Virus
sneajy
Messages postés
8
Statut
Membre
-
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
Destrio5 Messages postés 99820 Date d'inscription Statut Modérateur Dernière intervention -
au secours aidez moi, j'ai eu un virus par msn, il est corriace celui la, j'ai deja consulter pas mal de forum fais tout ce qu'on a conseille de faire mais rien, nada, nothing (s'il faut vous le dire en plusieurs langue, faites le moi savoir)
ca envoie un message en espagnol à mes contact.
j'ai fait un scan avec hijackthis et vla le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:44 AM, on 9/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ZNKLI.exe
C:\Program Files\Micro Application\9 DICOS Indispensables\MediaDICO9.EXE
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Micro Application\9 DICOS Indispensables\Rac9.EXE
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MediaDico9] C:\Program Files\Micro Application\9 DICOS Indispensables\LanceMediaDICO9.exe Lancement
O4 - HKCU\..\Run: [ZNKLI] C:\WINDOWS\system32\ZNKLI.exe
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - Startup: VirtuaGirl HD.LNK = ?
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} (AstroAvengerLoader Control) - http://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
ca envoie un message en espagnol à mes contact.
j'ai fait un scan avec hijackthis et vla le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:06:44 AM, on 9/14/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\HiYo\bin\HiYo.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ZNKLI.exe
C:\Program Files\Micro Application\9 DICOS Indispensables\MediaDICO9.EXE
C:\Program Files\TRENDnet\TEW-424UB\TRENDnet.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Micro Application\9 DICOS Indispensables\Rac9.EXE
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [VoipBuster] "C:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MediaDico9] C:\Program Files\Micro Application\9 DICOS Indispensables\LanceMediaDICO9.exe Lancement
O4 - HKCU\..\Run: [ZNKLI] C:\WINDOWS\system32\ZNKLI.exe
O4 - HKCU\..\Run: [csrss] C:\WINDOWS\csrss.exe
O4 - Startup: VirtuaGirl HD.LNK = ?
O4 - Global Startup: Wireless Configuration Utility HW.32.lnk = ?
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D441AB53-A39C-42AE-AB79-3C05B7298F34} (AstroAvengerLoader Control) - http://www.shockwave.com/content/astroavenger2/sis/AstroAvenger2Loader.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: SiS WirelessLan Service (SiSWLSvc) - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\SiSWLSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
- Ordinateur bloqué virus - Accueil - Arnaque
5 réponses
Salut,
* Télécharge SDFix (par Andy Manchesta) et sauvegarde-le sur ton bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
* Redémarre le PC en mode sans échec :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le nettoyage.
* Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du bureau, l'outil aura terminé et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
* Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le rapport du fichier Report.txt.
* Télécharge SDFix (par Andy Manchesta) et sauvegarde-le sur ton bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double-clique sur SDFix.exe et choisis Install pour l'extraire dans son dossier sur le bureau.
* Redémarre le PC en mode sans échec :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
* Choisis ton compte.
Déroule la liste des instructions ci-dessous :
* Ouvre le dossier SDFix qui vient d'être créé sur le bureau et double-clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le nettoyage.
* Quand il te le demandera, appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long à redémarrer car l'outil va continuer à s'exécuter et supprimer des fichiers.
* Après le chargement du bureau, l'outil aura terminé et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton bureau.
* Le rapport SDFix s'ouvrira et il sera enregistré dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le rapport du fichier Report.txt.
merci de m'iader!!! mais ca ne fonctionne tjrs pas!!! le message que ca envoie à mes contacts msn est
: hey
: http://juegosss.no-ip.biz
: mira esta animacion de bush
et le rapport de SDFix
[b]SDFix: Version 1.225 [/b]
Run by y on Sun 09/14/2008 at 10:45 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\y\Desktop\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\y\Local Settings\Temp\nse52.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsl64.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsm7C.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsv186.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsw1B.tmp.exe - Deleted
C:\Documents and Settings\y\Desktop\Videos.url - Deleted
C:\Documents and Settings\y\Favorites\Videos.url - Deleted
C:\Documents and Settings\y\Start Menu\Programs\Videos.url - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 10:53:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager"
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"="C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe:*:Enabled:ESET NOD32 Antivirus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Documents and Settings\\y\\My Documents\\Downloads\\Programs\\setup-vghd_cIgwrZWK.exe"="C:\\Documents and Settings\\y\\My Documents\\Downloads\\Programs\\setup-vghd_cIgwrZWK.exe:*:Enabled:setup-vghd_cIgwrZWK"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\y\Desktop\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 11 Sep 2008 45,056 ...H. --- "C:\WINDOWS\system32\ZNKLI.exe"
Tue 9 Sep 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 10 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT21.tmp"
Tue 12 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\BIT1.tmp"
Sun 10 Aug 2008 2,585,864 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a2c8f709dd0237a7e496be18e0ba404e\BIT2B.tmp"
Sun 10 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9f6fad75dbdac35a8ef8c60acfcb1a4\BIT2B.tmp"
Mon 11 Aug 2008 3,554,958 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f794a6b2dc23c3d293e2169d41ddf7fb\BIT57.tmp"
Tue 9 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT10.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\y\Application Data\U3\temp\Launchpad Removal.exe"
Sun 10 Aug 2008 3,884,751 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ef77232e6f7faea77bfc1ae4b57d4af\download\BIT19.tmp"
Sun 10 Aug 2008 3,884,751 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a6716fbd815ccf803b5defe069dfc99d\download\BIT2C.tmp"
[b]Finished![/b]
: hey
: http://juegosss.no-ip.biz
: mira esta animacion de bush
et le rapport de SDFix
[b]SDFix: Version 1.225 [/b]
Run by y on Sun 09/14/2008 at 10:45 AM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\Documents and Settings\y\Desktop\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\Documents and Settings\y\Local Settings\Temp\nse52.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsl64.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsm7C.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsv186.tmp.exe - Deleted
C:\Documents and Settings\y\Local Settings\Temp\nsw1B.tmp.exe - Deleted
C:\Documents and Settings\y\Desktop\Videos.url - Deleted
C:\Documents and Settings\y\Favorites\Videos.url - Deleted
C:\Documents and Settings\y\Start Menu\Programs\Videos.url - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 10:53:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\ESENT]
"EventMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
"CategoryMessageFile"=str(2):"c:\windows\system32\ESENT.dll"
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"="C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe:*:Enabled:VoipBuster"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe:*:Enabled:Yahoo! FT Server"
"C:\\Program Files\\Internet Download Manager\\IDMan.exe"="C:\\Program Files\\Internet Download Manager\\IDMan.exe:*:Enabled:Internet Download Manager"
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"="C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe:*:Enabled:ESET NOD32 Antivirus"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"="C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe:*:Enabled:iMesh"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Documents and Settings\\y\\My Documents\\Downloads\\Programs\\setup-vghd_cIgwrZWK.exe"="C:\\Documents and Settings\\y\\My Documents\\Downloads\\Programs\\setup-vghd_cIgwrZWK.exe:*:Enabled:setup-vghd_cIgwrZWK"
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe:*:Enabled:Google Talk"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe:*:Enabled:BearShare"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files [/b]:
File Backups: - C:\DOCUME~1\y\Desktop\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Thu 11 Sep 2008 45,056 ...H. --- "C:\WINDOWS\system32\ZNKLI.exe"
Tue 9 Sep 2008 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 10 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4f79e01ce8ee10a7556514a051f797f4\BIT21.tmp"
Tue 12 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\66b1d8e81a20b4b541ab3e558f2fd638\BIT1.tmp"
Sun 10 Aug 2008 2,585,864 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a2c8f709dd0237a7e496be18e0ba404e\BIT2B.tmp"
Sun 10 Aug 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\d9f6fad75dbdac35a8ef8c60acfcb1a4\BIT2B.tmp"
Mon 11 Aug 2008 3,554,958 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f794a6b2dc23c3d293e2169d41ddf7fb\BIT57.tmp"
Tue 9 Sep 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT10.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\y\Application Data\U3\temp\Launchpad Removal.exe"
Sun 10 Aug 2008 3,884,751 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\1ef77232e6f7faea77bfc1ae4b57d4af\download\BIT19.tmp"
Sun 10 Aug 2008 3,884,751 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\a6716fbd815ccf803b5defe069dfc99d\download\BIT2C.tmp"
[b]Finished![/b]
- Télécharge MSNFix.zip (de !aur3n7) sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal.
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.t, poste-le.
http://sosvirus.changelog.fr/MSNFix.zip
- Décompresse-le (clic droit >> Extraire ici).
- Double-clique sur le fichier MSNFix.bat.
- Exécute l'option R.
Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage
Note : Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal.
- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.t, poste-le.
MSNFix 1.745
C:\Documents and Settings\y\Desktop\MSNFix
Fix exécuté le Sun 09/14/2008 - 11:15:07.48 By y
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Hostsclean
Cleanhosts v 0.1.0.7 By Laurent
-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20080914111837
-- original size 0.67 Kb / 19 lines
-- Start cleaning Hosts file ....
-- final size 0.67 Kb / 19 lines
-- entry Found : 0 / Entry check : 310
End .............................. 59.01 Secondes
************************ Fichiers suspects
Aucun Fichier trouvé
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
C:\Documents and Settings\y\Desktop\MSNFix
Fix exécuté le Sun 09/14/2008 - 11:15:07.48 By y
mode normal
************************ Recherche les fichiers présents
Aucun Fichier trouvé
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Hostsclean
Cleanhosts v 0.1.0.7 By Laurent
-- Backup : C:\WINDOWS\system32\drivers\etc\hosts-20080914111837
-- original size 0.67 Kb / 19 lines
-- Start cleaning Hosts file ....
-- final size 0.67 Kb / 19 lines
-- entry Found : 0 / Entry check : 310
End .............................. 59.01 Secondes
************************ Fichiers suspects
Aucun Fichier trouvé
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
