Suite virus
Fermé
sebastienjul1
Messages postés
4
Date d'inscription
vendredi 13 février 2009
Statut
Membre
Dernière intervention
19 février 2009
-
13 févr. 2009 à 18:17
sebastienjul1 Messages postés 4 Date d'inscription vendredi 13 février 2009 Statut Membre Dernière intervention 19 février 2009 - 19 févr. 2009 à 21:06
sebastienjul1 Messages postés 4 Date d'inscription vendredi 13 février 2009 Statut Membre Dernière intervention 19 février 2009 - 19 févr. 2009 à 21:06
2 réponses
hamagil
Messages postés
5458
Date d'inscription
lundi 23 avril 2007
Statut
Membre
Dernière intervention
6 janvier 2018
728
13 févr. 2009 à 18:31
13 févr. 2009 à 18:31
vire ca ; ( a la main )
c:\windows\fxstaller.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control Center
et fixe ca :
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
coche et fixe aussi ca pour alleger ton systeme :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
c:\windows\fxstaller.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows UDP Control Center
et fixe ca :
O4 - HKLM\..\Run: [Windows UDP Control Center] fxstaller.exe
coche et fixe aussi ca pour alleger ton systeme :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
sebastienjul1
Messages postés
4
Date d'inscription
vendredi 13 février 2009
Statut
Membre
Dernière intervention
19 février 2009
19 févr. 2009 à 21:06
19 févr. 2009 à 21:06
BitDefender Online Scanner
Scan report generated at: Thu, Feb 19, 2009 - 20:20:46
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;
Statistics
Time
01:10:38
Files
242467
Folders
6556
Boot Sectors
0
Archives
9977
Packed Files
11132
Results
Identified Viruses
3
Infected Files
6
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
2676193
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\sebastien\Local Settings\Temporary Internet Files\Content.IE5\CN4AOI3J\ee[1].jpg
Infected with: Backdoor.Bot.80340
C:\Documents and Settings\sebastien\Local Settings\Temporary Internet Files\Content.IE5\CN4AOI3J\ee[1].jpg
Deleted
C:\ee.exe
Infected with: Backdoor.Bot.80340
C:\ee.exe
Deleted
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP962\A0168983.exe
Infected with: Backdoor.Bot.80340
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP962\A0168983.exe
Deleted
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP967\A0169144.exe
Infected with: Backdoor.Bot.80340
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP967\A0169144.exe
Deleted
C:\WINDOWS\fxstaller.exe
Infected with: MemScan:Backdoor.RBot.YBJ
C:\WINDOWS\fxstaller.exe
Deleted
C:\WINDOWS\system32\wscs.exe
Infected with: Gen:Trojan.Heur.455843
C:\WINDOWS\system32\wscs.exe
Disinfection failed
C:\WINDOWS\system32\wscs.exe
Delete failed
Scan report generated at: Thu, Feb 19, 2009 - 20:20:46
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;K:\;
Statistics
Time
01:10:38
Files
242467
Folders
6556
Boot Sectors
0
Archives
9977
Packed Files
11132
Results
Identified Viruses
3
Infected Files
6
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
5
Engines Info
Virus Definitions
2676193
Engine build
AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)
Scan plugins
17
Archive plugins
45
Unpack plugins
7
E-mail plugins
6
System plugins
4
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\sebastien\Local Settings\Temporary Internet Files\Content.IE5\CN4AOI3J\ee[1].jpg
Infected with: Backdoor.Bot.80340
C:\Documents and Settings\sebastien\Local Settings\Temporary Internet Files\Content.IE5\CN4AOI3J\ee[1].jpg
Deleted
C:\ee.exe
Infected with: Backdoor.Bot.80340
C:\ee.exe
Deleted
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP962\A0168983.exe
Infected with: Backdoor.Bot.80340
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP962\A0168983.exe
Deleted
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP967\A0169144.exe
Infected with: Backdoor.Bot.80340
C:\System Volume Information\_restore{304D2AD8-90BA-4F09-BF12-4CDA4A6F0226}\RP967\A0169144.exe
Deleted
C:\WINDOWS\fxstaller.exe
Infected with: MemScan:Backdoor.RBot.YBJ
C:\WINDOWS\fxstaller.exe
Deleted
C:\WINDOWS\system32\wscs.exe
Infected with: Gen:Trojan.Heur.455843
C:\WINDOWS\system32\wscs.exe
Disinfection failed
C:\WINDOWS\system32\wscs.exe
Delete failed