Virus msn - j ai besoin d aide

SLT

F - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

http://www.tutoriaux-excalibur.com/hijackthis.htm


Je vous conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
=============================================================
==========================================================================
Télécharge MSNFix.zip (de !aur3n7) sur le bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
post le sur le forum

MERCI DE TA REPONSE
VOICI LE RAPPORT


Logfile of HijackThis v1.99.1
Scan saved at 13:45:35, on 04/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\wdfmgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Proprietaire.NOM-NVV3U3E77A6\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://numericable.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://numericable.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wdfmgr.exe] C:\WINDOWS\wdfmgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Demo\Ghost Recon Advanced Warfighter Demo\Support\Register\RegistrationReminder.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/11984/CD/StarsDuPorn.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/...
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
--------------------------------------------------------------------------------------------------------------------------------------------------
MSNFix 1.484

C:\Documents and Settings\Proprietaire.NOM-NVV3U3E77A6\Bureau\MSNFix
Fix exécuté le 02/09/2007 - 21:25:08,57 By Proprietaire
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Z058_jpg.zip

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\Z058_jpg.zip



************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\Bobsaver.scr] 0A766FB55A1ABFF67499B8B2A74CFF66
[C:\WINDOWS\FONKY.scr] 833A9B453058609EAB2D81A994F020EE
[C:\WINDOWS\system32\ratscreen.scr] F9DBABDB339C1E62639B66456C97A219
[C:\Documents and Settings\Proprietaire.NOM-NVV3U3E77A6\config_DX.ini] E56CD37D380C7BF475E22802E03CD187


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02092007_21265301.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
MERCI ENCORE

SLt Tu est salement infectee.Dit moi tu n'a pas d'anti virus.Telecharge rapidemment Antivir et lance un scan.Il y va de la survie de ton ordi.
Une fois antivir installè je t'indiquerai la marche a suivre pour une desinfection totale de ton ordi.Clic sur le lien

ftp://ftp.commentcamarche.com/download/antivir_workstation_w­in7u_en_h.exe

Petit detail .Antivir est gratuit.

pouvez vous maider
jarrive pas a installer active x pour les jeux sur msn
je sais pas ou les debloquer dans mon ordi

Pour Val.Ici c'est le post de MARSEILLAISE.Si tu veux de l'aide cree ton propre post.Ton probleme se trouve dans le forum hardware.

voila je l ai telecharger maitenant je vais lancer le scan a tte et merci

AntiVir PersonalEdition Classic
Report file date: mercredi 5 septembre 2007 13:34

Scanning for 1048263 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Proprietaire
Computer name: PC

Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 11:33:54
ANTIVIR2.VDF : 6.39.1.74 1637376 Bytes 02/09/2007 11:33:54
ANTIVIR3.VDF : 6.39.1.92 94720 Bytes 05/09/2007 11:33:54
AVEWIN32.DLL : 7.4.1.66 2789888 Bytes 05/09/2007 11:33:54
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 05/09/2007 11:33:55
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 5 septembre 2007 13:34

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'WinCinemaMgr.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'hpohmr08.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'Save.exe' - '1' Module(s) have been scanned
Scan process 'Netscp.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\wdfmgr.exe'
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'wdfmgr.exe' has been terminated
C:\WINDOWS\wdfmgr.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.541696.1
[INFO] The file was moved to '474494ce.qua'!

37 processes with 36 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( '30' files ).


Starting the file scan:

Begin scan in 'C:\' <53_03_10>
C:\5g9p7x1h4a3.exe
[DETECTION] Contains signature of the dial-up program DIAL/52224.A.19
[INFO] The file was moved to '471794df.qua'!
C:\c8i6a4n9q4n8.exe
[DETECTION] Contains signature of the worm WORM/Sdbot.541696.1
[INFO] The file was moved to '474794b2.qua'!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Proprietaire.NOM-NVV3U3E77A6\Local Settings\Temporary Internet Files\Content.IE5\83DRY2RT\dual[1].jpg
[DETECTION] Contains signature of the dial-up program DIAL/52224.A.19
[INFO] The file was moved to '473f972f.qua'!
C:\Program Files\Fichiers communs\delsim\del.exe
[DETECTION] Contains signature of the dial-up program DIAL/52224.A.19
[INFO] The file was moved to '474a997c.qua'!
C:\Program Files\Navilog1\navilog1.bat
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '47549a8c.qua'!
C:\WINDOWS\Z058_jpg.zip
[DETECTION] Contains signature of the worm WORM/Sdbot.541696.1
[INFO] The file was moved to '47139aac.qua'!
Begin scan in 'D:\'
Search path D:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: mercredi 5 septembre 2007 14:20
Used time: 45:18 min

The scan has been done completely.

6243 Scanning directories
233597 Files were scanned
8 viruses and/or unwanted programs were found
1 classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
233588 Files not concerned
7601 Archives were scanned
2 Warnings
11 Notes
0 Hidden objects were found
voila le rapport AVEC LE SCAN

J ESPERE QUE LA SURVIE DE MON ORDI POURA SANS SORTIR ENDEME MERCI A TOI COMME MEME

TIENS POUR QUE TU VOIS MIEUX AU CAS OU :s ON C EST JAMAIS
------------------------------------



1. Worm/Rindu.D Worm 03 Sep 2007
2. HEUR/Exploit.HTML Heuristic 29 Aug 2007
3. Worm/Mydoom.CJ Worm 20 Aug 2007
4. HTML/Infected.WebPage.Gen Malware 16 Aug 2007
5. HTML/Zones.Gen Malware 16 Aug 2007
6. HTML/Rce.Gen Malware 16 Aug 2007
7. HTML/IEReg.Gen Malware 16 Aug 2007
8. HTML/Mailer.Gen Malware 16 Aug 2007
9. HTML/MHT.Gen Malware 16 Aug 2007
10. HTML/Icyfox.Gen Malware 16 Aug 2007
11. HTML/Silly.Gen Malware 16 Aug 2007
12. HTML/Shellcode.Gen Malware 16 Aug 2007
13. HTML/Malicious.ActiveX.Gen Malware 16 Aug 2007
14. Worm/Wigon.AB Worm 15 Aug 2007
15. TR/Dldr.EBill.7738 Trojan 13 Aug 2007
16. Worm/Ntech.D Worm 13 Aug 2007
17. Worm/Ntech.C Worm 08 Aug 2007
18. TR/Dldr.iBill.AZ Trojan 06 Aug 2007
19. HTML/Downloader.Gen Malware 18 Jul 2007
20. HTML/Crypted.Gen Malware 18 Jul 2007
21. HTML/ADODB.Exploit.Gen Malware 18 Jul 2007
22. HTML/Psyme.Gen Malware 18 Jul 2007
23. BDS/Bifrose.Gen Backdoor Server 18 Jul 2007
24. Worm/IRCBot.24040 Worm 10 Jul 2007
25. Worm/IRCBot.52736.4 Worm 10 Jul 2007
26. TR/Agent.aoy.1 Trojan 06 Jul 2007
27. TR/Small.DBY.LH.12 Trojan 06 Jul 2007
28. TR/Dldr.iBill.AW Trojan 06 Jul 2007
29. BDS/Agent.ahj.701 Backdoor Server 02 Jul 2007
30. Worm/Zafi.B Worm 28 Jun 2007
31. TR/Dldr.FakeAV.A.3 Trojan 28 Jun 2007
32. TR/Dldr.Nurech.Gen Trojan 28 Jun 2007
33. JS/Small.DN Malware 22 Jun 2007
34. TR/Dldr.Small.ddp.28 Trojan 21 Jun 2007
35. TR/Hijacker.Gen Trojan 19 Jun 2007
36. TR/Spy.Gen Trojan 19 Jun 2007
37. TR/Dropper.Gen Trojan 19 Jun 2007
38. TR/Crypt.Morphine.Gen Trojan 19 Jun 2007
39. TR/Dldr.Agent.11776 Trojan 19 Jun 2007
40. Raiffeisen Bank 1 Phishing 31 May 2007


------------------------

VOILA BISOUS ET A BIENTOT

jcroi ke sa n a rien a voir ske je vien d envoyé a mon dernier message de 14 h 26
dsl

OK

Pour verifier.Fait ca.
F - Hijackthis - Outil de diagnostic et réparation
télécharge HijackThis ici:
http://telechargement.zebulon.fr/138-hijackthis-1991.html
Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/Hijenr.gif
Lance le puis:
clique sur "do a system scan and save logfile" (cf démo)
faire un copier coller du log entier sur le forum
Démo : (Merci a Balltrap34 pour cette réalisation)
http://pageperso.aol.fr/balltrap34/demohijack.htm

http://www.tutoriaux-excalibur.com/hijackthis.htm


Je vous conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."

Dézippe le dans un dossier prévu à cet effet.
Par exemple C:\hijackthis < Enregistre le bien dans c : !
Démo : (Merci a Balltrap34 pour cette réalisation)

j arrive pa a faire cela
:s

BEN TIENS J AI REUSSI JE PENSE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:42, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Save\Save.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://numericable.fr/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = NUMERICABLE
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://numericable.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O2 - BHO: NavHelper Class - {C1E58A84-95B3-4630-B8C2-D06B77B7A0FC} - C:\Program Files\NavExcel\NavHelper\v2.0.4\NHelper.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\McRegWiz.exe /autorun
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CanalPlayerHelper] C:\Program Files\Lecteur CANALPLAY\CanalPlayerHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wdfmgr.exe] C:\WINDOWS\wdfmgr.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] C:\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Registration Ghost Recon Advanced Warfighter.LNK = C:\Program Files\Ubisoft\Demo\Ghost Recon Advanced Warfighter Demo\Support\Register\RegistrationReminder.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/11984/CD/StarsDuPorn.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/...
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
End of file - 8316 bytes

YA QUELQUN SNIFFFF J EN PEUX PLUS JE CONPREND PLUS RIEN

C EST LE BORDEL DANS MON PC .... :-(

Coucou je suis la .

Relance hijackthis et coches les cases ci dessous.Clic sur fixer.Ensuite post un nouveau rapport hijackthis.

O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O9 - Extra button: ShopperReports - Compare product prices - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE15} - C:\Program Files\ShopperReports\Bin\2.0.0\ShprRprt.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/...
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {86EEF11E-FF16-48CE-B1A2-474B663041A9} - http://kit.carpediem.fr/11984/CD/StarsDuPorn.exe
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} - http://a532.g.akamai.net/...

RE

MERCI

DONC JE DOIS REFAIRE UN SCAN ,,,?????

voila elle sont coché aprés que je les ai coché j appuie ou ?

sa doit etre celui la de boutton
dit moi avant que je le fase lol
FIX CHECKED ???
je suis nul je sais :s

Oui c'est celui ci.Allez au boulot.lol