Bonjour à tous,
Je suis moi aussi infectée par le virus nokia sur msn. Apparement impossible de le virer sans toucher un minimum en info...
Donc voila je viens chercher de l'aide ici.
j'attends vos réponses,
merci beaucoup.
Audrey
Message édité par zaudreyalyon le 13-11-2007 à 18:47:08
Bonjour,
Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.
Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
Répondre à Angeldark
RE!
euh... alors j'ai pas de dossier date_heure.log.
Par contre un bloc note s est ouvert contenant:
MSNFix 1.572
C:\Documents and Settings\moi-mˆme\Bureau\MSNFix
Fix exécuté le 10/11/2007 - 19:50:33,16 By moi-mˆme
mode normal
************************ Recherche les fichiers présents
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\3d3t4t8n7l.exe
... C:\er-1-1148.exe
... C:\k3d3t4t8n7l.exe
... C:\or-1-1148.exe
... C:\pr-1-1148.exe
... C:\vr-1-1148.exe
... C:\xr-1-1148.exe
... C:\zr-1-1148.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\ccSvcHst.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\Dance_dec_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\Dance_dec_jpg.zip is INFECTED
[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\InetGet2\
************************ Suppression des fichiers
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\er-1-1148.exe
.. OK ... C:\k3d3t4t8n7l.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\pr-1-1148.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\xr-1-1148.exe
.. OK ... C:\zr-1-1148.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
/!\ ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
.. OK ... C:\WINDOWS\LBTWiz.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\er-1-1148.exe
.. OK ... C:\pr-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\er-1-1148.exe
.. OK ... C:\pr-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\vr-1-1148.exe
.. OK ... C:\xr-1-1148.exe
.. OK ... C:\zr-1-1148.exe
.. OK ... C:\k3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\k3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\k3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\k3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Program Files\Fichiers communs\Carlson\
.. OK ... C:\PROGRA~1\InetGet2\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\PROGRA~1\quicktimealt150b1.exe] 4912C3C977950D88D205B508E04877F7
[color=#FF0000]==>[/color] SVP merci d'envoyer le fichier C:\DOCUME~1\MOI-MÊME\BUREAU\Upload_Me.zip sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10112007_19571089.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
c'est bien ca qu'il te faut?
Pardon, en fait c'etait bien ca, désolée de polluer le sujet...
Re,
CECI EST UNE ETAPE IMPORTANTE A REALISER !
Upload l'archive Upload_Me.zip contenant les fichiers suspects afin de développer l'outil MSNFix.
AIDE : Upload des fichiers supects pour MSNFix
Répondre à Angeldark
j'ai pas de fichier s'appelant upload_me.zip ...
Sur ton bureau, tu es sûr ?
Répondre à Angeldark
ben oui j'ai pas...
en zip je n ai que msnfix ....
Ok...
Télécharge puis installe Hijackthis (Trend Micro)
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
Répondre à Angeldark
le voici:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:58, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\moi-même\Mes documents\eMule\emule.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer [...] Plugin.cab
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 5740 bytes
Re,
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
Répondre à Angeldark
Re!
euh.. j'ai besoin que tu me parle avec des mots que je comprends.. (quoi? qui a dit que j'etais blonde?!!lol)
bref pour desinstaller avast je pense que je passe par "ajouter/ supprimer un programme" non?
et pour installer antivir je fais....?
Euh...tu as cliqué sur les liens ?
Répondre à Angeldark
dls...
voici le rapport:
AntiVir PersonalEdition Classic
Report file date: dimanche 11 novembre 2007 20:16
Scanning for 923375 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BUDY
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:56
ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 05/11/2007 19:07:54
ANTIVIR3.VDF : 7.0.0.197 104960 Bytes 09/11/2007 19:07:54
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 11/11/2007 19:07:54
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 11 novembre 2007 20:16
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'REALPLAY.EXE' - '1' Module(s) have been scanned
Scan process 'LVComS.exe' - '1' Module(s) have been scanned
Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned
Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned
Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '38' files ).
Starting the file scan:
Begin scan in 'C:\' <DISQUE DUR>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\tsitra1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\WINDOWS\mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\moi-même\Local Settings\Temporary Internet Files\Content.IE5\OJK9GH6V\wr-1-1148[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\moi-même\Local Settings\Temporary Internet Files\Content.IE5\OJK9GH6V\mrofinu[1].zip
[0] Archive type: ZIP
--> mrofinu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\moi-même\Local Settings\Temporary Internet Files\Content.IE5\E6EI6HWC\dual[1].jpg
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\Documents and Settings\moi-même\Local Settings\Temporary Internet Files\Content.IE5\E6EI6HWC\dance[1].jpg
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[INFO] The file was deleted!
C:\Documents and Settings\moi-même\Local Settings\Temporary Internet Files\Content.IE5\FRHPAN86\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\moi-même\Bureau\MSNFix\10112007_19571089.zip
[0] Archive type: ZIP
--> backup/carlton
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/er-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/k3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/or-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pr-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vr-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xr-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zr-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
--> backup/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
--> backup/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP418\A0097177.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP419\A0098144.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP424\A0098347.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP424\A0098396.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP425\A0098398.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP426\A0098477.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP426\A0099472.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP426\A0099487.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP427\A0099506.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP427\A0099514.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP428\A0100307.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP428\A0100353.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP428\A0102401.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102426.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102434.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102469.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102471.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102472.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102525.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102526.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP429\A0102548.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP430\A0103521.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP430\A0103574.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP430\A0103575.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP431\A0103595.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP431\A0103617.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP431\A0103618.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP431\A0103620.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP431\A0103622.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP431\A0103624.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103635.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103653.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103656.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103657.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103658.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103659.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103660.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103661.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103662.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103663.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103664.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103675.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103676.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103677.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103678.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103679.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103680.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103681.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103682.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103683.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103684.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103685.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103686.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103687.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{7D65FA75-CEC4-4949-A8E3-ACE730FEFF8E}\RP432\A0103688.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
Begin scan in 'D:\' <MUSIQUE>
End of the scan: dimanche 11 novembre 2007 20:44
Used time: 28:01 min
The scan has been done completely.
3320 Scanning directories
83262 Files were scanned
78 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
63 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
83184 Files not concerned
994 Archives were scanned
2 Warnings
0 Notes
Reposte un rapport Hijackthis.
Répondre à Angeldark
le voila:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:59, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Launch Manager\QtZgAcer.EXE
C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.neuf.fr
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPM-DM] c:\acer\epm\epm-dm.exe
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Configuration de la neuf Box] C:\Program Files\neuf telecom\neuf Box\Wizard\QuickAccess.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer [...] Plugin.cab
O23 - Service: Notebook Manager Service (anbmService) - Unknown owner - C:\Acer\eManager\anbmServ.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
--
End of file - 5674 bytes
C'est mieux ?
Répondre à Angeldark
yes
apparement plus de trace du virus.
pour finir, peux tu me dire si je peux virer tout ce que tele (msnfix, hujackthis, aswclear)?
On va faire le ménage avec ce tool.
- Télécharge ToolsCleaner sur ton Bureau.
- Clique sur Recherche et laisse le scan se terminer.
- Clique sur Suppression pour finaliser.
- Clique sur Quitter, pour que le rapport puisse se créer.
- Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)
Répondre à Angeldark
Salut!
-->- Recherche:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\moi-même\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\moi-même\Bureau\Msnfix.zip: trouvé !
C:\Documents and Settings\moi-même\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\moi-même\Bureau\MsnFix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\moi-même\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\moi-même\Bureau\Msnfix.zip: supprimé !
C:\Documents and Settings\moi-même\Bureau\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\moi-même\Bureau\MsnFix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
Apparement c'est bon non?
Pour aswclear, je supprime tout simplement?
Oui 
Répondre à Angeldark
et bien merci beaucoup pour ton aide alors! 
Bonne continuation! 
Bon surf !
Répondre à Angeldark
Il y a 301 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
