Se connecter / S'enregistrer
Votre question

[ R E S O L U ]ENCORE DES VIRUS VIA MSN !!!

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
21 Janvier 2008 21:49:16

Bonjours tous le monde,

erf voila il y a de sa quelque jour j'ai a nouveau chopper unvirus via msn mais un des dernier il tourne comme sa :

il envoi se message

c'est pas toi!?? ---

les étoile représente évidement Notre adresse e-mail j'ai essayer plusieur truc :

-Scan via avast! -------> des virus trouver et effacer mais le bug toujours présent toujours présent

- Scan via BitDefender -----> idem

A mince je vous et pas dit se qu'il me faisai.
Ben voila des que j'allume msn 3minute se passe sans rien comme si de rien n'été puis hop d'un coup TOUTE les gens connecter reçoivent en même temps le message

c'est pas toi!?? ---

Je ne sais pas quoi faire je peu vous faire une rapport avec hijacthis si vous le souhaiter ou si vous avez une autre solution je prend volontier

merci d'avance

( j'en ai marre de formater tout les 4 matin a cause des virus merci de m'aider s'il vous plai )

Autres pages sur : virus via msn

a b 8 Sécurité
21 Janvier 2008 22:44:05

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
22 Janvier 2008 18:52:46

MSNFix 1.639-2

C:\Documents and Settings\Renaud\Bureau\MSNFix
Fix exécuté le 22/01/2008 - 18:47:57,06 By Renaud
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\Renaud\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Renaud\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Renaud\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Renaud\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\Fonts\unins000.exe] 89F1693BCA5D6AB02FF206DD2AB51B7A
[C:\DOCUME~1\Renaud\LOCALS~1\Temp\14.zip] 66367120B282D9E9EDF8186849035264
[C:\DOCUME~1\Renaud\LOCALS~1\Temp\218.zip] C300B5F9B6533D758732561273F88B59
[C:\upaq.exe] 68D9A79AA5906E4AF60AA2DBE0840DAE



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22012008_18504456.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Contenus similaires
22 Janvier 2008 18:54:54

j'esper que sa te suffira malgrés que je ne connaisse pas trop tout se qui est desinfection etc... j'ai compris quelque truc mais je m'aventure pas sans avis d'un connaisseur mais je pense que sa vien de c'est fichier

... C:\DOCUME~1\Renaud\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\Renaud\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Renaud\??????.exe
... C:\WINDOWS\17PHolmes1148.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp


Je me trompe?? je te demande sa me permetra d'améliorer mes connaissance informatique de se côter la merci a toi de m'aider
a b 8 Sécurité
22 Janvier 2008 19:01:40

Reposte un rapport Hijackthis :) 
22 Janvier 2008 19:13:14

et merde sa t'avance pas :/ 
ok alors
22 Janvier 2008 19:14:47

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:14:09, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7203 bytes
a b 8 Sécurité
22 Janvier 2008 19:15:56

Bah c'est pour terminer :) 
22 Janvier 2008 19:34:54

Quoi?? c'est pour terminer hein?? je fait quoi alors?? parce que je ne sais pas vraiment si je suis définitivement débaraser de s'te me*** J'ai fini la?? non pas déjà j'ai eu un message d'erreu tout a leur :/  je suis perdu :p 
22 Janvier 2008 19:50:34

et aprép je pouré remetre avast! ou antivir et un antivirus résident? qui se met également a jour comme avast?

je me permet de poser la question en attendant le telechargement ( qui est long :o  )
22 Janvier 2008 20:55:37

a s'ayer j'ai lu et même fait tout se qui me disai ( scan en mode sans echec ) j'ai eu un raport mais je ne l'ai pas enregistrer :/  et j'ai redemarer en normal esqu'il y as moyen de le retrouver pour te l'envoyer? ou est ce que tu n'en as pas besoin ?

( oulalala j'ai encore des progrés a faire )
22 Janvier 2008 21:02:44

J'ai fouiller et j'ai trouver !!!!!!


voila mon raport




AntiVir PersonalEdition Classic
Report file date: mardi 22 janvier 2008 20:11

Scanning for 1063907 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Renaud
Computer name: KIEFFER-8D73F86

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:05:37
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 19:05:37
ANTIVIR3.VDF : 7.0.2.31 319488 Bytes 22/01/2008 19:05:37
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 22/01/2008 19:05:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 22/01/2008 19:05:38
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 22 janvier 2008 20:11

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upaq.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\91TCVN6G\df34[1].htm
[DETECTION] Is the Trojan horse TR/Agent.18944
[INFO] The file was deleted!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\91TCVN6G\df34[2].htm
[DETECTION] Is the Trojan horse TR/Agent.18944
[INFO] The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RVBCSXMR\mutex_n1_21_01_08_0[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\RVBCSXMR\mutex_n1_21_01_08_0[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Bureau\MSNFix\22012008_18504456.zip
[0] Archive type: ZIP
--> backup/17PHolmes1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/agfysj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/batrxu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/bsvvxs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/casgkx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cbkvtl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dajire.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ddrpfp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dflrar.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dgtpbp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/drmjba.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dsqjze.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dweswg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/dzjlwm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/eczfvd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/efawbm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/emwwdb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/epfbrw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fiqgxf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fjbzbf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gewgix.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gmyfxp.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/gpmume.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gpwhfx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gzbczu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gzizer.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hnexzu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/huqdmg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/idazag.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ikcnhy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/jxnphy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kmaida.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/kukowh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lgvkad.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lngipi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lxiasa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mncjni.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ngzwdp.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/oeqjgi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ppsaui.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qeevox.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qgpokk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qivwcj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qtaktm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/raxsfy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/seoobl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> backup/syjhaz.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tuceza.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tuvhnc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uqwhpu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/uvshqp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wsfmxo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xdhxkq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xdmevg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xgxvrk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ydvnrf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ypkwbt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yujnwc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zhhrje.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zrahrl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temp\1149854643.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temp\1820649078.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temp\291837036.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temp\425352836.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\312Z4567\addy[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\312Z4567\cprdshtvt[1].htm
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\312Z4567\mutex_n1_21_01_08_0[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\cprdshtvt[1].htm
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\lsegihwln[1].txt
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\89ABCDEF\zgshj[1].htm
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLIN\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLIN\ddos[1].txt
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alm Backdoor server programs
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLIN\rvljyazbq[1].htm
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLIN\rvljyazbq[2].htm
[DETECTION] The file contains an executable. This, however, is disguised by a harmless file extension (HIDDENEXT/Crypted)
[INFO] The file was deleted!
C:\Documents and Settings\Renaud\Local Settings\Temporary Internet Files\Content.IE5\OPQRSPUV\mutex_n1_21_01_08_0[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\svchost.exe:exm.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
C:\WINDOWS\system32\ztx86.sys
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was deleted!
C:\WINDOWS\Temp\1156342737.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\WINDOWS\Temp\1703174599.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!
C:\WINDOWS\Temp\505921654.exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was deleted!


End of the scan: mardi 22 janvier 2008 20:45
Used time: 34:05 min

The scan has been done completely.

7097 Scanning directories
295817 Files were scanned
88 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
26 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
295729 Files not concerned
1943 Archives were scanned
1 Warnings
0 Notes

a b 8 Sécurité
22 Janvier 2008 21:09:19

Reposte un rapport Hijackthis.
22 Janvier 2008 21:12:41

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:41, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://french.eazel.com/index.php?rvs=hompag
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [OoPDFSettingsv6.exe] C:\Program Files\OFFICE One6.5\OFFICE One PDF Manager\OoPDFSettingsv6.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7103 bytes




voila mon capitaine mais j'ai tester ( ouvert msn) et sa m'envoi plus le message (j'ai pas fait une erreu de reouvrir enfin msn j'esper)
a b 8 Sécurité
22 Janvier 2008 21:15:45

Tu as encore des soucis ?
22 Janvier 2008 21:30:16

non je n'est plus de souci sur msn mais et il vraiment suprilmer?? ouy peut il réaparzetre
a b 8 Sécurité
22 Janvier 2008 21:48:43

Supprimé ;) 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS