Netsky
steph
-
Kristopher Messages postés 3752 Statut Contributeur -
Kristopher Messages postés 3752 Statut Contributeur -
Bonjour,
j'ai chopé le virus netsky.d(et le .q je crois) , et j'arrive pas à l'enlever avec le cleaner de symantec, ni celui de wanadoo, qu'est ce que je pourrais faire??
y a t'il un risque de connecter la machine infectée au réseau local??
j'ai essayé en mode sans echec mais aucun résultat.
merci d'avance pour votre aide.
j'ai chopé le virus netsky.d(et le .q je crois) , et j'arrive pas à l'enlever avec le cleaner de symantec, ni celui de wanadoo, qu'est ce que je pourrais faire??
y a t'il un risque de connecter la machine infectée au réseau local??
j'ai essayé en mode sans echec mais aucun résultat.
merci d'avance pour votre aide.
4 réponses
Bonjour,
Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport sur le forum.
++
Scanne ton PC avec cet antivirus en ligne :
http://www.bitdefender.com/scan8/ie.html
Clique sur "I Agree" et scanne tout le PC.
Pense à accepter l'ActiveX bloqué par la barre anti-popup du SP2 (elle clignotera en haut).
Copie/colle le rapport sur le forum.
++
est ce normal que je trouve sur mon ordi 3500 fichiers .tmp ???
netsky n'est détecté que par f secure qui m'empéche d'accéder à mon gestionnaire de mails, maintenant je l'ai désactivé et ça a l'air de marcher, c'est pas f secure qui déconne par hasard??
merci
netsky n'est détecté que par f secure qui m'empéche d'accéder à mon gestionnaire de mails, maintenant je l'ai désactivé et ça a l'air de marcher, c'est pas f secure qui déconne par hasard??
merci
Re,
"c'est pas f secure qui déconne par hasard?? "
Est ce que j'ai l'air d'un thaumaturge ?
~~ Fais ceci dans l'ordre : ~~
1/ Télécharge et nettoie ton PC avec ces deux logiciels :
CCLEANER http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tutorial là : http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
CleanUp40
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo d’utilisation :
http://pageperso.aol.fr/balltrap34/democleanup.htm
2/ Effectue ce que je t'ai marqué au premier poste.
3/ Envoie ensuite ton log HijackThis. Pour ceci :
- Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
- Installe le dans son propre dossier.
Par exemple, C:\HijackThis
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
cya dude
"c'est pas f secure qui déconne par hasard?? "
Est ce que j'ai l'air d'un thaumaturge ?
~~ Fais ceci dans l'ordre : ~~
1/ Télécharge et nettoie ton PC avec ces deux logiciels :
CCLEANER http://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
Tutorial là : http://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php
CleanUp40
http://pageperso.aol.fr/Balltrap34/CleanUp40.exe
Démo d’utilisation :
http://pageperso.aol.fr/balltrap34/democleanup.htm
2/ Effectue ce que je t'ai marqué au premier poste.
3/ Envoie ensuite ton log HijackThis. Pour ceci :
- Télécharge HijackThis : http://www.01net.com/telecharger/windows/Internet/internet_utlitaire/fiches/29061.html
- Installe le dans son propre dossier.
Par exemple, C:\HijackThis
Choisis l'option "do a scan and a logfile", il va te générer un rapport, copie et colle sur le forum.
Regarde la démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
cya dude
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re: Bad Request][From: amouroux@agence3i.org]=>msg.doc
Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re: Bad Request][From: amouroux@agence3i.org]=>msg.doc
Deleted
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>(body)=>(Compressed Rtf)
Suspected of: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>(body)=>(Compressed Rtf)
Disinfection failed
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>(body)=>(Compressed Rtf)
Deleted
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>message.scr
Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>message.scr
Deleted
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)=>document_full.pif
Infected with: Win32.Netsky.D@mm
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)=>document_full.pif
Disinfection failed
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)=>document_full.pif
Deleted
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)
Updated
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)
Updated
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx
Update failed
C:\Program Files\Fichiers communs\eajhfcdn\cccllnpp\bjephntj.exe
Infected with: Trojan.Agent.AY
C:\Program Files\Fichiers communs\eajhfcdn\cccllnpp\bjephntj.exe
Disinfection failed
C:\Program Files\Fichiers communs\eajhfcdn\cccllnpp\bjephntj.exe
Deleted
C:\Program Files\Fichiers communs\eajhfcdn\edplaeptet\jlenhnnfh.exe
Infected with: Trojan.Agent.AY
C:\Program Files\Fichiers communs\eajhfcdn\edplaeptet\jlenhnnfh.exe
Disinfection failed
C:\Program Files\Fichiers communs\eajhfcdn\edplaeptet\jlenhnnfh.exe
Deleted
C:\Program Files\FileSubmit\Spring Pansies\NNEZTX638.exe
Detected with: Application.Adware.NewDotNet.B.Dropper
C:\Program Files\FileSubmit\Spring Pansies\NNEZTX638.exe
Deleted
Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Re: Bad Request][From: amouroux@agence3i.org]=>msg.doc
Deleted
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>(body)=>(Compressed Rtf)
Suspected of: Exploit.Iframe.Vulnerability
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>(body)=>(Compressed Rtf)
Disinfection failed
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>(body)=>(Compressed Rtf)
Deleted
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>message.scr
Infected with: Win32.Netsky.P@mm
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst=>[Subject: Mail Delivery (failure cv@sud-interim.com)][From: contact@arnal-neon-aquitaine.fr]=>message.scr
Deleted
C:\Documents and Settings\Sabine\Local Settings\Application Data\Microsoft\Outlook\outlook.pst
Updated
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)=>document_full.pif
Infected with: Win32.Netsky.D@mm
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)=>document_full.pif
Disinfection failed
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)=>document_full.pif
Deleted
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)=>[Subject: Re: Here is the document][Date: Mon, 1 Mar 2004 14:04:49 +0100]=>(MIME part)
Updated
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx=>(message 0)
Updated
C:\Documents and Settings\YFAUR-PEY\Local Settings\Application Data\Identities\{B04301B7-E509-4825-AE25-DC36FE528231}\Microsoft\Outlook Express\Éléments supprimés.dbx
Update failed
C:\Program Files\Fichiers communs\eajhfcdn\cccllnpp\bjephntj.exe
Infected with: Trojan.Agent.AY
C:\Program Files\Fichiers communs\eajhfcdn\cccllnpp\bjephntj.exe
Disinfection failed
C:\Program Files\Fichiers communs\eajhfcdn\cccllnpp\bjephntj.exe
Deleted
C:\Program Files\Fichiers communs\eajhfcdn\edplaeptet\jlenhnnfh.exe
Infected with: Trojan.Agent.AY
C:\Program Files\Fichiers communs\eajhfcdn\edplaeptet\jlenhnnfh.exe
Disinfection failed
C:\Program Files\Fichiers communs\eajhfcdn\edplaeptet\jlenhnnfh.exe
Deleted
C:\Program Files\FileSubmit\Spring Pansies\NNEZTX638.exe
Detected with: Application.Adware.NewDotNet.B.Dropper
C:\Program Files\FileSubmit\Spring Pansies\NNEZTX638.exe
Deleted
voici maintenant le rapport de hijack this:
Logfile of HijackThis v1.99.1
Scan saved at 09:29:40, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\flexlm\lmgrd.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\flexlm\msc.exe
C:\SDRC\I-DEAS8\Iona\bin\orbixd.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\SDRC\I-DEAS8\mf\mfjobman\bin\mfjobman.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\Documents and Settings\Sabine\Local Settings\Temporary Internet Files\Content.IE5\SD6JGD2J\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcwebtools.support.hp.com/goto/?Platform=hpaddon&ObjectType=fr&Name=Buttonwww
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=fntldr.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\ICQ\NDetect.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113563095419
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A952E5-3AF3-410A-B355-3D39D705878C}: Domain = wanadoo.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A952E5-3AF3-410A-B355-3D39D705878C}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing) (HKLM)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: e-DiagTools LAN Configuration Agent (edtlancfg) - Hewlett-Packard - C:\Program Files\HP\e-DiagTools\edtsrv.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXlm License Manager - GLOBEtrotter Software Inc. - C:\flexlm\lmgrd.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: I-DEAS 8 Open I-DEAS Server - Unknown owner - C:\SDRC\I-DEAS8\Iona\bin\orbixd.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Moldflow Job Manager (mfjobman) - Unknown owner - C:\SDRC\I-DEAS8\mf\mfjobman\bin\mfjobman.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Assistant Retrospect (Retrospect Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
Logfile of HijackThis v1.99.1
Scan saved at 09:29:40, on 17/03/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\flexlm\lmgrd.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\flexlm\msc.exe
C:\SDRC\I-DEAS8\Iona\bin\orbixd.exe
C:\WINDOWS\system32\cba\pds.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\SDRC\I-DEAS8\mf\mfjobman\bin\mfjobman.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\system32\ams_ii\iao.exe
C:\WINDOWS\system32\cba\xfr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\System32\qttask.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\tppaldr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\Program Files\F-Secure\Common\FSLAUNCH.EXE
C:\Documents and Settings\Sabine\Local Settings\Temporary Internet Files\Content.IE5\SD6JGD2J\HijackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.qsrch.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pcwebtools.support.hp.com/goto/?Platform=hpaddon&ObjectType=fr&Name=Buttonwww
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F1 - win.ini: run=fntldr.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Quick! - {4E7BD74F-2B8D-469E-C0FF-FD67B79CAF2C} - C:\PROGRA~1\quickbar\quickbar.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\ICQ\NDetect.exe
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TPP Auto Loader] C:\WINDOWS\tppaldr.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28177.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab30149.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020124/qtinstall.info.apple.com/qt505/fr/win/QuickTimeInstaller.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1113563095419
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab30149.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab28177.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A952E5-3AF3-410A-B355-3D39D705878C}: Domain = wanadoo.fr
O17 - HKLM\System\CCS\Services\Tcpip\..\{B7A952E5-3AF3-410A-B355-3D39D705878C}: NameServer = 193.252.19.3,193.252.19.4
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O19 - User stylesheet: (file missing) (HKLM)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: e-DiagTools LAN Configuration Agent (edtlancfg) - Hewlett-Packard - C:\Program Files\HP\e-DiagTools\edtsrv.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXlm License Manager - GLOBEtrotter Software Inc. - C:\flexlm\lmgrd.exe
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: I-DEAS 8 Open I-DEAS Server - Unknown owner - C:\SDRC\I-DEAS8\Iona\bin\orbixd.exe
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINDOWS\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINDOWS\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINDOWS\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINDOWS\system32\cba\pds.exe
O23 - Service: Moldflow Job Manager (mfjobman) - Unknown owner - C:\SDRC\I-DEAS8\mf\mfjobman\bin\mfjobman.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\retrorun.exe
O23 - Service: Assistant Retrospect (Retrospect Helper) - Dantz Development Corporation - C:\Program Files\Dantz\Retrospect\rthlpsvc.exe
Salut,
Jette un coup d'oeil ici :
http://img63.imageshack.us/img63/8650/rappelpolitesse5av.jpg
Ton problème avec le virus Netsky est-il résolu ?
Il y a toujours des problèmes qui subsistent et qui sont visibles dans ton log HijackThis.
Si tu veux, je peux t'aider à les résoudre ;)
++
Jette un coup d'oeil ici :
http://img63.imageshack.us/img63/8650/rappelpolitesse5av.jpg
Ton problème avec le virus Netsky est-il résolu ?
Il y a toujours des problèmes qui subsistent et qui sont visibles dans ton log HijackThis.
Si tu veux, je peux t'aider à les résoudre ;)
++
