Virus msn iradié?
BeNrOo
-
BeNrOo -
BeNrOo -
Bonjour,
Comme beacoup de personne j'ai cliquer sur le lien que l'on recoit sur msn "ta tof ici" etc il y a quelques semaines..
Je me décide de l'enlever aujourd'hui, en utilisant MSNFix dont je vous renvoie le rapport :
MSNFix 1.706
C:\MSNFix
Fix exécuté le 16/04/2008 - 18:17:49,64 By Biggies Small
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\%%%.exe
... C:\WINDOWS\system32\%%%.exe
... C:\WINDOWS\system32\%%%.exe
... C:\Program Files\Twain\Twain.exe
... C:\Program Files\Twain
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\Temporary\InsiDERInst.exe
... C:\Program Files\CPV\CPV7.dll
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\JavaCore\UnInstall.exe
... C:\Program Files\Temporary\InsiDERInst.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
... \TEMP\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\
... C:\Program Files\CPV\
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
.. OK ... C:\Program Files\Twain\Twain.exe
.. OK ... C:\Program Files\Twain
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\Temporary\InsiDERInst.exe
.. OK ... C:\Program Files\CPV\CPV7.dll
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\JavaCore\UnInstall.exe
.. OK ... C:\Program Files\Temporary\InsiDERInst.exe
/!\ ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Suppression des dossiers
/!\ ... \TEMP\
.. OK ... C:\Program Files\InetGet2\
/!\ ... C:\Program Files\Temporary\
/!\ ... C:\Program Files\CPV\
/!\ ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\system32\%.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 16042008_18204475.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Le virus est il partit???????
Merci !
Comme beacoup de personne j'ai cliquer sur le lien que l'on recoit sur msn "ta tof ici" etc il y a quelques semaines..
Je me décide de l'enlever aujourd'hui, en utilisant MSNFix dont je vous renvoie le rapport :
MSNFix 1.706
C:\MSNFix
Fix exécuté le 16/04/2008 - 18:17:49,64 By Biggies Small
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\system32\%%%.exe
... C:\WINDOWS\system32\%%%.exe
... C:\WINDOWS\system32\%%%.exe
... C:\Program Files\Twain\Twain.exe
... C:\Program Files\Twain
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\Temporary\InsiDERInst.exe
... C:\Program Files\CPV\CPV7.dll
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
... C:\Program Files\JavaCore\UnInstall.exe
... C:\Program Files\Temporary\InsiDERInst.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
... \TEMP\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\
... C:\Program Files\CPV\
... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\system32\%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
/!\ ... C:\WINDOWS\system32\%%%.exe
.. OK ... C:\Program Files\Twain\Twain.exe
.. OK ... C:\Program Files\Twain
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\Temporary\InsiDERInst.exe
.. OK ... C:\Program Files\CPV\CPV7.dll
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\wintouch.cfg
.. OK ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\WTUninstaller.exe
.. OK ... C:\Program Files\JavaCore\UnInstall.exe
.. OK ... C:\Program Files\Temporary\InsiDERInst.exe
/!\ ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\system32\real.txt
************************ Suppression des dossiers
/!\ ... \TEMP\
.. OK ... C:\Program Files\InetGet2\
/!\ ... C:\Program Files\Temporary\
/!\ ... C:\Program Files\CPV\
/!\ ... C:\DOCUME~1\BIGGIE~1\APPLIC~1\WinTouch\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\system32\%.exe
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 16042008_18204475.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\%.exe
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Le virus est il partit???????
Merci !
A voir également:
- Virus msn iradié?
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn messenger - Télécharger - Messagerie
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
5 réponses
Ah ba c'est déjà fait, c'est le rapport d'après redémarage et rien à signaler pour l'instant sur msn ^^
Ca semble bon je crois, merci !
Ca semble bon je crois, merci !
nonnnnnnnnnnnnnnnnnnnnn
apres genre 20minutes de paix il refait son apparition!
ouverture de fenetre msn + pub à l'écran, pourtant j'ai utilisé votre logiciel, comment ca se fait?
apres genre 20minutes de paix il refait son apparition!
ouverture de fenetre msn + pub à l'écran, pourtant j'ai utilisé votre logiciel, comment ca se fait?
ALT GR<CTRL<SUPPR puis proccesus regarde normalement ta un proccesus ou ya des nombre au debut et a la fin du proccesus ex 1429xxxxxxx1452
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Ah non dsl j'ai pas ce processus la...
voila mon nouveau rapport avec sdfix
[b]SDFix: Version 1.167 [/b]
Run by Biggies Small on 17/04/2008 at 16:03
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\%%%.exe - Deleted
C:\Documents and Settings\Biggies Small\Application Data\WinTouch\wintouch.MSNFix - Deleted
C:\Documents and Settings\Biggies Small\Application Data\WinTouch\WTUninstaller.MSNFix - Deleted
C:\Program Files\JavaCore\UnInstall.MSNFix - Deleted
C:\Program Files\Temporary\InsiDERInst.MSNFix - Deleted
Folder C:\Documents and Settings\Biggies Small\Application Data\WinTouch - Removed
Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 16:07:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\benroo\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\benroo\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
"E:\\OFFICE2007\\Office12\\OUTLOOK.EXE"="E:\\OFFICE2007\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT9.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITE.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITA.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e997085302ceb108f7932d89e50db5c\BITD.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c17490c3b6e34e2e56da73bd94d728\BIT5.tmp"
Sun 30 Mar 2008 10,092,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b3179d71e82d8085d960408b16ae5bf\BIT3C.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITC.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT8.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT4.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITB.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\db9095487d64c31e41efe4dce48d2111\BIT7.tmp"
Sun 30 Mar 2008 39,301,304 A..H. --- "C:\Documents and Settings\Biggies Small\Local Settings\Temp\VSSETUP50727.42.28\1036\BIT22.tmp"
[b]Finished![/b]
voila mon nouveau rapport avec sdfix
[b]SDFix: Version 1.167 [/b]
Run by Biggies Small on 17/04/2008 at 16:03
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\%%%.exe - Deleted
C:\Documents and Settings\Biggies Small\Application Data\WinTouch\wintouch.MSNFix - Deleted
C:\Documents and Settings\Biggies Small\Application Data\WinTouch\WTUninstaller.MSNFix - Deleted
C:\Program Files\JavaCore\UnInstall.MSNFix - Deleted
C:\Program Files\Temporary\InsiDERInst.MSNFix - Deleted
Folder C:\Documents and Settings\Biggies Small\Application Data\WinTouch - Removed
Folder C:\Program Files\JavaCore - Removed
Folder C:\Program Files\Temporary - Removed
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 16:07:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\benroo\\counter-strike\\hl.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\benroo\\counter-strike\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\WINDOWS\\system32\\%%%.exe"="C:\\WINDOWS\\system32\\%%%.exe:*:Enabled:Flash Media"
"E:\\OFFICE2007\\Office12\\OUTLOOK.EXE"="E:\\OFFICE2007\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\0a67b6c406b1d7e0f5c1e6f6d44a3f6e\BIT6.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\18b19374451d28a8fbaf1939cf31ff45\BIT9.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\22fb973e059470cc1b5d76c4ae605351\BITE.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\2769b111678c52099a3b3123b12f2325\BITA.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e997085302ceb108f7932d89e50db5c\BITD.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\84c17490c3b6e34e2e56da73bd94d728\BIT5.tmp"
Sun 30 Mar 2008 10,092,048 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\8b3179d71e82d8085d960408b16ae5bf\BIT3C.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\9e870549834e2bceb796e44a1e3ac6f5\BITC.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cb8921d0c7830b2f33c00fa4c8a10d17\BIT8.tmp"
Sat 29 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\cc102203f99c8c6ebf1523556f8411b6\BIT4.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d77b9b5b8fed23dd91f50d167cce60d3\BITB.tmp"
Sun 30 Mar 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\db9095487d64c31e41efe4dce48d2111\BIT7.tmp"
Sun 30 Mar 2008 39,301,304 A..H. --- "C:\Documents and Settings\Biggies Small\Local Settings\Temp\VSSETUP50727.42.28\1036\BIT22.tmp"
[b]Finished![/b]
