    (Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

    Laisse-toi guider. Au menu principal, choisis 1 et valide.
    (ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

    Patiente jusqu'au message :
    *** Analyse Terminée le ..... ***
    Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
    Copie-colle l'intégralité dans une réponse. Referme le bloc note.
    Le rapport est en outre sauvegardé à la racine du disque (C:\fixnavi.txt)
    poste le rapport obtenu
    0
    1. sandnoz
       
      salut!
      g telecharger navilog avc succes mais qd je double clic dessus ca me dit getspaths.exe a cessé de fonctionner windows cherche une solution au probleme. ensuite ds navilog acces refusé fichier introuvable finalement windows defender me demande l autorisation pour effectuer une demande utilitaire de maintenance de volume NTFS. C EST NORMAL?dois je autoriser? merci
      0
  8. kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
     
    Désactive le « contrôle des comptes utilisateurs = UAC »
    (tu le réactiveras après ta désinfection): Ne pas oublier !!
    Désactiver l'UAC est nécessaire pour pouvoir faire fonctionner certains programmes sous Vista.
    - Vas dans Démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    et réessaye
    0
    1. sandnoz
       
      salut ca ne marche pas! je fais langue francais entré la se me remet getspaths.exe a cessé de fonctionné;.... je continue fais autorisé et apres ca se referme tout seul et rien
      0
  9. kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
     
    Télécharge combofix (par sUBs) à partir d'un de ces liens :
    ou ici

    A lire

    -> Double clique sur combofix.exe.
    -> Tape sur la touche 1 (Yes) pour démarrer le scan.
    -> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

    NOTE : Le rapport se trouve également ici : C:\Combofix.txt

    Avant d'utiliser ComboFix :

    -> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    -> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    -> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    -> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
    0
    1. sandnoz
       
      desolé ca marche pas non plus ca me dit erreur vous ne pouvez nommé combofix1 veuillez choisir un autre nom je clic ok et ca s en va et rien!!ET G MON GESTIONNAIRE INTERNET QUI S OUVRE A CHAQUE FOIS PAR DESSUS
      0
    2. sandnoz
       
      je fais quoi alors?
      0
  10. kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
     
    tuto pour le renommé : http://forum.pcastuces.com/combofix___renommer_au_telecharge­ment-f31s22.htm et réessaye A+
    0

Discussions similaires

symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Chrome://newtab
Nova -
snoopy35_ -

14 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses