Infecté par Trojan.DNSChanger.Z
zigzag7892
Messages postés
3
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
Bonjour à tous,
Après avoir lancé un scan de mon système, BitDefender m'a signalé une infection par Trojan.DNSChanger.Z sur 2 fichiers:
C:\WINDOWS\system32\hvtyi.exe
C:\WINDOWS\System 32\qtchi.exe
Impossible de désinfecter ces fichiers.
Pourriez vous m'aider à me débarasser de ce virus.
Un grand merci d'avance :)
J'ai lancé un scan avec hijackthis et voici mon log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\Server.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\temp\bitdefender_avplus_v10.exe
C:\DOCUME~1\STPHAN~2.UNI\LOCALS~1\Temp\IXP000.TMP\Setup.Exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender10\bdwizreg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softwin\BitDefender10\bdlite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\STPHAN~2.UNI\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: WebServer.lnk = C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32(2).dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Après avoir lancé un scan de mon système, BitDefender m'a signalé une infection par Trojan.DNSChanger.Z sur 2 fichiers:
C:\WINDOWS\system32\hvtyi.exe
C:\WINDOWS\System 32\qtchi.exe
Impossible de désinfecter ces fichiers.
Pourriez vous m'aider à me débarasser de ce virus.
Un grand merci d'avance :)
J'ai lancé un scan avec hijackthis et voici mon log:
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\Club-Internet\Dr Club Internet\bin\mpbtn.exe
C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\Server.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\VBI_SE~2.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\temp\bitdefender_avplus_v10.exe
C:\DOCUME~1\STPHAN~2.UNI\LOCALS~1\Temp\IXP000.TMP\Setup.Exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Softwin\BitDefender10\bdwizreg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softwin\BitDefender10\bdlite.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Program Files\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [CTStartup] "C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\STPHAN~2.UNI\LOCALS~1\Temp\IXP000.TMP\"
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: WebServer.lnk = C:\Program Files\Pinnacle\Studio PCTV\TeleText\WebServer.exe
O4 - Global Startup: Docteur Club Internet.lnk = C:\Program Files\Club-Internet\Dr Club Internet\bin\matcli.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .fdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32(2).dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {402EE96E-2CE8-482D-ADA5-CECEEA07E16D} (TurnTool Scene) - http://www.turntool.com/ViewerInstall.exe
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploader.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
A voir également:
- Infecté par Trojan.DNSChanger.Z
- Alerte windows ordinateur infecté - Accueil - Arnaque
- L'ordinateur de simon a été infecté par un virus répertorié récemment ✓ - Forum Virus
- L'ordinateur de samantha a ete infecte par un virus - Forum Virus
- L'ordinateur de mustapha a été infecté par un virus répertorié récemment - Forum Windows
- Mon ordinateur a été infecté par un virus ou - Forum Virus
3 réponses
Télécharge, installe puis met à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici stp
Ewido: (en Anglais reste gratuit après la période d'essai)
--->Ewido
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
et
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
Ewido: (en Anglais reste gratuit après la période d'essai)
--->Ewido
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
et
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
Télécharge, installe puis met à jour ce logiciel(Ewido), une fois que c'est fait, fais un scan complet de ton système, supprime (delete) tout ce qu'il te trouve puis colle le rapport ici stp
Ewido: (en Anglais reste gratuit après la période d'essai)
--->Ewido
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
*******************
VOICI LE RAPPORT (Merci pour ton aide )
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 14:05:46 17/12/2006
+ Résultat de l'analyse:
I:\RECYCLER\S-1-5-21-746137067-1085031214-725345543-1003\Df1.rar/Key.exe -> Dropper.Small : Nettoyé et sauvegardé (mise en quarantaine).
I:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\A0001823.exe -> Not-A-Virus.Vidtool.EvID : Ignoré.
E:\Recycled\Dd1\CCE\CCE_Prog.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Ignoré.
Fin du rapport
***********************
et
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
*************************************************
VOICI LE RAPPORT:
C:\Documents and Settings\LocalService.AUTORITE NT.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stéphane\Local Settings\Temp\hsperfdata_Stéphane\3636 Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-00F809\Local Settings\Temporary Internet Files\Content.IE5\G1ER0PIR\ysb_prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Mozilla\Profiles\default\81nnjy2o.slt\parent.lock Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-111ac527.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-111ac527.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-53703ed6.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-53703ed6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-655475f4.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-655475f4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Éléments envoyés.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Historique\History.IE5\MSHist012006121720061218\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_958.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_a34.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_a7c.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_aec.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\xxx.jpg Infected: Trojan.Win32.DNSChanger.ef skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\~DF41B2.tmp Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temporary Internet Files\Content.IE5\K5IXMPAZ\xxx[1].jpg Infected: Trojan.Win32.DNSChanger.ef skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\ntuser.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ATI Technologies\ATI Control Panel\ATMfraxx.GID Object is locked skipped
C:\Program Files\Club-Internet\Dr Club Internet\log\mpbtn.log Object is locked skipped
C:\Program Files\Winamp3\db\metadata.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u10.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u11.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u6.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u8.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u9.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{2478B07C-0CA5-4615-8DB7-896F03AD4D28}.ndb Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{2478B07C-0CA5-4615-8DB7-896F03AD4D28}.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{37076A53-7A78-4DCC-AF91-374700C00009}.ndb Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{37076A53-7A78-4DCC-AF91-374700C00009}.ndx Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB.ndb Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB.ndx Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB_u0.ndb Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB_u0.ndx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\A0001651.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\A0001652.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\STEPH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DBC45BCF-B8A3-4039-A124-CE1DFCA288D9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00006ff2\tmp00000000 Object is locked skipped
C:\WINDOWS\Temp\ZLT00ba9.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT01f01.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000008-00001102-00000004-10021102}.CDF Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\change.log Object is locked skipped
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
--
c'est en forgeant que l'on devient forgeron !
** site perso pour forger, dans mon profil **
Ewido: (en Anglais reste gratuit après la période d'essai)
--->Ewido
Si tu as besoin d'aide avec Ewido(devenu AVG-antispyware) regarde ce tutoriel:
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
*******************
VOICI LE RAPPORT (Merci pour ton aide )
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 14:05:46 17/12/2006
+ Résultat de l'analyse:
I:\RECYCLER\S-1-5-21-746137067-1085031214-725345543-1003\Df1.rar/Key.exe -> Dropper.Small : Nettoyé et sauvegardé (mise en quarantaine).
I:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\A0001823.exe -> Not-A-Virus.Vidtool.EvID : Ignoré.
E:\Recycled\Dd1\CCE\CCE_Prog.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Ignoré.
Fin du rapport
***********************
et
Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clique dessus et choisit "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp
*************************************************
VOICI LE RAPPORT:
C:\Documents and Settings\LocalService.AUTORITE NT.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.AUTORITE NT.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.AUTORITE NT.000\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Stéphane\Local Settings\Temp\hsperfdata_Stéphane\3636 Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-00F809\Local Settings\Temporary Internet Files\Content.IE5\G1ER0PIR\ysb_prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Mozilla\Profiles\default\81nnjy2o.slt\parent.lock Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip/Counter.class Infected: Trojan.Java.ClassLoader.i skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-4d308860.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-111ac527.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-111ac527.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-53703ed6.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-53703ed6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-655475f4.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms0311.jar-10d27a78-655475f4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Pop3uidl.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Identities\{F3804518-F62A-44D9-BA2A-EF49DB753980}\Microsoft\Outlook Express\Éléments envoyés.dbx Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Historique\History.IE5\MSHist012006121720061218\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_958.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_a34.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_a7c.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\Perflib_Perfdata_aec.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\xxx.jpg Infected: Trojan.Win32.DNSChanger.ef skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temp\~DF41B2.tmp Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\Local Settings\Temporary Internet Files\Content.IE5\K5IXMPAZ\xxx[1].jpg Infected: Trojan.Win32.DNSChanger.ef skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\ntuser.dat Object is locked skipped
C:\Documents and Settings\Stéphane.STEPHANEI-B1E8F5\ntuser.dat.LOG Object is locked skipped
C:\Program Files\ATI Technologies\ATI Control Panel\ATMfraxx.GID Object is locked skipped
C:\Program Files\Club-Internet\Dr Club Internet\log\mpbtn.log Object is locked skipped
C:\Program Files\Winamp3\db\metadata.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u10.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u11.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u6.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u8.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_u9.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{2478B07C-0CA5-4615-8DB7-896F03AD4D28}.ndb Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{2478B07C-0CA5-4615-8DB7-896F03AD4D28}.ndx Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{37076A53-7A78-4DCC-AF91-374700C00009}.ndb Object is locked skipped
C:\Program Files\Winamp3\db\metadata_{37076A53-7A78-4DCC-AF91-374700C00009}.ndx Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB.ndb Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB.ndx Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB_u0.ndb Object is locked skipped
C:\Program Files\Winamp3\db\{5DAADB6F-F9DE-49F9-A5BC-F8805EF8029A}\CDDB_u0.ndx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\A0001651.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\A0001652.exe Infected: Trojan.Win32.DNSChanger.ef skipped
C:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\STEPH.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{DBC45BCF-B8A3-4039-A124-CE1DFCA288D9}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00006ff2\tmp00000000 Object is locked skipped
C:\WINDOWS\Temp\ZLT00ba9.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT01f01.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\{00000002-00000000-00000008-00001102-00000004-10021102}.CDF Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
I:\System Volume Information\_restore{7BF0D9E4-99FA-4B82-9EC2-B29895707A02}\RP6\change.log Object is locked skipped
_Online Scanner
_Kaspersky Online Scanner
_My Computer
https://www.kaspersky.fr/downloads
--
c'est en forgeant que l'on devient forgeron !
** site perso pour forger, dans mon profil **
Salut
A faire en mode sans echec
Fait ce nettoyage: (à faire réguliérement)
¤Telecharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide pour Ccleaner, regarde ce tutoriel:
http://www.tutopat.com/viewtopic.php?t=305
Recomence Ewido et "delete" tout ce qu'il t'a trouvé
Télécharges Blacklight et sauvegarde le sur ton bureau.
https://www.f-secure.com/en
Double cliques sur " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"
Un rapport, va se créer sur ton bureau "fslb-....."
Copies et colles le contenu de ce rapport ici.
Ne touche à rien d'autre!
A++
A faire en mode sans echec
Fait ce nettoyage: (à faire réguliérement)
¤Telecharge et installe CCleaner (n'installe pas la barre d'outil Yahoo)
---> Ccleaner
dans la colonne de gauche clic sur "erreurs" coches toutes les cases, puis cliques en bas sur "chercher des erreurs" une fois finit, cliques sur "reparer les erreurs" et tu aura un message pour sauvegarder ta base de registre tu dis "oui" puis tu recommences jusqu'a ce qu'il te trouve plus d'erreurs.
Les sauvegardes que tu aura faites tu pourra les supprimer si ton ordinateur n'a plus de problémes
¤Relance Ccleaner, vas dans l'onglet "nettoyeur" present sur la gauche, decoches la derniere case (Avancé si elle est cochée) puis clic sur "lancer le nettoyage"
Si tu as besoin d'aide pour Ccleaner, regarde ce tutoriel:
http://www.tutopat.com/viewtopic.php?t=305
Recomence Ewido et "delete" tout ce qu'il t'a trouvé
Télécharges Blacklight et sauvegarde le sur ton bureau.
https://www.f-secure.com/en
Double cliques sur " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"
Un rapport, va se créer sur ton bureau "fslb-....."
Copies et colles le contenu de ce rapport ici.
Ne touche à rien d'autre!
A++
