Sujet Précédent Sujet Suivant

Probleme virus msn

sandnoz -  
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   -
Bonjour,
voila hier j ai recu un lien photo par une amie en discussion sur messenger j ai cliqué dessus et depuis il s envoi a tt mon carnet d adresse impossible de communiquer avc kk1 mes fenetres de discussions s ouvrent et se referme aussi tot. de plus il semplerait changer de nom. KK 1 pourrait il m aider je ne sais pas comment faire pour l enlever? j ai deja fait plusieur scan minutieux avc avast et nettoyage avc tune up utilities rien a faire il reviens. merci de m aider.
A voir également:

9 réponses

Réponse 1 / 9
opus
 
bonjour
fais ceci: https://forums.cnetfrance.fr

Sujet similaire: http://www.commentcamarche.net/forum/affich 9712272 virus attrape sur msn
0
Réponse 2 / 9
sandnoz
 
merci mais je suis pas du tout callé en informatique alors je fais quoi apres? ca va ma l enlever tt seul?
cette apres M g telecharger clean virus msn et il a rien trouvé mais g tjs des fenetres qui se s ouvrent et se ferment ttes seules!
0
Réponse 3 / 9
sandnoz
 
voila le rapport si vs pouvez m aider merci d avance
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:59, on 02/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\Ctregrun.exe
C:\Program Files\Creative\Enregistrement du produit\French\InetReg.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
C:\Program Files\Orange\Systray\SystrayApp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\fxstaller.exe
C:\Program Files\Orange\Launcher\Launcher.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Creative\Shared Files\CamTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\sandrine\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\sandrine\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\AlertModule\0\AlertModule.exe
C:\Program Files\Orange\Deskboard\deskboard.exe
C:\Program Files\Orange\connectivity\connectivitymanager.exe
C:\Program Files\Orange\connectivity\CoreCom\CoreCom.exe
C:\Program Files\Orange\connectivity\CoreCom\OraConfigRecover.exe
C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTCOMModule\0\FTCOMModule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\MSN\Toolbar\3.0.0621.0\msntask.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\sandrine\AppData\Local\Temp\Rar$EX06.739\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60076
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\Orange\SearchURLHook\SearchPageURL.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: GamesBar - {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - C:\Program Files\GamesBar\oberontb.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.0621.0\msneshellx.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [V0260Cfg.exe] V0260Cfg.exe /d:2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\Orange\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [ORAHSSSessionManager] C:\Program Files\Orange\SessionManager\SessionManager.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\Windows\TEMP\E_S8D8F.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Outil de notification Live Search.lnk = sandrine\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: https://www.orange.fr/portail
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldfr-fr.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://copainsdavant.linternaute.com/...
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/5.0.15.0/ImageUploader5.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {BD8667B7-38D8-4C77-B580-18C3E146372C} (Creative Toolbox Plug-in) - http://kiw.imgag.com/imgag/cp/install/crusher-kiwen.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\COMMON~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 4 / 9
token
 
C:\Windows\fxstaller.exe - programme malveillant. ( http://www.siteadvisor.cn/sites/82.213.5.228 )

Faire la même manipulation que l'autre sujet ; Télécharge MBAM
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
0
sandnoz
 
merci bcp je vais essayé ca tt a l heure je vous dirais si ca a bien marché encore merci bonne soirée
0
sandnoz
 
bonjour voila j ai un scan avc malware il m a trouvé 98 elements infectieux. voici le rapport j ai tout supprimé mais je ne sais pas si c est bien parti dois je refaire un hijackthis? encore merci pour votre aide

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1454
Windows 6.0.6001 Service Pack 1

03/12/2008 13:32:41
mbam-log-2008-12-03 (13-32-40).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 183625
Temps écoulé: 1 hour(s), 27 minute(s), 18 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 16
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 11
Fichier(s) infecté(s): 67

Processus mémoire infecté(s):
C:\Windows\fxstaller.exe (Backdoor.Bot) -> Unloaded process successfully.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\oberontb.band (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\oberontb.band.1 (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0d39a900-0f3a-4c29-a254-3e65244fdc34} (Adware.PlayaZ) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adzgaloregames (Adware.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{94a1cc24-f9d8-4f24-ba35-19084dce257f} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{35cd119c-b6c1-46f7-8403-53e8337320ec} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6f662691-d05b-458e-b223-27dc1ad46dfc} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{197a8585-9fb4-4cf3-90ca-03892e68c7eb} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\UpMedia (Adware.SmartShopper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RelatedPageInstall (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Windows\System32\VolumeControl.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows UDP Control Center (Backdoor.Bot) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\MessengerSkinner (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\Users\MIKE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Users\MIKE\Local Settings\Application Data\mugqyce_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\MIKE\Local Settings\Application Data\mugqyce_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\MIKE\Local Settings\Application Data\mugqyce.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\MIKE\Local Settings\Application Data\mugqyce.exe (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\MIKE\Local Settings\Application Data\uhdmspz_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\MIKE\Local Settings\Application Data\uhdmspz_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\MIKE\Local Settings\Application Data\uhdmspz.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sandrine\Local Settings\Application Data\ileadebd_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sandrine\Local Settings\Application Data\ileadebd_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sandrine\Local Settings\Application Data\ileadebd.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sandrine\Local Settings\Application Data\ycqoy_navps.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sandrine\Local Settings\Application Data\ycqoy_nav.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Users\sandrine\Local Settings\Application Data\ycqoy.dat (Adware.Navipromo.H) -> Quarantined and deleted successfully.
C:\Windows\fxstaller.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\GamesBar\oberontb.dll (Adware.Gamesbar) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\MessengerSkinnerDll.dll (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Users\MIKE\AppData\Local\Temp\Temp1_virtual dj pro crack.zip\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\MIKE\Documents\virtual dj pro crack\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\MIKE\Music\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\MIKE\Music\virtual dj pro crack\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\sandrine\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\74J3WE3W\viewimage[1].com (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\sandrine\AppData\Local\Temp\IXP000.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\sandrine\AppData\Local\Temp\IXP001.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\sandrine\AppData\Local\Temp\IXP002.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\sandrine\AppData\Local\Temp\IXP003.TMP\burimi.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-4121803266-1278076463-1583653822-1001\$RPHEAK9\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\uninst.exe (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download\defaultPack.cab (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\appconfig.xml (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btn.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\languages_v2.xml (Rogue.MessengerSkinner) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\uninst.exe (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.exe (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages_v2.xml (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\wmp_translation_file.xml (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Rogue.WebMediaPlayer) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\Lines.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Adzgalore Games Collection\VideoPool.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Bob and Bill adventures - Wild Hunting.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Crazy Blocks.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Lines.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\The Battles Of Helicopters.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adzgalore Games Collection\Video Pool.lnk (Adware.Agent) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware-Secure\Website.lnk (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
C:\Windows\System32\VolumeControl.ocx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\EoRezo (Rogue.Eorezo) -> Delete on reboot.
C:\Users\Public\Desktop\WebMediaPlayer.lnk (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer (Rogue.WebMediaPlayer) -> Delete on reboot.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
o-scare
 
Penser à mettre à jour Adobe Reader
https://get2.adobe.com/reader/otherversions/
0
Réponse 6 / 9
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Salut

Clique sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Clique sur navilog1.exe pour télécharger navilog1
Choisis Enregistrer

et enregistre-le sur ton bureau.

Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valide.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Terminée le ..... ***
Appuie sur une touche comme demandé, le bloc note va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le bloc note.
Le rapport est en outre sauvegardé à la racine du disque (C:\fixnavi.txt)
poste le rapport obtenu
0
sandnoz
 
salut!
g telecharger navilog avc succes mais qd je double clic dessus ca me dit getspaths.exe a cessé de fonctionner windows cherche une solution au probleme. ensuite ds navilog acces refusé fichier introuvable finalement windows defender me demande l autorisation pour effectuer une demande utilitaire de maintenance de volume NTFS. C EST NORMAL?dois je autoriser? merci
0
Réponse 7 / 9
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Désactive le « contrôle des comptes utilisateurs = UAC »
(tu le réactiveras après ta désinfection): Ne pas oublier !!
Désactiver l'UAC est nécessaire pour pouvoir faire fonctionner certains programmes sous Vista.
- Vas dans Démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.

et réessaye
0
sandnoz
 
salut ca ne marche pas! je fais langue francais entré la se me remet getspaths.exe a cessé de fonctionné;.... je continue fais autorisé et apres ca se referme tout seul et rien
0
Réponse 8 / 9
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
Télécharge combofix (par sUBs) à partir d'un de ces liens :
ou ici

A lire

-> Double clique sur combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.
0
sandnoz
 
desolé ca marche pas non plus ca me dit erreur vous ne pouvez nommé combofix1 veuillez choisir un autre nom je clic ok et ca s en va et rien!!ET G MON GESTIONNAIRE INTERNET QUI S OUVRE A CHAQUE FOIS PAR DESSUS
0
sandnoz
 
je fais quoi alors?
0
Réponse 9 / 9
kevin05 Messages postés 3814 Date d'inscription   Statut Contributeur sécurité Dernière intervention   147
 
tuto pour le renommé : http://forum.pcastuces.com/combofix___renommer_au_telecharge­ment-f31s22.htm et réessaye A+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses