Virus msn

ju06 -  
Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   -
Bonjour,
j'ai recu un virus depui msn quand g cliké sur un lien et depuis ce clic quand je me connecte cela envoi toujours un lien a mes contact qui est ""ta tof fais koi sur ce site :p"" j'ai supprimer tous mes fichiers temporaires me cela na servi a rien!j'aimerai savoir comment fair pour le supprimer.merci
Configuration: Windows XP
Internet Explorer 6.0

6 réponses

  1. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    Suis les procédures de ce site http://www.malekal.com/virus_MSN_c_est_pas_toi.php puis

    Télécharge Hijackthis V 2.02
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    Ferme toutes les fenêtres et programmes

    Tuto: https://bibou0007.forumpro.fr/t108-tutorial-de-hijackthis-v2-0-2

    Clique alors sur "Do a system scan and save a logfile"

    Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
    le texte est alors sélectionné, retourne dans "Edition" toujours
    en laissant le texte sélectionné, et clique sur copier.
    Colle le contenu ici dans ta prochaine réponse !
    0
    1. ju06
       
      jte remerci maijin jle fait et jte colle le rapport
      0
      1. ju06 > ju06
         
        Logfile of Trend Micro HijackThis v2.0.2
        Scan saved at 13:33:44, on 15/03/2008
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
        Boot mode: Normal

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\WINDOWS\System32\FTRTSVC.exe
        C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
        C:\WINDOWS\system32\notepad.exe
        C:\WINDOWS\system32\wscntfy.exe
        C:\Program Files\DAEMON Tools\daemon.exe
        C:\WINDOWS\system32\rundll32.exe
        C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
        C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
        C:\Program Files\nvcoi\nvcoi.exe
        C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe
        C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\system32\wuauclt.exe
        C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
        C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
        C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
        R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
        F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
        O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {33619BB7-587A-7CDB-5112-5300BAC088BC} - C:\WINDOWS\system32\rhqaa.dll
        O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
        O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
        O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
        O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
        O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
        O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
        O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
        O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
        O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
        O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
        O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
        O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
        O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
        O4 - HKCU\..\Run: [Oeso] "C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe" -vt yazb
        O4 - HKCU\..\Run: [Dqns] "C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe"
        O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
        O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
        O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
        O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
        O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
        O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
        O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
        O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
        O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
        O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
        0
    2. ju06
       
      MSNFix 1.684

      C:\Documents and Settings\drik\Bureau\MSNFix\MSNFix
      Fix exécuté le 15/03/2008 - 13:06:00,75 By drik
      mode normal

      ************************ Recherche les fichiers présents

      ... C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\wintouch.cfg
      ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\WinTouch.exe
      ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\WTUninstaller.exe
      ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
      ... C:\Program Files\JavaCore\JavaCore.exe
      ... C:\Program Files\JavaCore\UnInstall.exe
      ... C:\Program Files\NoDNS\NoDNS.exe
      ... C:\Program Files\NoDNS\UnInstall.exe
      ... C:\Program Files\Temporary\InsiDERInst.exe
      ... C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      ... C:\Documents and Settings\drik\??????.exe
      ... C:\Documents and Settings\drik\????????.exe
      ... C:\WINDOWS\b???.exe
      ... C:\WINDOWS\mrofinu*.exe
      ... C:\WINDOWS\mrofinu*.exe.tmp
      ... C:\WINDOWS\system32\real.txt

      ************************ Recherche les dossiers présents

      Aucun dossier trouvé




      ************************ Suppression des fichiers

      .. OK ... C:\DOCUME~1\drik\LOCALS~1\Temp\winlogon.exe
      /!\ ... C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      .. OK ... C:\WINDOWS\system32\fsiocu.exe
      .. OK ... C:\WINDOWS\system32\vbsxkh.exe
      .. OK ... C:\WINDOWS\system32\kxgelc.exe
      .. OK ... C:\WINDOWS\system32\brxdoy.exe
      /!\ ... C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      .. OK ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\wintouch.cfg
      /!\ ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\WinTouch.exe
      .. OK ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\WTUninstaller.exe
      .. OK ... C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe
      .. OK ... C:\Program Files\JavaCore\JavaCore.exe
      .. OK ... C:\Program Files\JavaCore\UnInstall.exe
      .. OK ... C:\Program Files\NoDNS\NoDNS.exe
      .. OK ... C:\Program Files\NoDNS\UnInstall.exe
      .. OK ... C:\Program Files\Temporary\InsiDERInst.exe
      /!\ ... C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      .. OK ... C:\Documents and Settings\drik\??????.exe
      .. OK ... C:\Documents and Settings\drik\????????.exe
      /!\ ... C:\WINDOWS\b???.exe
      .. OK ... C:\WINDOWS\mrofinu*.exe
      .. OK ... C:\WINDOWS\mrofinu*.exe.tmp
      .. OK ... C:\WINDOWS\system32\real.txt



      ************************ Nettoyage du registre



      Les fichiers encore présents seront supprimés au prochain redémarrage


      ************************ Suppression des fichiers

      .. OK ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\WinTouch.exe
      .. OK ... C:\DOCUME~1\drik\APPLIC~1\WinTouch\WTUninstaller.exe
      .. OK ... C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      .. OK ... C:\WINDOWS\b???.exe



      ************************ Fichiers suspects

      Aucun Fichier trouvé


      Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 15032008_13120104.zip

      ************************ HKLM\...\Winlogon\Userinit

      Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe


      ------------------------------------------------------------------------
      Auteur : !aur3n7 Contact: https://www.ionos.fr/
      ------------------------------------------------------------------------

      --------------------------------------------- END ---------------------------------------------
      0
  2. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    ensuite ceci^^
    Télécharge Hijackthis V 2.02
    http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

    Ferme toutes les fenêtres et programmes

    Tuto: https://bibou0007.forumpro.fr/t108-tutorial-de-hijackthis-v2-0-2

    Clique alors sur "Do a system scan and save a logfile"

    Dans ce bloc-note, va dans "Edition", puis "Selectionner Tout",
    le texte est alors sélectionné, retourne dans "Edition" toujours
    en laissant le texte sélectionné, et clique sur copier.
    Colle le contenu ici dans ta prochaine réponse !
    0
    1. ju06
       
      ouais jlai fait c bien ce rapport



      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:33:44, on 15/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\WINDOWS\system32\notepad.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\nvcoi\nvcoi.exe
      C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe
      C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {33619BB7-587A-7CDB-5112-5300BAC088BC} - C:\WINDOWS\system32\rhqaa.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [nvcoi] C:\Program Files\nvcoi\nvcoi.exe
      O4 - HKCU\..\Run: [Oeso] "C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe" -vt yazb
      O4 - HKCU\..\Run: [Dqns] "C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe"
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      0
  3. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    Pas encore sorti d'affaire

    suivre le tutorial SDFix : https://www.malekal.com/slenfbot-still-an-other-irc-bot/

    et !!!!!!!!!!!!!!!!!
    Tu n'a pas d'antivirus !! Un gratuit et beaucoup plus puissant qu'avast antivir

    http://www.libellules.ch/tuto_antivir.php
    0
    1. ju06
       
      une foi ke g suivi le tuto SDFix je seré sorti daffaire ou fo ke jte montre le rapport?
      0
  4. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    montre le rapport pour verifier quand même
    0
    1. ju06
       
      voila le rapport :




      [b]SDFix: Version 1.157 [/b]

      Run by drik on 15/03/2008 at 14:36

      Microsoft Windows XP [version 5.1.2600]
      Running From: C:\SDFix

      [b]Checking Services [/b]:


      Restoring Windows Registry Values
      Restoring Windows Default Hosts File

      Rebooting


      [b]Checking Files [/b]:

      Trojan Files Found:

      C:\Documents and Settings\drik\Application Data\WinTouch\wintouch.MSNFix - Deleted
      C:\Documents and Settings\drik\Application Data\WinTouch\WTUninstaller.MSNFix - Deleted
      C:\Program Files\JavaCore\JavaCore.MSNFix - Deleted
      C:\Program Files\JavaCore\UnInstall.MSNFix - Deleted
      C:\Program Files\NoDNS\NoDNS.MSNFix - Deleted
      C:\Program Files\NoDNS\UnInstall.MSNFix - Deleted
      C:\Program Files\nvcoi\mst.stt - Deleted
      C:\Program Files\nvcoi\nvcoi.exe - Deleted
      C:\Program Files\Temporary\InsiDERInst.MSNFix - Deleted
      C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
      C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.MSNFix - Deleted



      Folder C:\Documents and Settings\drik\Application Data\WinTouch - Removed
      Folder C:\Program Files\InetGet2 - Removed
      Folder C:\Program Files\JavaCore - Removed
      Folder C:\Program Files\NoDNS - Removed
      Folder C:\Program Files\nvcoi - Removed
      Folder C:\Program Files\Temporary - Removed


      Removing Temp Files

      [b]ADS Check [/b]:



      [b]Final Check [/b]:

      catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-15 14:51:11
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden services & system hive ...

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:bd,e8,c0,68,c6,03,18,11,8e,f9,43,ca,ee,78,41,d0,78,b2,c9,c8,f8,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,d0,a8,ab,d9,c1,92,c8,ce,48,1e,7d,1b,84,42,df,94,06,..
      "khjeh"=hex:eb,14,4a,45,f0,f9,1c,ce,34,0a,3b,98,3a,f5,f5,fe,5d,fc,c5,a8,8d,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000b0d0aa94f]
      "001247eee7fd"=hex:84,fe,a3,2a,70,9d,fc,13,8a,c4,22,dc,ec,e7,9e,fa
      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
      "s1"=dword:4a42fc4b
      "s2"=dword:aa105e48
      "h0"=dword:00000002

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
      "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
      "h0"=dword:00000001
      "ujdew"=hex:e6,63,04,fb,1d,df,ed,26,4b,c4,9b,b9,f8,3d,b5,42,f3,64,54,f4,ae,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:bd,e8,c0,68,c6,03,18,11,8e,f9,43,ca,ee,78,41,d0,78,b2,c9,c8,f8,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,d0,a8,ab,d9,c1,92,c8,ce,48,1e,7d,1b,84,42,df,94,06,..
      "khjeh"=hex:50,d6,47,97,63,f1,97,bb,da,52,39,16,68,1a,a8,6a,91,c7,75,45,16,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\000b0d0aa94f]
      "001247eee7fd"=hex:84,fe,a3,2a,70,9d,fc,13,8a,c4,22,dc,ec,e7,9e,fa
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04]
      "p0"="C:\Program Files\Alcohol Soft\Alcohol 120\"
      "h0"=dword:00000001
      "ujdew"=hex:e6,63,04,fb,1d,df,ed,26,4b,c4,9b,b9,f8,3d,b5,42,f3,64,54,f4,ae,..
      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
      "p0"="C:\Program Files\DAEMON Tools\"
      "h0"=dword:00000000
      "khjeh"=hex:bd,e8,c0,68,c6,03,18,11,8e,f9,43,ca,ee,78,41,d0,78,b2,c9,c8,f8,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
      "a0"=hex:20,01,00,00,d0,a8,ab,d9,c1,92,c8,ce,48,1e,7d,1b,84,42,df,94,06,..
      "khjeh"=hex:50,d6,47,97,63,f1,97,bb,da,52,39,16,68,1a,a8,6a,91,c7,75,45,16,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf42]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf43]
      "khjeh"=hex:58,5e,32,5a,04,4d,19,91,06,77,5b,a5,cb,0b,d5,86,61,c1,6c,bd,cf,..

      scanning hidden registry entries ...

      scanning hidden files ...


      scan completed successfully
      hidden processes: 0
      hidden services: 0
      hidden files: 225


      [b]Remaining Services [/b]:



      Authorized Application Key Export:

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Disabled:Azureus"
      "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
      "C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
      "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
      "C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
      "C:\\DOCUME~1\\drik\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\drik\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
      "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"

      [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
      "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

      [b]Remaining Files [/b]:


      File Backups: - C:\SDFix\backups\backups.zip

      [b]Files with Hidden Attributes [/b]:

      Sun 18 Nov 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
      Mon 28 Jan 2008 230,400 ..SHR --- "C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe"
      Sat 8 Mar 2008 68,608 ..SHR --- "C:\Documents and Settings\drik\Mes documents\M?crosoft.NET\chkntfs.exe"

      [b]Finished![/b]
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    reffait un scan hijackthis
    0
    1. ju06
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:38:38, on 15/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe
      C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {33619BB7-587A-7CDB-5112-5300BAC088BC} - C:\WINDOWS\system32\rhqaa.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [Oeso] "C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe" -vt yazb
      O4 - HKCU\..\Run: [Dqns] "C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe"
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      0
    2. ju06
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:38:38, on 15/03/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
      C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
      C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe
      C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe
      C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
      C:\PROGRA~1\Wanadoo\ComComp.exe
      C:\PROGRA~1\Wanadoo\Toaster.exe
      C:\PROGRA~1\Wanadoo\Inactivity.exe
      C:\PROGRA~1\Wanadoo\PollingModule.exe
      C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\System32\FTRTSVC.exe
      C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\PROGRA~1\Wanadoo\Watch.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\PROGRA~1\Wanadoo\WOOBrowser\WOOBrowser.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\drik\LOCALS~1\Temp\services.exe
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {33619BB7-587A-7CDB-5112-5300BAC088BC} - C:\WINDOWS\system32\rhqaa.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [DaemonTools_WhenUSave_Installer] C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
      O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
      O4 - HKCU\..\Run: [Oeso] "C:\DOCUME~1\drik\MESDOC~1\MCROSO~1.NET\chkntfs.exe" -vt yazb
      O4 - HKCU\..\Run: [Dqns] "C:\Documents and Settings\drik\Application Data\?ecurity\w?wexec.exe"
      O4 - HKUS\S-1-5-18\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Default user')
      O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
      0
  7. Maijin Messages postés 1388 Date d'inscription   Statut Membre Dernière intervention   352
     
    - Télécharge sur ton bureau http://www.malekal.com/download/DiagHelp.zip sur ton bureau
    - !!! Ne double-clic pas dessus !!! Fais un clic droit sur le fichier et extraire tout
    - Un nouveau dossier va être créé DiagHelp
    - Ouvre le dossier DiagHelp.
    - Double-clic sur catchme.exe (le .exe peut ne pas apparaître).

    Une fenêtre va s'ouvrir, vas dans l'onglet Script.
    Copie/colle ceci :

    files to kill:
    c:\docume~1\drik\locals~1\temp\services.exe
    0