HOW TO REMOVE WIN32 HOAX.RENOS
MIKE0011
Posted messages
16
Status
Membre
-
jlpjlp Posted messages 52399 Status Contributeur sécurité -
jlpjlp Posted messages 52399 Status Contributeur sécurité -
Hello,
WHEN I SCAN WITH ADAWARE IT TELLS ME I HAVE win32hoax renos as well as registry issues
what should I do to remove it without compromising the stability of my computer
thank you in advance for your response
WHEN I SCAN WITH ADAWARE IT TELLS ME I HAVE win32hoax renos as well as registry issues
what should I do to remove it without compromising the stability of my computer
thank you in advance for your response
Configuration: Windows XP Internet Explorer 7.0
13 réponses
Hey,
paste a HijackThis report
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Manual:
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
I recommend renaming HijackThis, to counter a potential Vundo infection.
For example: Rename the HijackThis.exe file to eden.exe, to do this, right-click on the HijackThis.exe file and choose rename from the list
Then with Explorer create a folder c:\hijackthis
Unzip HijackThis in this folder.
It’s important for backups."
___________________________
smit fraud fix (paste the report)
1/ download:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double click on smitfraudfix, then select 1 and press enter to create the report of existing infections.
paste a HijackThis report
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
Manual:
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
I recommend renaming HijackThis, to counter a potential Vundo infection.
For example: Rename the HijackThis.exe file to eden.exe, to do this, right-click on the HijackThis.exe file and choose rename from the list
Then with Explorer create a folder c:\hijackthis
Unzip HijackThis in this folder.
It’s important for backups."
___________________________
smit fraud fix (paste the report)
1/ download:
http://siri.urz.free.fr/Fix/SmitfraudFix.php
2/ double click on smitfraudfix, then select 1 and press enter to create the report of existing infections.
VOICI LES RAPPORTS HIJACKTHIS ET SMITFRAUDFIX
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:56:11, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
L:\HIJACKTHIS\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222350414931&h=c2e841a26606418047f64349b99ff66c/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
--
End of file - 9066 bytes
SmitFraudFix v2.356
Rapport fait à 10:00:42,25, 08/12/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michel\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: U.S. Robotics 802.11g Wireless Turbo Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0CF52A7F-4AF7-40C0-8961-6FD2A6A3D52F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0CF52A7F-4AF7-40C0-8961-6FD2A6A3D52F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
D AVANCE MERCI DE TON AIDE
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:56:11, on 08/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
L:\HIJACKTHIS\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [eFax 4.4] "C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe" /R
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: eFax 4.4.lnk = C:\Program Files\eFax Messenger 4.4\J2GTray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Scanner Finder.lnk = C:\Program Files\ScanWizard 5\ScannerFinder.exe
O4 - Global Startup: U.S. Robotics 802.11g Wireless Network Utility.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1222350414931&h=c2e841a26606418047f64349b99ff66c/&filename=jinstall-6u7-windows-i586-jc.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: Z-SAN Service (Z-SANService) - Zetera Corporation - C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
--
End of file - 9066 bytes
SmitFraudFix v2.356
Rapport fait à 10:00:42,25, 08/12/2008
Executé à partir de C:\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\eFax Messenger 4.4\J2GDllCmd.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\ScanWizard 5\ScannerFinder.exe
C:\U.S.R.TurboGWLAN\USRWLANG.exe
C:\Program Files\eFax Messenger 4.4\J2GTray.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NETGEAR\NETGEAR Storage Central Manager Utility\Z-SANService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\SmitfraudFix\Policies.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Michel\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Michel\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
»»»»»»»»»»»»»»»»»»»»»»»» o4Patch
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
o4Patch
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
AntiXPVSTFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: U.S. Robotics 802.11g Wireless Turbo Adapter - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0CF52A7F-4AF7-40C0-8961-6FD2A6A3D52F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0CF52A7F-4AF7-40C0-8961-6FD2A6A3D52F}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
D AVANCE MERCI DE TON AIDE
Scan with
MalwareByte's Anti-Malware in normal mode and remove what is found and paste the report
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
MalwareByte's Anti-Malware in normal mode and remove what is found and paste the report
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
HERE IS THE ANTIMALWARE REPORT
Malwarebytes' Anti-Malware 1.31
Database version: 1474
Windows 5.1.2600 Service Pack 2
08/12/2008 11:58:04
mbam-log-2008-12-08 (11-58-04).txt
Scan type: Quick scan
Items scanned: 61303
Elapsed time: 3 minute(s), 49 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 1
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No harmful items detected)
Infected Registry data item(s):
(No harmful items detected)
Infected folder(s):
(No harmful items detected)
Infected file(s):
(No harmful items detected)
Malwarebytes' Anti-Malware 1.31
Database version: 1474
Windows 5.1.2600 Service Pack 2
08/12/2008 11:58:04
mbam-log-2008-12-08 (11-58-04).txt
Scan type: Quick scan
Items scanned: 61303
Elapsed time: 3 minute(s), 49 second(s)
Infected memory process(es): 0
Infected memory module(s): 0
Infected Registry key(s): 1
Infected Registry value(s): 0
Infected Registry data item(s): 0
Infected folder(s): 0
Infected file(s): 0
Infected memory process(es):
(No harmful items detected)
Infected memory module(s):
(No harmful items detected)
Infected Registry key(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Infected Registry value(s):
(No harmful items detected)
Infected Registry data item(s):
(No harmful items detected)
Infected folder(s):
(No harmful items detected)
Infected file(s):
(No harmful items detected)
Use to delete your traces
CCLEANER: (run a cleanup and fix the registry 3 times) without installing the Yahoo toolbar
(in the options then advanced: disable the checkbox: delete files older than 48 hours)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_______________
Download ToolsCleaner on your desktop.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Click on Search and let the scan run ...
# Click on Delete to finalize.
# You can, if you wish, use the Optional Options.
# Click on Exit to get the report.
# Post the report (TCleaner.txt) that can be found at the root of your hard drive (C:\).
_______________
Run Ad-Aware again and remove what is found
Still having issues?
CCLEANER: (run a cleanup and fix the registry 3 times) without installing the Yahoo toolbar
(in the options then advanced: disable the checkbox: delete files older than 48 hours)
https://www.malekal.com/tutoriel-ccleaner/
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
_______________
Download ToolsCleaner on your desktop.
--> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
# Click on Search and let the scan run ...
# Click on Delete to finalize.
# You can, if you wish, use the Optional Options.
# Click on Exit to get the report.
# Post the report (TCleaner.txt) that can be found at the root of your hard drive (C:\).
_______________
Run Ad-Aware again and remove what is found
Still having issues?
APPARENTLY THE VIRUS IS GONE BUT WHEN I LAUNCH INTERNET EXPLORER AND CLICK ON A LINK A WHITE PAGE APPEARS AND IT FREEZES
I DON'T KNOW WHAT TO DO
IF YOU COULD CLARIFY THAT FOR ME
HERE IS THE REQUESTED REPORT
[ Report ToolsCleaner version 2.2.6 (by A.Rothstein & dj QUIOU) ]
-->- Search:
C:\SmitFraudFix.exe: found!
C:\fixnavi.txt: found!
C:\SmitFraudfix: found!
C:\Program Files\Navilog1: found!
---------------------------------
-->- Deletion:
C:\SmitFraudFix.exe: deleted!
C:\fixnavi.txt: deleted!
C:\SmitFraudfix: deleted!
C:\Program Files\Navilog1: deleted!
I DON'T KNOW WHAT TO DO
IF YOU COULD CLARIFY THAT FOR ME
HERE IS THE REQUESTED REPORT
[ Report ToolsCleaner version 2.2.6 (by A.Rothstein & dj QUIOU) ]
-->- Search:
C:\SmitFraudFix.exe: found!
C:\fixnavi.txt: found!
C:\SmitFraudfix: found!
C:\Program Files\Navilog1: found!
---------------------------------
-->- Deletion:
C:\SmitFraudFix.exe: deleted!
C:\fixnavi.txt: deleted!
C:\SmitFraudfix: deleted!
C:\Program Files\Navilog1: deleted!
Update Java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
Update Internet Explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
________________
Paste the report of an online scan
with one of the following:
Panda online:
http://pandasoftware.fr
Kaspersky online
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/
Update Internet Explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
________________
Paste the report of an online scan
with one of the following:
Panda online:
http://pandasoftware.fr
Kaspersky online
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
IT IS IMPOSSIBLE FOR ME TO RUN AN ONLINE SCAN BECAUSE INTERNET EXPLORER IS CONSTANTLY CRASHING
IS IT POSSIBLE TO REINSTALL IT AND HOW?
IS IT POSSIBLE TO REINSTALL IT AND HOW?
download
bit defender free and paste a report after the update
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
bit defender free and paste a report after the update
https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/29063.html
I SCANNED WITH BITDEFENDER BUT I THINK IT'S INTERNET EXPLORER THAT HAS A PROBLEM
HOW TO REINSTALL IT?
//-----------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 08/12/2008 14:10:13
//
//-----------------------------------------------------------------
Statistics
Target path: C:\
D:\
E:\
H:\
I:\
J:\
K:\
Folders: 4978
Files: 93357
Memory processes scanned: 0
Archives: 725
Packed files: 2712
Viruses found: 0
Infected files: 0
Infected memory processes: 0
Suspicious files: 0
Alerts: 0
Disinfected files: 0
Deleted files: 0
Moved files: 0
I/O Errors: 29
Scan time: 00:23:10
Files/second: 67
Spyware Statistics
Registry scanned: 0
Infected registries: 0
Cookies scanned: 0
Infected cookies: 0
Infected spyware files: 0
Detected spyware threats: 0
Virus definitions: 2336866
Analysis plugins: 17
Archive plugins: 44
Decompression plugins: 7
Messaging plugins: 6
System plugins: 5
Scan options
Detection
[X] Scan boot sector
[X] Memory processes
[ ] Scan archives
[X] Scan packed files
[X] Scan messaging
File mask
[ ] Programs
[X] All files
[ ] User-defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Quarantine
[ ] Ask for action
Second action
[ ] Ignore
[ ] Delete
[X] Quarantine
[ ] Ask for action
Scan options
[X] Enable alerts
[ ] Enable heuristic
[ ] Show all files in the log
[X] Log file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1228741813.log
Spyware scan options
[X] Scan for non-viral risks
[ ] Exclude dialers and applications from scan
[X] Registry keys
[X] Cookies
HOW TO REINSTALL IT?
//-----------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 08/12/2008 14:10:13
//
//-----------------------------------------------------------------
Statistics
Target path: C:\
D:\
E:\
H:\
I:\
J:\
K:\
Folders: 4978
Files: 93357
Memory processes scanned: 0
Archives: 725
Packed files: 2712
Viruses found: 0
Infected files: 0
Infected memory processes: 0
Suspicious files: 0
Alerts: 0
Disinfected files: 0
Deleted files: 0
Moved files: 0
I/O Errors: 29
Scan time: 00:23:10
Files/second: 67
Spyware Statistics
Registry scanned: 0
Infected registries: 0
Cookies scanned: 0
Infected cookies: 0
Infected spyware files: 0
Detected spyware threats: 0
Virus definitions: 2336866
Analysis plugins: 17
Archive plugins: 44
Decompression plugins: 7
Messaging plugins: 6
System plugins: 5
Scan options
Detection
[X] Scan boot sector
[X] Memory processes
[ ] Scan archives
[X] Scan packed files
[X] Scan messaging
File mask
[ ] Programs
[X] All files
[ ] User-defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Quarantine
[ ] Ask for action
Second action
[ ] Ignore
[ ] Delete
[X] Quarantine
[ ] Ask for action
Scan options
[X] Enable alerts
[ ] Enable heuristic
[ ] Show all files in the log
[X] Log file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\full_scan\1228741813.log
Spyware scan options
[X] Scan for non-viral risks
[ ] Exclude dialers and applications from scan
[X] Registry keys
[X] Cookies
to repair internet explorer use zeb restore
http://telechargement.zebulon.fr/zeb-restore.html
or if the problem persists:
https://www.01net.com/actualites/
http://telechargement.zebulon.fr/zeb-restore.html
or if the problem persists:
https://www.01net.com/actualites/
I THANK YOU BUT IT STILL DOESN'T WORK PROPERLY
I THINK I'M GOING TO HAVE TO REINSTALL EVERYTHING TO GET INTERNET EXPLORER WORKING
THANK YOU SO MUCH
MILE0011
I THINK I'M GOING TO HAVE TO REINSTALL EVERYTHING TO GET INTERNET EXPLORER WORKING
THANK YOU SO MUCH
MILE0011
Download ComboFix (by sUBs) here:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
and save it to your desktop.
Disconnect from the internet and close all your applications.
Disable your protections (antivirus, firewall, real-time antispyware protection)
Double-click on ComboFix.exe and follow the instructions
In the end, it will produce a report C:\ComboFix.txt
Re-enable your firewall, your antivirus, and your antispyware protection
Copy/paste the report C:\ComboFix.txt into your next reply.
Warning, do not use your mouse or keyboard (or any other pointing device) while the program is running. This could freeze the computer.
You have a complete tutorial here:
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix