virus "c'est pas toi?"

Question

Bonjour,
Un nouveau virus sur msn qui s'appelle "c'est pas toi?" est apparu sur msn.

Je n'arrive pas à le supprimer, est-ce que quelqu'un pourrait me renseigner s'il vous plait??

Merci beaucoup

jlpjlp · Answer

slt 

Télécharge MSNFix de Laurent 
http://sosvirus.changelog.fr/MSNFix.zip 

Décompresse-le et double clic sur le fichier MSNFix.bat. 
- Exécute l'option R. 
--Si l'infection est détectée, exécute l'option N 
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum. 

Note : 
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal 
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement. 


envoyer le fichier [b] C:\DOCUME~1\florian\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr  pour faire evoluer msnfix


----------------------


AVG antispyxare

https://www.01net.com/telecharger/

Tuto : 
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html 

->Relance AVG AS -> "Analyse" ->"Paramètres" 

Sous la question "Comment réagir ?" : 

-> clique sur "Actions recommandées" et choisis "Quarantaines" 
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système" 

Si un fichier est infecté en fin d'analyse 

->Clique sur "Appliquer toutes les actions " 

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous". 

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

_____________

utilise  pour supprimer tes traces 

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
------------

 colle le rapport d'un scan en ligne 
avec un des suivants: 


bitdefender en ligne : 
http://www.bitdefender.fr/scan_fr/scan8/ie.html 

Panda en ligne : 
http://pandasoftware.fr

kikouyou · Answer

Merci beaucoup mais en faisant cette manipulation je n'arrive pas à décompresser le dossier et je n'obtiens pas le dossier MSNFix.bat 
Comment je pourrais faire??

kikouyou · Answer

Merci beaucoup mais en faisant cette manipulation je n'arrive pas à décompresser le dossier et je n'obtiens pas le dossier MSNFix.bat 
Comment je pourrais faire??

jlpjlp · Answer

ok

a la place de msnfix fais sdfix puis passe a la suite

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. 
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe 
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici : 
• Redémarre ton ordinateur 
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde). 
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître. 
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée". 
• Choisis ton compte. 
Déroule la liste des instructions ci-dessous : 
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script. 
• Appuie sur Y pour commencer le processus de nettoyage. 
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. 
• Appuie sur une touche pour redémarrer le PC. 
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers. 
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. 
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau. 
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. 
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Miss Bubble · Answer

Bonjour,

ayant eu le virus, j'ai suivi la procédure indiquée, merci pour ces informations et voici le rapport :





SDFix: Version 1.126

Run by a.lenglet on 15/01/2008 at 10:50

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\AB691~1.LEN\LOCALS~1\Temp\services.exe  - Deleted
C:\WINDOWS\1?PHolmes*.exe  - Deleted
C:\WINDOWS\b12?.exe  - Deleted
C:\WINDOWS\mrofinu*.exe  - Deleted
C:\WINDOWS\mrofinu*.exe.tmp  - Deleted



Folder C:\Program Files\Temporary - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 10:55:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 150


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\DOCUME~1\AB691~1.LEN\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\AB691~1.LEN\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue  3 Apr 2007        85,504 A..H. --- "C:\Documents and Settings\a.lenglet\Mes documents\~WRL0005.tmp"
Mon  7 Jan 2008         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon  8 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT4.tmp"
Mon  8 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bbe88a785b5f932c929e655dd1a187d0\BIT5.tmp"
Wed 28 May 2003        65,088 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c556 Packet\3C556.COM"
Wed 28 May 2003        12,732 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c509 Packet\3C5X9PD.COM"
Wed 28 May 2003        26,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\3COM 3c59x Packet\3C59XPD.COM"
Wed 28 May 2003        28,062 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207F Packet\EN5251PD.COM"
Wed 28 May 2003        10,710 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207C Packet\PCIPD.COM"
Wed 28 May 2003        10,083 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207D Packet\ACCPKT.COM"
Wed 28 May 2003        10,257 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207TX Packet\PCIPD.COM"
Wed 28 May 2003        29,499 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1203 Packet\PCIPD.COM"
Wed 28 May 2003        12,660 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1204 Packet\VLNWPD.COM"
Wed 28 May 2003        11,031 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1207 Packet\PCIPD.COM"
Wed 28 May 2003        17,952 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1200 Packet\EC32PD.COM"
Wed 28 May 2003         9,424 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1208 Packet\1208PD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1650 Packet\NWPD.COM"
Wed 28 May 2003        13,673 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1640 Packet\NWPD.COM"
Wed 28 May 2003        14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1658 Packet\NWPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN166X Packet\NWPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1651 Packet\NWPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1652 Packet\NWPD.COM"
Wed 28 May 2003         7,243 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1653 Packet\NE2PD.COM"
Wed 28 May 2003        24,767 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2216 Packet\PCMPD.COM"
Wed 28 May 2003         7,463 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1625 Packet\NEPD.COM"
Wed 28 May 2003         7,825 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1656 Packet\NWPD.COM"
Wed 28 May 2003        10,286 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2228 Packet\PCMPD.COM"
Wed 28 May 2003        25,460 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2218 Packet\PCMPD.COM"
Wed 28 May 2003        28,866 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN2320 Packet\EN5251PD.COM"
Wed 28 May 2003        14,438 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\ACCTON EN1657 Packet\NWPD.COM"
Wed 28 May 2003         8,544 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Elndis.sys"
Wed 28 May 2003        33,149 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\CATC USB Ethernet\Usbd.sys"
Wed 28 May 2003        51,150 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI1394.SYS"
Wed 28 May 2003        35,340 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI2DOS.SYS"
Wed 28 May 2003        14,378 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI4DOS.SYS"
Wed 28 May 2003        37,984 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8DOS.SYS"
Wed 28 May 2003        44,828 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPI8U2.SYS"
Wed 28 May 2003        29,628 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPICD.SYS"
Wed 28 May 2003        52,106 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIEHCI.SYS"
Wed 28 May 2003        49,250 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIOHCI.SYS"
Wed 28 May 2003        50,600 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\ASPIUHCI.SYS"
Wed 28 May 2003       161,792 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BOOTSRV.SYS"
Wed 28 May 2003       174,080 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\bootsrv16.sys"
Wed 28 May 2003        21,971 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTCDROM.SYS"
Wed 28 May 2003        30,955 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\BTDOSM.SYS"
Wed 28 May 2003       202,517 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS.EXE"
Wed 28 May 2003       374,038 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\CMDS16.EXE"
Wed 28 May 2003        22,158 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\COUNTRY.SYS"
Wed 28 May 2003         1,608 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DEVICE.COM"
Wed 28 May 2003        15,345 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DISPLAY.SYS"
Wed 28 May 2003         7,840 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\DLSHELP.SYS"
Wed 28 May 2003        56,821 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\E.EXE"
Wed 28 May 2003        64,425 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\FLASHPT.SYS"
Wed 28 May 2003        32,396 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\GUEST.EXE"
Wed 28 May 2003        14,160 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\HIMEM.SYS"
Wed 28 May 2003        10,898 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYB.COM"
Wed 28 May 2003        53,556 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\KEYBOARD.SYS"
Wed 28 May 2003        15,777 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MODE.COM"
Wed 28 May 2003        37,681 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MOUSE.COM"
Wed 28 May 2003       354,304 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\msbootsrv16.sys"
Wed 28 May 2003        21,180 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\MSCDEX.EXE"
Wed 28 May 2003       354,263 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Net.exe"
Wed 28 May 2003         8,513 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\NETBIND.COM"
Wed 28 May 2003        41,302 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OAKCDROM.SYS"
Wed 28 May 2003       129,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\OHCI.EXE"
Wed 28 May 2003        28,439 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\Paralink.com"
Wed 28 May 2003        13,770 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\PROTMAN.EXE"
Wed 28 May 2003       130,980 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\UHCI.EXE"
Wed 28 May 2003        11,854 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWorks ISA (DE305) Packet\DE305.COM"
Wed 28 May 2003        52,715 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE450 Packet\DE450.COM"
Wed 28 May 2003        62,391 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DEC EtherWORKS DE500 Packet\DE500.COM"
Wed 28 May 2003        11,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DMF560-TX Packet\Lmpd.com"
Wed 28 May 2003        17,791 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DT620 Packet\Dt620pd.com"
Wed 28 May 2003        17,043 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\DLink DE400 Packet\De400pd.com"
Wed 28 May 2003        11,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\IBM Crystal LAN Packet\Epktisa.com"
Wed 28 May 2003        18,300 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Kingston EtheRx KNE110TX Packet\Ktc110p.com"
Wed 28 May 2003        48,224 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD 10-100AL Packet\L100al.com"
Wed 28 May 2003        13,360 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-CDF Packet\Ldcdt.com"
Wed 28 May 2003         9,190 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Laneed LD-PCI2TL Packet\Ldpcil.com"
Wed 28 May 2003        12,567 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Melco LPC2-T\Lpchkat2.com"
Wed 28 May 2003        44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\FETPKT.COM"
Wed 28 May 2003        56,896 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FW-100TX Fast Ethernet Packet\Rtspkt.com"
Wed 28 May 2003        44,640 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Planex FNW9x00T - ENW8300T Packet\fetpkt.com"
Wed 28 May 2003         9,692 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\PXE Packet Driver\Undipd.com"
Wed 28 May 2003         9,537 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\SN 2000p Packet\PNPPD.COM"
Wed 28 May 2003        32,484 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\WaveLAN Packet\Wvlan42.com"
Wed 28 May 2003        52,225 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet 10-100 + Modem\Cbendis.exe"
Wed 28 May 2003        48,491 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10BT\Ce3ndis.exe"
Wed 28 May 2003        50,405 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom RE10 - RE100 Packet\Ce3pd.com"
Wed 28 May 2003        33,860 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom PE3-10Bx\Pe3ndis.exe"
Wed 28 May 2003        50,175 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Re-100Btx + Ce3B-100Btx\Ce3ndis.exe"
Wed 28 May 2003        50,795 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX\Cbendis.exe"
Wed 28 May 2003        48,223 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom CBE10-100BTX Packet\Cbepd.com"
Wed 28 May 2003        48,641 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS\Xpsndis.exe"
Wed 28 May 2003        49,015 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\Xircom Ethernet II PS Packet\Xpspd.com"
Tue 19 Dec 2006        30,720 A..H. --- "C:\Documents and Settings\a.lenglet\Bureau\S.E.R.S.I.M.T\Dr Le Tourneau\CRC Sofinco Clichy\VE\VE avec m‚d du 23.11.06\~WRL0001.tmp"
Wed 28 May 2003        53,786 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\command.com"
Wed 28 May 2003        44,240 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMBIO.COM"
Wed 28 May 2003        42,550 A..H. --- "C:\Documents and Settings\All Users\Application Data\Symantec\Ghost\Template\common\pcdos\IBMDOS.COM"
Tue  3 Apr 2007    36,385,280 A..H. --- "C:\Documents and Settings\a.lenglet\Bureau\S.E.R.S.I.M.T\Dr Le Tourneau\CRC Sofinco Clichy\‚tudes\conseils pour l'am‚agement spatial et l'organisation des postes 19.12.06apport\~WRL0353.tmp"
Tue  3 Apr 2007       388,608 A..H. --- "C:\Documents and Settings\a.lenglet\Bureau\S.E.R.S.I.M.T\Dr Le Tourneau\CRC Sofinco Clichy\‚tudes\conseils pour l'am‚agement spatial et l'organisation des postes 19.12.06apport\~WRL3407.tmp"

Finished!

jlpjlp · Answer

ok ca a néttoyé en partie
poursuis 

a plus

gaellia · Answer

je viens de recevoir le meme virus qui ne veut pas partir !
Tu as du nouveau ?

Miss Bubble · Answer

Re 

Très bien

De quelle façon  dois-je poursuivre ?

Miss Bubble · Answer

J'ai lancé un scan avec  A-squared anti-malaware ... ça semble approprié ?

jlpjlp · Answer

comme indiqué dans mon premier message  fais ca:

AVG antispyware

https://www.01net.com/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

_____________

utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/
------------

colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

fanou · Answer

Run by Fanny chaldebas on 15/01/2008 at 17:46

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\DOCUME~1\FANNYC~1\LOCALS~1\Temp\services.exe  - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-15 18:07:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 71


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Dell\MediaDirect\PCMService.exe"="C:\Program Files\Dell\MediaDirect\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe"="C:\Program Files\Fichiers communs\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat"="C:\Program Files\EA GAMES\La Bataille pour la Terre du Milieu(tm)\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\DOCUME~1\FANNYC~1\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\FANNYC~1\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 11 Nov 2006            88 A.SHR --- "C:\i386\0C9A1BD7DE.sys"
Sat 11 Nov 2006         2,828 A.SH. --- "C:\i386\KGyGaAvL.sys"
Mon 31 Dec 2007           168 ..SHR --- "C:\WINDOWS\system32\0C9A1BD7DE.sys"
Mon 31 Dec 2007         5,642 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Sun 11 Feb 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Fri 18 May 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 29 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT37.tmp"
Fri  5 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT29.tmp"
Sun  5 Nov 2006             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch1\lock.tmp"
Sun  5 Nov 2006             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch2\lock.tmp"
Sun  5 Nov 2006             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch3\lock.tmp"
Sun  5 Nov 2006             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch4\lock.tmp"
Sun  5 Nov 2006             8 A..H. --- "C:\Documents and Settings\All Users\Application Data\GTek\GTUpdate\AUpdate\Channels\ch5\lock.tmp"

Finished!

thress · Answer

Moi aussi j'ai egalement reçu ce virus mais quand jarrive a l'étape de mètre " R" et taper entré a MSNFIX rien ne poursuis ! 

Help !

cashflow@hotmail.fr · Answer

Voila mon  rapport AVG AS




---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:20:09 15/01/2008

 + Résultat de l'analyse:	



C:\Program Files\Fichiers communs\Uninstall Information\RemoveWebDP.exe -> Adware.DelphinMediaViewer : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32
fomon
fo.ocx -> Adware.DelphinMediaViewer : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-1004336348-796845957-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39F25B12-74FF-4079-A51F-1D70F5B08B84} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\GONZO\Mes documents\A_GARDER_SUR_LE_BUREAU\Mes fichiers reçus\GONZOGRINGO525140390\photo album2007.pif -> Backdoor.IRCBot.aaq : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\GONZO\Mes documents\A_GARDER_SUR_LE_BUREAU\Mes fichiers reçus\photo album2007.pif -> Backdoor.IRCBot.aaq : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Dot1XCfg\Dot1XCfg.exe -> Downloader.Adload.pr : Nettoyé et sauvegardé (mise en quarantaine).
[2104] C:\Program Files\Dot1XCfg\Dot1XCfg.exe -> Downloader.Adload.pr : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\GONZO\Bureau\MSNFix\backup\b122.exe -> Downloader.Agent.erf : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\GONZO\Bureau\MSNFix\backup\17PHolmes1148.exe -> Downloader.Agent.gwh : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\GONZO\Bureau\MSNFix\backup\mrofinu1148.exe -> Downloader.Agent.gwh : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\GONZO\Bureau\MSNFix\backup\mrofinu1148.exe.tmp -> Downloader.Agent.gwh : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F943E54A-A4BC-4315-9C3C-42077260E1A1}\RP286\A0296384.exe -> Downloader.Agent.gwh : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F943E54A-A4BC-4315-9C3C-42077260E1A1}\RP286\A0296390.exe -> Downloader.Agent.gwh : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F943E54A-A4BC-4315-9C3C-42077260E1A1}\RP286\A0296391.exe -> Downloader.Agent.gwh : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{F943E54A-A4BC-4315-9C3C-42077260E1A1}\RP285\A0296351.exe -> Not-A-Virus.Hacktool.EvID : Nettoyé et sauvegardé (mise en quarantaine).
:mozilla.578:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.579:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.580:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.581:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.582:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.583:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.247realmedia : Nettoyé.
:mozilla.196:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.197:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.198:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.199:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.200:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.201:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.202:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.203:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.204:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.205:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.206:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.207:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.208:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.209:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.212:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.213:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.214:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.215:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.227:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.601:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.659:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.690:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.366:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.71i : Nettoyé.
:mozilla.434:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.435:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.702:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.703:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.704:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.705:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.706:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adrevolver : Nettoyé.
:mozilla.384:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.45:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.46:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.47:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.48:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.463:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Adviva : Nettoyé.
:mozilla.42:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.217:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.718:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.719:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.720:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.721:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.722:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.723:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.724:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.380:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.381:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.383:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Comclick : Nettoyé.
:mozilla.524:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Cqcounter : Nettoyé.
:mozilla.540:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.541:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Dealtime : Nettoyé.
:mozilla.49:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.515:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.516:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.762:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Esomniture : Nettoyé.
:mozilla.324:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.138:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.139:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.140:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.141:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.142:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.143:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Euroclick : Nettoyé.
:mozilla.103:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.104:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.105:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.106:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.236:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.549:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.618:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.650:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.672:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.681:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Googleadservices : Nettoyé.
:mozilla.475:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.477:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.478:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.479:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.559:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.560:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.370:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Ivwbox : Nettoyé.
:mozilla.362:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.365:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Liveperson : Nettoyé.
:mozilla.172:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.173:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.26:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Netflame : Nettoyé.
:mozilla.22:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.23:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.24:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Overture : Nettoyé.
:mozilla.309:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.310:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.311:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.312:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.313:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.314:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.315:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.316:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Serving-sys : Nettoyé.
:mozilla.33:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.34:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.35:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.36:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.37:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.483:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.488:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.489:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.490:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.495:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.496:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.497:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.498:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.499:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.500:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.501:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.502:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.503:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.504:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.505:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.506:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.273:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.274:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.275:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.276:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.277:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.268:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.38:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.39:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.40:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.41:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.687:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Webtrendslive : Nettoyé.
:mozilla.354:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.355:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.356:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.357:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.358:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.726:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.727:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
:mozilla.728:C:\Documents and Settings\GONZO\Application Data\Mozilla\Firefox\Profiles\c7ol9yoo.default\cookies.txt -> TrackingCookie.Zedo : Nettoyé.
C:\WINDOWS\system32\wnsintsv.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport

charmas · Answer

J'ai ce même virus, je suis la procédure mais je n'arrive pas  à ouvrir le fichier msnfix.bat,ils me disent de le dcompresser je ne c pas comen faire !

Miss Bubble · Answer

Re

Mon rapport AVG est tellement lourd (!) ... un nombre de cookies défiant toute concurrence (près de 20 000) a été identifié ainsi que 3 trojans ... que je ne peux même pas le poster ... (je souhaite tout de même préciser que je viens de récupérer cet ordi et sans protection .. il est désormais équipé d'un firewall et d'un scan. Une idée pour que je puisse le faire paraître ?? Merci d'avance de la réponse.

jlpjlp · Answer

utilise ccleaner pour virer les cookies


CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo 

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
-----------------------

Xanderleprofesseur · Answer

Moi aussi, j'ai eu le même virus, je l'ai supprimé avec Avast mais sous le bugue intempestif lié à mSN, j'ai éteins mon ordi à la main.
Depuis, je le rallume, je mets redémarrer normalement ou autres, et après sa tentative de redémarrage, je retombe toujours sur les propositions de rédémarrage.
Quelqu'un a t-il une solution ?

jlpjlp · Answer

merci de créer votre propre post sinon on y arrivera pas!

cashflow@hotmail.fr · Answer

CHARMAS !


Pour décompresser  le dossier msnfiix.bat

 c'est simple tu vas là
 ==>   https://www.commentcamarche.net/telecharger/utilitaires/24097-winrar/
tu cliques sur: "  télecharger la version d''évalution "

Ensuite une fois tu as télecharger  winrar
tu place la flèche de ta souris sur le programme MSNFIX.bat et  tu clique sur le bouton droit de ta souris, il apparait un  menu déroulant tu choisis "extraire ici "
Et là le programme va se décompresser là ou tu es.

Ensuite tu fais ce qui a été écrit en haut de cette page et ça marche ,
 il n'y a aucun soucis, moi je me suis débarassé de ce virus en 1heure  (en fait en meme pas 10 minutes , mais c'est car il faut attendre que lantispyware AVG fasse une analyse entière de ton PC et si t'as bcp de chose, c'est long)



RESOLUTION POUR 2008: ARRETER D'ACCEPTER TT CE QUE MES IMBéCILES DE CONTACT ME BALANCE SUR MSN.

cashflow@hotmail.fr · Answer

THRESS !


Si si ça marche! 


 quand tarrives à l'étape R, tu tapes R et tu fais entrée !


 Il faut que t'astende un moment avant qu'il se passe un truc à l'écran,  genre je sais pas moi...1 ou 2minutes on va dire !

loganos45 · Answer

salut,
j'ai eu le virus, mais je pense en être débarassé par contre depuis que j'ai lancé msnfix, le dossier windows s'ouvre dès le lancement de l'ordinateur, vous savez d'où ça vient et comment y remédier?

jlpjlp · Answer

slt, cré ton propre post, colle le rapport msnfix et explique clairement tes problemes
et colle un rapport hijackhtis

sarah13 · Answer

est ce que vous pouriez m'adez SVP j'ai le virus "c'est pas toi!??" depuis hier je ne sais pas comment le supprimer quelqu'un pourai m'expliker?

gwendo · Answer

Ouai moi c'est la mm!! et j'ai réussi a en enlever un, donc Avast ne m'envoi plu de msg, mais "c'est pas toi" se renvoi a mes contasts quan mm et mm si je supprime le virus, il réaparai!! aiidéééé moi!

sarah13 · Answer

mouà j'ai réussi a enlever ce virus merci d'mavoir aider

tabacco4 · Answer

SDFix: Version 1.127

Run by houte on 16/01/2008 at 17:00

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\DOCUME~1\houte\LOCALS~1\Temp\services.exe  - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-16 17:03:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 1


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Azureus\Azureus.exe"="C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus"
"C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe"="C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe:*:Enabled:MessengerDiscovery Live the Windows Live Messenger addon"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\RayV\RayV\RayV.exe"="C:\Program Files\RayV\RayV\RayV.exe:*:Enabled:RayV"
"C:\Program Files\Hamachi\hamachi.exe"="C:\Program Files\Hamachi\hamachi.exe:*:Enabled:Hamachi Client"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\DOCUME~1\houte\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\houte\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 19 Mar 2006       262,144 A.SH. --- "C:\Program Files\MessengerDiscovery\SpellCHK.exe"
Mon 25 Jun 2007        61,440 A..H. --- "C:\Program Files\MSN Messenger\winmm.dll"
Wed  3 May 2006       163,328 ..SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007        31,232 ..SHR --- "C:\WINDOWS\system32\msfDX.dll"
Mon 26 Nov 2007    17,521,856 ...H. --- "C:\Documents and Settings\houte\Bureau\setupfre(2).exe"
Sun 26 Jun 2005       616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005        45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Tue  4 Dec 2007        72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006        15,872 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Mon 25 Jun 2007        61,440 A..H. --- "C:\Program Files\Windows Live\Messenger\winmm.dll"
Tue  4 Jun 2002        84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue  4 Jun 2002        44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002        73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002        65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun  9 Jun 2002        36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue  4 Jun 2002        20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002       102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002       176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002       208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002       217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun  9 Jun 2002        40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat  3 Nov 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001       225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004       232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderaac.dll"
Sun  9 Jun 2002       525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernco3260.dll"
Tue 10 Dec 2002       245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencodernlt3260.dll"
Tue 10 Dec 2002        45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv103260.dll"
Tue 10 Dec 2002        98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv203260.dll"
Tue 10 Dec 2002        94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv303260.dll"
Tue 10 Dec 2002        90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoderv403260.dll"
Tue 10 Dec 2002       102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun  9 Jun 2002        49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder	okr3260.dll"
Sun 23 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT2.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT4.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\02970179a133da43483e5e8495d03f51\download\BIT7F.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0ec11185f55e56bbf8143a0782f17c59\download\BIT86.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\171d2120022f92869484c921d3263cc3\download\BIT82.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\17e3f23ff72184333b78d75c8e81cda8\download\BIT9D.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\27efdbd68a382580fdb15dd4f797360e\download\BIT9F.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\29f6d57cd4efa945b402cdec2ffedddf\download\BIT77.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3887d65d3ab5fa0d45001f504bed5b37\download\BIT8F.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\3d626d96e6e22b8a5867784640121555\download\BIT73.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\42526a992b20eef1df8750beb4f78f35\download\BIT7B.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4ad242756613df3e539d49e3db7fff27\download\BITA2.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4c5c888ff189ce65af20cc141b13bcd3\download\BIT85.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4febda7b78da8f94eaee96a8b432d591\download\BIT8D.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5cbce544ba5a58e170acdb52973e4471\download\BIT8A.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5d24ad19cee78bba662249a4deccb260\download\BIT9E.tmp"
Fri 23 Nov 2007     5,797,940 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\61cb8cabb47496dec6d7e4c842c3b827\download\BIT63.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6291f486ec5de5182ec3cff2071af184\download\BIT98.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\72480a427b1c43ed1a1d42cac8cadfc7\download\BIT90.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\79dfe016119d9f9104f7a081382c2de7\download\BIT9A.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7bd07c1089c2af7712a37e4bc06b52c1\download\BIT87.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\7d67df8d2fa218514bbe5a22ae12a9b3\download\BITA0.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\813a989071c1720c8fca52f421b7b9e5\download\BIT99.tmp"
Fri 23 Nov 2007     8,534,093 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\862eefd1f6ef97d3689d072d41d214a0\download\BIT72.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b6d906fd5974a905eb1cc67c000b099\download\BIT8B.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8d31f6e93a03bc7a736602ed1adb9986\download\BIT91.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a04a8dce324b141449b6bb4b762ae54a\download\BIT7A.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a957c596efa7d0ec1b4b7fdc1e1c5705\download\BIT9C.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b81252ef70e0d4f53d4fb43336030927\download\BIT81.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b848f7bbcc1590afa157f879b74964b2\download\BIT88.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8ac6274ac8ad7e4b0febe55aca1e516\download\BIT94.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ba502b35f31a2bf19a595db79d7bef15\download\BIT95.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\bfd81cbd42e5265d12677c96600c0804\download\BIT74.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\c8f95ed251aedea843abb9ea5b1a52d3\download\BIT7C.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cbee9c95b55c0a7f59376a89c9a3d3c1\download\BIT76.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cff3276a5659b39e9143e4a62e333028\download\BIT8C.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d14d0217f816e7b705d500838dec3aae\download\BIT8E.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d3d59acde4bc99f07df90298fa402c77\download\BITA1.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d8cfedd5cfd3f0881276825d82978e5d\download\BIT75.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e17d2630592b6b8b86888b3ce879a3ab\download\BIT80.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e6709a5593e8edb948fefef2ae74a35e\download\BIT89.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\e8ac11bc9e4687d6c2a32699ff0541d6\download\BIT9B.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb96ceab77261e76cdbe943d8cf8e4cc\download\BIT84.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\eb9fda4f2f8a691ab294ebfcbb58c737\download\BIT83.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ec9dc63e53c8bf9a1e80cf1489c682bd\download\BIT93.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\edf770ea565c428bca41a4befcabb97b\download\BIT92.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\ef76b58e91ae8084bf0833c90d4b9382\download\BIT97.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f32bfa5d1049b53eae766f9d37379ea6\download\BIT7E.tmp"
Fri 23 Nov 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\fde0566446f6dd640c536f419fe1216a\download\BIT96.tmp"

Finished!

Thoven · Answer

Veuillez m'excuser, mais pour moi, tout ça c'est du charabia. Je ne comprends vraiment pas la procédure pour se débarrasser du virus. J'ai télécharger tout ce que vous avez dit de télécharger. Pour SDFix, il n'y a pas de "Y" dans les procédures. Pour MSNFix, je ne vois vraiment pas ce qu'il faut faire. Faire "Extraire ici", mais ensuite, je tombe sur des fenêtres "Confirmer le remplacement du fichier". Pouvez-vous me dire, s'il vous plaît, en résumé, ce que je dois faire pour supprimer ce virus ?
Merci.

laetou54 · Answer

J'ai le même problème, j'ai suivi tous vos conseils et donc bien supprimé ce virus mais apparement il s'envoie toujours à ma liste de contacts sans même que je reçoive quelque chose!!! Est ce que quelqu'un a une solution???merci!

Thoven · Answer

Ca y est ! J"ai pu supprimer ce virus grâce à vous. J'ai finalement mieux compris vos instructions. Merci beaucoup.

d-lighted · Answer

merci pour vos conseils, voici le rapport
MSNFix 1.631  
 
C:\Documents and Settings\DIANE\Local Settings\Temp\MSNFix\MSNFix 
Fix exécuté le 16/01/2008 - 17:59:56,51 By DIANE 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\Install\install.exe 
... C:\DOCUME~1\DIANE\LOCALS~1\Temp\services.exe 
... C:\Documents and Settings\DIANE\??????.exe 

************************  MSNCHK ***** /!\ beta test /!\


 
************************ Recherche les dossiers présents       
 
... C:\Install\ 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\Install\install.exe  
/!\ ...  C:\DOCUME~1\DIANE\LOCALS~1\Temp\services.exe   
.. OK ... C:\Documents and Settings\DIANE\??????.exe  
 
 
************************ Suppression des dossiers       
 
.. OK ... C:\Install\   
 
 
************************ Nettoyage du registre 
 
 
 
Les fichiers encore présents seront supprimés au prochain redémarrage 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\DOCUME~1\DIANE\LOCALS~1\Temp\services.exe  
 
 
 
************************ Fichiers suspects 
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention 
 
[C:\pf-setup.exe] A00DD7D2C5EFB35F546EE501D6D43AFA 
[C:\UGA505t.exe] 0F59BD20448BCBB9544CC45BC358AD13 

[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier  [b] C:\DOCUME~1\DIANE\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr

 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 16012008_18065676.zip
 
 
------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

benjd800 · Answer

ouf merci pour votre aide...moi qui me croyait trop intelligent pour encore choper des virus aussi connement...je me suis fait une petite frayeur je me voyais déjà en train de faire le tristement célèbre Format C: ! 

pour ceux qui n'arrivent pas à décompresser le fichier et qui ne veulent pas installer winrar : 

- Aller dans le repertoire C:\
- créer un repertoire "MSNFix"
- cliquer sur MSNFix que vous venez de créer
- à l'intérieur de MSNFix créer un repertoire "incl"
- dans le repertoire "incl" mettre les fichiers de l'archive MSNFIX.ZIP suivants : 

- banker.reg
- MD5file.exe
- msnchk.exe
- process.exe
- setpath.exe
- swreg.exe
- zip.exe

- revenir dans le repertoire "MSNFix"
- copier les fichiers de l'archive MSNFIX.ZIP suivants : 

- msnchk.exe
- MSNfix.bat

voilà ! cliquer sur MSNfix.bat et ça devrait marcher ! ;)

manie · Answer

SDFix: Version 1.127

Run by sylvain on 17/01/2008 at 18:46

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\sylvain\Bureau\SDFix\SDFix

Safe Mode:
Checking Services: 

Name:
Generic Host Process for Win-32 Service
windows mail service

Path:
"C:\WINDOWS\svchost.exe" 
"C:\WINDOWS\mail.exe" 

Generic Host Process for Win-32 Service - Deleted
windows mail service - Deleted


C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found

Checking files: 

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp

Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32	ftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache	ftp.exe 

Files copied to SDFix\Backups 

Restoring files if backups are found
 
Final Check:

Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32	ftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache	ftp.exe 

 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\DOCUME~1\sylvain\LOCALS~1\Temp\services.exe  - Deleted
C:\WINDOWS\mail.exe  - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp  - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp  - Deleted




Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-17 18:50:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d4a05f7]
"001c43c50006"=hex:ad,7d,aa,68,4c,b3,ad,d1,51,29,6b,ce,65,22,ff,c8
"001b9861f91a"=hex:62,6f,7a,dd,9e,bd,c1,31,b2,49,48,98,ce,ca,19,f0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:52,62,2a,29,d9,f5,2a,af,e1,02,a0,35,32,87,fd,e8,37,c0,f1,8f,77,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\000b0d4a05f7]
"001c43c50006"=hex:ad,7d,aa,68,4c,b3,ad,d1,51,29,6b,ce,65,22,ff,c8
"001b9861f91a"=hex:62,6f,7a,dd,9e,bd,c1,31,b2,49,48,98,ce,ca,19,f0
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:52,62,2a,29,d9,f5,2a,af,e1,02,a0,35,32,87,fd,e8,37,c0,f1,8f,77,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000000
"TracesSuccessful"=dword:00000000
"LastTraceFailure"=dword:00000000

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 886


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Yahoo!\Messenger\YServer.exe"="C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\DOCUME~1\sylvain\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\sylvain\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\sylvain\Bureau\SDFix\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sun 25 Nov 2007     6,219,320 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Tue 21 Aug 2007         4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT3C.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT3F.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BIT43.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\26924cbc8132a10b438ce6e2b49d4652\BIT3B.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BIT40.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\30285791903730fbf957a83562db4ff4\BIT3D.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BIT42.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT3E.tmp"
Sun 30 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BIT41.tmp"

Finished!

Iya · Answer

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	20:51:28 17/01/2008

 + Résultat de l'analyse:	



HKLM\SOFTWARE\Classes\WR -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\runner1 -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Dot1XCfg\Dot1XCfg.exe -> Downloader.Adload.pr : Nettoyé et sauvegardé (mise en quarantaine).
[4044] C:\Program Files\Dot1XCfg\Dot1XCfg.exe -> Downloader.Adload.pr : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\b122.exe -> Downloader.Agent.erf : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Charlotte\Cookies\charlotte@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Charlotte\Cookies\charlotte@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.


Fin du rapport

foot21 · Answer

bonsoir moi j'ai le méme virus mé je n'arrive plus du tout à me conecter sur mon pc infecter par le virus "c'est pas toi?"
Quelq'un serait il comment fair pour résoudre mon probléme
et me dire si c'est bien a cause de sa que je n'arive plus à me conecter
(sacahnt que sur mn pc portable conecter à la wifi je me conecte sans aucun problémes)!!
merci d'avance!

Mitsuka · Answer

voila, ca bug encore, que puis- je faire svp.

flowerspower · Answer

j'ai le mm virus depuis deux heures et je suis tellement nulle en informatique que je n'arrive pas a le supprimer mm ac vos indications!

amory · Answer

voila j'ai suivi les instruction et mon pc va bien mnt 
plus de probleme .. jte remerci bcp :) sur ce.. jte donne les contenu.. 


 
SDFix: Version 1.127

Run by Amorrr on ven. 18/01/2008 at 18:25

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\Program Files\Temporary\kernInst.exe - Deleted
C:\DOCUME~1\Amorrr\LOCALS~1\Temp\services.exe  - Deleted
C:\WINDOWS\17PHolmes*.exe  - Deleted
C:\WINDOWS\b12?.exe  - Deleted
C:\WINDOWS\mrofinu*.exe  - Deleted
C:\WINDOWS\mrofinu*.exe.tmp  - Deleted
C:\WINDOWS\system32\sup.bat  - Deleted



Folder C:\Program Files\Temporary - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-18 18:29:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 7


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\eMule\eMule.exe"="C:\Program Files\eMule\eMule.exe:*:Disabled:eMule Plus"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe"="C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:*:Enabled:Football Manager 2008"
"C:\DOCUME~1\Amorrr\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\Amorrr\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\MSN Messenger\msnmsgr.exe"="C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\Program Files\MSN Messenger\livecall.exe"="C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Tue 15 Jan 2008     5,129,544 ...H. --- "C:\Program Files\Abra Academy Returning Cast\AbraAcademy2.exe"
Thu 13 Dec 2007     1,492,296 ...H. --- "C:\Program Files\Big City Adventure - San Francisco\bigcityadventuresf.exe"
Tue  2 Oct 2007    21,547,032 ...H. --- "C:\Program Files\Hide and Secret\Hide-and-Secret.exe"
Thu 13 Dec 2007     1,578,312 ...H. --- "C:\Program Files\Travelogue 360 Paris\TraveLogue-Paris.exe"
Fri  9 Nov 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 31 Oct 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Fri 26 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\5c703fe0947475848e966b61999878d1\BIT1.tmp"

Finished!

Jopi · Answer

ça sert a quoi de recopier le rapport sur le site?

agat2904@hotmail.fr · Answer

J'ai eu le même Probleme , Ma connexion internet et mon ordi ne fonctionner plus ... J'ai reussi a retablir la connexion internet .. Je ne detecte plus de virus avec Avast .. Mais , Un pb , lorsque je me connecte a msn , J'envoi toujour le msg " Hey c'est aps toi?" Avec ce fameux lien ... Je n'arrive pas a le supprimer , j'ai essayer de desinstaller Msn et de le réinstaller mais Cela n'a pas marcher ..

Que faire ? ... Comment puis-je retrouver Msn sans Bug ? ...

Merci d'avance Pour vos reponses ...

fredo · Answer

Mci beaucoup, je men sui débarassé grace a toi jten remerci ^^

973 · Answer

SDFix: Version 1.129

Run by LCP on 19/01/2008 at 22:28

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\LCP\MESDOC~1\SDFix

Safe Mode:
Checking Services: 


Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\DOCUME~1\LCP\LOCALS~1\Temp\services.exe  - Deleted
C:\WINDOWS\17PHolmes*.exe  - Deleted
C:\WINDOWS\mrofinu*.exe  - Deleted
C:\WINDOWS\mrofinu*.exe.tmp  - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-19 22:36:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 877


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Soulseek\slsk.exe"="C:\Program Files\Soulseek\slsk.exe:*:Enabled:SoulSeek"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\DOCUME~1\LCP\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\LCP\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\mqsvc.exe"="C:\WINDOWS\system32\mqsvc.exe:*:Enabled:Message Queuing"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\LCP\MESDOC~1\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat  3 Mar 2007            88 ..SHR --- "C:\WINDOWS\system32\D426723B54.sys"
Sat  3 Mar 2007         4,442 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Wed 19 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT1.tmp"

Finished!

SANDWICH · Answer

MSNFix 1.639-2  
 
D:\Documents and Settings\$andy\Local Settings\Temporary Internet Files\Content.IE5\E9EW2U5S\MSNFix[1]\MSNFix 
Fix exécuté le 23/01/2008 - 13:20:25,48 By $andy 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\WINDOWS\system32\microsoft\backup.ftp 
... C:\WINDOWS\system32\microsoft\backup.tftp 
 
************************ Recherche les dossiers présents       
 
... C:\Program Files\Temporary\ 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp  
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp  
 
 
************************ Suppression des dossiers       
 
/!\ ...  C:\Program Files\Temporary\   
 
 
************************ Nettoyage du registre 
 
 
 
************************ Fichiers suspects 
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention 
 
[C:\m9w3l6u1g.exe] 50F31A79EF37407200276FEABAC02F0E 

 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 23012008_13205679.zip
 
 
------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

jlpjlp · Answer

MERCI A CHACUN DE FAIRE SON PROPRE POST!!!

SANDWICH · Answer

pardon mais je comprend pas ce que tu veux dire

jlpjlp · Answer

slt, il y à plusieurs personnes qui exposent leurs problème dans ce post . On se mélange les soins à appliquer à chacun pour régler son problème. Donc il est préférable que tu cré sur la page d'acteuil du forum ton propre post où tu exposera ton problème

mikrob · Answer

Bonjour, J'ai eu le même problème et un collègue m'a passé le lien de cette page! 
J'ai donc suivi vos conseils et j'ai eu ce "Report txt" 

Qu'est-ce qu'on doit faire après ? le problème continu encore et toujours !!???


SDFix: Version 1.137

Run by Mikrob on 06/02/2008 at 19:22

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\Mikrob\Bureau\SDFix

Safe Mode:
Checking Services: 

Name:
astq
CcEvtSvc
kcp

Path:
\??\C:\WINDOWS\system32\drivers\astq.tga 
%SystemRoot%\System32\CcEvtSvc.exe -k netsvcs
\??\C:\WINDOWS\system32\drivers\kcp.sys 

astq - Deleted
CcEvtSvc - Deleted
kcp - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Service Syuh65 - Deleted after Reboot

Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\system32\drivers\Syuh65.sys - Deleted
C:\WINDOWS\SYSTEM32\NETRFD~1.EXE - Deleted
C:\-17422~1 - Deleted
C:\WINDOWS\SYSTEM32\UUSSDDWW.TMP - Deleted
C:\WINDOWS\hotporn.exe  - Deleted
C:\WINDOWS\ie_32.exe  - Deleted
C:\WINDOWS\system32\adult.txt  - Deleted
C:\WINDOWS\system32\burito.ini  - Deleted
C:\WINDOWS\system32\finance.txt  - Deleted
C:\WINDOWS\system32\lt.res  - Deleted
C:\WINDOWS\system32\other.txt  - Deleted
C:\WINDOWS\system32\pharma.txt  - Deleted
C:\WINDOWS\system32\sft.res  - Deleted
C:\WINDOWS\system32\svchost.t__  - Deleted
C:\WINDOWS\system32\svchost.tmp  - Deleted
C:\WINDOWS\system32\drivers\astq.tga  - Deleted





Removing Temp Files...

ADS Check:
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 19:29:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 49


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL France"
"C:\Documents and Settings\HP_Administrateur\Mes documents\Michel\LimeWire\LimeWire.exe"="C:\Documents and Settings\HP_Administrateur\Mes documents\Michel\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Documents and Settings\HP_Administrateur\Mes documents\Michel\installation\LimeWire\LimeWire\LimeWire.exe"="C:\Documents and Settings\HP_Administrateur\Mes documents\Michel\installation\LimeWire\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe"="C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare"
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe"="C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Enabled:Kodak Software Updater"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\Winamp Remote\bin\Orb.exe"="C:\Program Files\Winamp Remote\bin\Orb.exe:*:Enabled:Orb"
"C:\Program Files\Winamp Remote\bin\OrbTray.exe"="C:\Program Files\Winamp Remote\bin\OrbTray.exe:*:Enabled:OrbTray"
"C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe"="C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\Documents and Settings\Mikrob\Application Data\SopCast\adv\SopAdver.exe"="C:\Documents and Settings\Mikrob\Application Data\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver"
"C:\Program Files\SopCast\SopCast.exe"="C:\Program Files\SopCast\SopCast.exe:*:Enabled:SopCast Main Application"
"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe:*:Enabled:Veoh Client"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\DOCUME~1\Mikrob\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\Mikrob\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost"
"C:\WINDOWS\system32\wmedia32.exe"="C:\WINDOWS\system32\wmedia32.exe:*:Enabled:ENABLE"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------
C:\WINDOWS\hotporn.exe  Found
C:\WINDOWS\ie_32.exe  Found

File Backups: - C:\DOCUME~1\Mikrob\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Mon 12 Feb 2007           211 A.SHR --- "C:\BOOT.BAK"
Fri 12 Jun 1998         7,168 A..H. --- "C:\WINDOWS\system32\IrNet_19.dll"
Fri 12 Jun 1998        28,672 A..H. --- "C:\WINDOWS\system32\Sstod279.dll"
Thu 15 Feb 2007         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Tue 13 Feb 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 19 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1db9e52f9e862450a2af87f2f5a16dbc\BIT8E.tmp"
Thu 13 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BIT3.tmp"
Wed 19 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BIT8D.tmp"
Fri  5 Oct 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b8426e25532eb668f59dd4d969b4a550\BIT3.tmp"
Wed 19 Sep 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cf7ced0e70c80a1e476f1abf49afecb1\BIT8C.tmp"
Wed  6 Feb 2008         5,686 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE1.tmp"
Wed  6 Feb 2008         5,940 A.SH. --- "C:\Documents and Settings\All Users\Documents\TV enregistr‚e\TempRec\TempSBE\SBE2.tmp"
Thu 15 Mar 2007     6,798,298 A..H. --- "C:\N360_BACKUP\Drive_C\Documents and Settings\HP_Administrateur\Mes documents\Downloads\Photoshop_album_SE_3_0_FR.zip"
Fri  2 Mar 2007   278,695,200 A..H. --- "C:\N360_BACKUP\Drive_C\Documents and Settings\HP_Administrateur\Mes documents\Downloads\TmNationsESWC_Setup.exe"

Finished!

Virus "c'est pas toi?"

46 réponses

Votre réponse

Discussions similaires

Newsletters