Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

beng


moscou

Messages recommandés

Bonjour, bonsoir,

 

Voici le dernier log hijackthis aprés avoir scanner les disques avec anitivir et sous mode demarrage sans echec. mon PC était infecté par sysupd et ILN.exe, et bien sur baucoup d'autre...

Pouvez vous me donner un coup de main, SVP.

 

Merci d'avance

 

Logfile of HijackThis v1.99.1

Scan saved at 13:57:35, on 07/10/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

D:\Program Files\D-Tools\daemon.exe

D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\WINDOWS\System32\USB_Kbd\Versato.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\WINDOWS\system32\MMTrayLSI.exe

C:\WINDOWS\system32\MMTray2k.exe

C:\WINDOWS\system32\MMTray.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Sysupd\sysupd.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\Sysupd\projects\www.climateprediction.net\hadcm3trans_5.15_windows_intelx86.exe

C:\Program Files\TBONBin\tbon.exe

C:\WINDOWS\system32\Sysupd\projects\www.ufluids.net\evolver_4.10_windows_intelx86.exe

C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

D:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\SAGEM\SAGEM F@st800\dslmon.exe

C:\Program Files\Trend Micro\Tmas\Tmas.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\Sysupd\projects\www.climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaul...earch.yahoo.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.club-internet.fr/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.rsac.org/ratingsv01.html

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [AdobeVersionCue] D:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [Versato] C:\WINDOWS\System32\USB_Kbd\Versato.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe

O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe

O4 - HKLM\..\Run: [MMTray] MMTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe

O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [system ##32] C:\WINDOWS\system32\luw32\iln.exe

O4 - HKLM\..\Run: [system Updater] C:\WINDOWS\system32\Sysupd\sysupd.exe -detach

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet

O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Startup: Club-Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Assistant d'Acrobat.lnk = D:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: DSLMON.lnk = ?

O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111...all/xscan53.cab

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - http://paris.tourismeville.wanadoo.fr/acti...sCamControl.cab

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - D:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Fichiers communs\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Lien vers le commentaire
Partager sur d’autres sites

bonjour moscou,

 

Merci de ne pas créer un nouveau sujet a chaque fois, dorenavant, reste dans celui ci; pour repondre, tu descends en bas de la page et tu cliques sur "repondre"

 

Tu as normalement du suivre la procedure prelimianire; poste le rapport de antivir s'il te plait.

 

connais tu?:

 

C:\WINDOWS\system32\Sysupd\projects\www.climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe

 

@+

Lien vers le commentaire
Partager sur d’autres sites

bonjour moscou,

 

Merci de ne pas créer un nouveau sujet a chaque fois, dorenavant, reste dans celui ci; pour repondre, tu descends en bas de la page et tu cliques sur "repondre"

 

Tu as normalement du suivre la procedure prelimianire; poste le rapport de antivir s'il te plait.

 

connais tu?:

@+

 

Bonjour, bruce lee,

 

Non, je ne connais pas,

C:\WINDOWS\system32\Sysupd\projects\www.climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe

a quoi est ce que cela correspond?

 

Voici le rapport anitivir

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 6 octobre 2006 22:53

 

Scanning for 522603 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Benoît

Computer name: SPOON

 

Version information:

AVSCAN.EXE : 7.0.0.47 200744 21/08/2006 10:06:56

AVSCAN.DLL : 7.0.0.45 41000 07/09/2006 10:56:33

LUKE.DLL : 7.0.0.47 118824 07/09/2006 10:32:33

LUKERES.DLL : 7.0.0.47 9256 07/09/2006 10:56:33

ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:35:27

ANTIVIR1.VDF : 6.36.0.89 1745920 02/10/2006 20:01:38

ANTIVIR2.VDF : 6.36.0.90 2048 02/10/2006 20:01:38

ANTIVIR3.VDF : 6.36.0.96 62976 06/10/2006 20:01:38

AVEWIN32.DLL : 7.2.0.25 1860096 06/10/2006 20:01:38

AVPREF.DLL : 7.0.0.2 23592 24/07/2006 12:36:04

AVREP.DLL : 6.36.0.79 843816 06/10/2006 20:01:38

AVRPBASE.DLL : 7.0.0.0 2162728 30/03/2006 08:43:31

AVPACK32.DLL : 7.2.0.0 368680 21/07/2006 06:00:28

AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36

NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:49

NETNW.DLL : 7.0.0.0 9768 24/07/2006 12:35:55

RCIMAGE.DLL : 7.0.0.74 1642536 01/08/2006 11:22:57

RCTEXT.DLL : 7.0.1.4 77864 06/10/2006 20:01:37

 

Configuration settings for the scan:

Jobname.......................: Local Hard Disks

Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp

Boot sectors..................: C,D,F,G,H

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,1005,

Macro heuristic...............: 1

File heuristic................: 2

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: vendredi 6 octobre 2006 22:53

 

 

The scan of running processes will be started

4 Processes were scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'F:\'

[NOTE] No virus was found!

Boot sector 'G:\'

[NOTE] No virus was found!

Boot sector 'H:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 40 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\Benoît\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\Benoît\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Benoît\TBONWnd.EXE

[DETECTION] Is the Trojan horse TR/Click.Agent.GV.3

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\Benoît\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\4RN3UGD1\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\4RN3UGD1\404[3].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\BJ5JVD4W\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\BLLNMEU5\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\BLLNMEU5\404[2].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\BLLNMEU5\404[3].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\BLLNMEU5\404[4].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was moved to '455ac455.qua'!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\ER63IX6Z\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was moved to '455ac458.qua'!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\ER63IX6Z\404[2].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\EY7NLGNV\404[2].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\JRD33HSK\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\JRD33HSK\404[2].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\L51AB3T2\404[2].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\LGK39X81\404[3].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\M1R8LGNE\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\MPJKX03I\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\Q9ATUDEF\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was moved to '455ac47f.qua'!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\Q9ATUDEF\404[2].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was moved to '455ac487.qua'!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\Q9ATUDEF\404[3].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was moved to '455ac488.qua'!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\S1W1Y7SP\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was moved to '455ac48b.qua'!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\SZMDQBET\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was moved to '455ac48e.qua'!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\TP4EZR1T\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\W18BC7GV\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\Benoît\Local Settings\Temporary Internet Files\Content.IE5\YHIJ2LMN\404[1].htm

[DETECTION] Contains signature of the exploits EXP/MS05-013

[iNFO] The file was deleted!

C:\Documents and Settings\NetworkService\NTUSER.DAT

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\EasyDivX\softs\ck.exe

[DETECTION] Contains signature of the SPR/Tool.ProcKill.1 program

[iNFO] The file was deleted!

C:\Program Files\eMule\Incoming\Nero 6 Express Suite 2 OEM cracked version downloader.zip

[0] Archive type: ZIP

--> Nero 6 Express Suite 2 OEM cracked version downloader.exe

[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/MoSucker.BO Backdoor server programs

[iNFO] The file was deleted!

C:\Program Files\eMule\Incoming\Nero 6 Express Suite 2 OEM hacked activatior.rar

[0] Archive type: RAR

--> Nero 6 Express Suite 2 OEM hacked activatior.exe

[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/MoSucker.BO Backdoor server programs

[iNFO] The file was deleted!

C:\Program Files\eMule\Incoming\Nero 6 Express Suite 2 OEM key activator patch.rar

[0] Archive type: RAR

--> Nero 6 Express Suite 2 OEM key activator patch.exe

[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/MoSucker.BO Backdoor server programs

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\0DCC43C1

[DETECTION] Contains signature of the worm WORM/NetSky.P

[iNFO] The file was moved to '4569cc17.qua'!

C:\Program Files\Norton AntiVirus\Quarantine\264E6128

[DETECTION] Contains signature of the worm WORM/NetSky.P

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\32270BEA

[DETECTION] Contains signature of the worm WORM/NetSky.AP

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\35E85AF2

[DETECTION] Contains signature of the worm WORM/NetSky.AP

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\42E230B3

[DETECTION] Contains signature of the worm WORM/NetSky.AP

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\578F10D8

[DETECTION] Contains signature of the worm WORM/NetSky.AP

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\5D955AF2

[DETECTION] Contains signature of the worm WORM/NetSky.AP

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\64A12DD4

[DETECTION] Contains signature of the worm WORM/NetSky.P

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\73E81353

[DETECTION] Contains signature of the worm WORM/NetSky.P

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\74B06E30

[DETECTION] Contains signature of the worm WORM/NetSky.P

[iNFO] The file was deleted!

C:\Program Files\Norton AntiVirus\Quarantine\763E4143

[DETECTION] Contains signature of the worm WORM/NetSky.P

[iNFO] The file was deleted!

C:\WINDOWS\system32\config\default

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\drivers\atapi.sys

[WARNING] The file could not be opened!

C:\WINDOWS\Win32\dll\Win32k.exe

[DETECTION] Contains signature of the SPR/Hideit.A program

[iNFO] The file was moved to '4594d2f7.qua'!

D:\Nouveau dossier (2)\Nero 6 DVD-Video Plugin\[ CD and DVD Appz ] Nero MPEG2 Video Codec Plugin.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was moved to '4569d3be.qua'!

D:\Program Files\[ CD and DVD Appz ] Nero MPEG2 Video Codec Plugin.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was moved to '4569d3d8.qua'!

D:\Temp\Office 2003 Activation Crack(1).zip

[0] Archive type: ZIP

--> Office 2003 Crack All Versions.exe

[DETECTION] Contains signature of the worm WORM/Mapson

[iNFO] The file was moved to '458cd7ac.qua'!

D:\Temp\[ CD and DVD Appz ] Nero MPEG2 Video Codec Plugin.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was deleted!

F:\media\courtmetr\All Codecs and Decompressors - DivX 5, DivX PRO, XviD, MPEG 4, Nimo Codec Pack, mpeg4, I263, mp42, mjpg, MP43, IV51, IV50, IV32, IV45, VCR1, VCR2, DIV.ace

[0] Archive type: ACE

--> All Codecs and Decompressors - DivX 5, DivX PRO, XviD, MPEG 4, Nimo Codec Pack, mpeg4, I263, mp42, mjpg, MP43, IV51, IV50, IV32, IV45, VCR1, VCR2, DIV

[WARNING] Error creating the file

[WARNING] Error creating the file

H:\temp\Nero 6 DVD-Video Plugin\[ CD and DVD Appz ] Nero MPEG2 Video Codec Plugin.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was deleted!

H:\attentecla\Nouveau dossier (2)\Microsoft Office Pro 2003 Keygen Activation Crack.rar

[0] Archive type: RAR

--> Office 2003 Activation Crack(1).zip

[1] Archive type: ZIP

--> Office 2003 Crack All Versions.exe

[DETECTION] Contains signature of the worm WORM/Mapson

[iNFO] The file was deleted!

 

 

End of the scan: samedi 7 octobre 2006 10:11

Used time: 11:17:25 min

 

The scan has been done completely.

 

7166 Scanning directories

440746 Files were scanned

47 viruses and/or unwanted programs were found

35 files were deleted

0 files were repaired

12 files were moved to quarantine

0 files were renamed

3798 Archives were scanned

23 Warnings

9 Notes

 

Merci d'avance

B

Lien vers le commentaire
Partager sur d’autres sites

bonjour moscou,

 

1/affiche tout les fichiers:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

 

 

2/rend toi ensuite sur ce site http://virusscan.jotti.org/ et fait analyser hadcm3transum_5.15_windows_intelx86.exe qui se trouve

ici:

 

C:\WINDOWS\system32\Sysupd\projects\www.climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe

 

et post le resultat.

 

@+

Lien vers le commentaire
Partager sur d’autres sites

bonjour moscou,

 

1/affiche tout les fichiers:

2/rend toi ensuite sur ce site http://virusscan.jotti.org/ et fait analyser hadcm3transum_5.15_windows_intelx86.exe qui se trouve

ici:

 

C:\WINDOWS\system32\Sysupd\projects\www.climateprediction.net\hadcm3transum_5.15_windows_intelx86.exe

 

et post le resultat.

 

@+

 

 

hey,

Voici le resultat du scan en ligne.

 

Service load: 0% 100%

 

File: hadcm3transum_5.15_windows_intelx86.exe

Status: OK

MD5 40197d1cbed5193c8eefac993cf89ab8

Packers detected: -

Scanner results

AntiVir Found nothing

ArcaVir Found nothing

Avast Found nothing

AVG Antivirus Found nothing

BitDefender Found nothing

ClamAV Found nothing

Dr.Web Found nothing

F-Prot Antivirus Found nothing

Fortinet Found nothing

Kaspersky Anti-Virus Found nothing

NOD32 Found nothing

Norman Virus Control Found nothing

UNA Found nothing

VirusBuster Found nothing

VBA32 Found nothing

 

Merci

 

A+

Lien vers le commentaire
Partager sur d’autres sites

re,

 

Si durant la procedure ci bas, il y a des etapes que tu n'as pas reussi a faire, merci de

continuer la procedure jusqu'au bout et de les signaler dans ta prochaine reponse.

 

 

supprime antivir via ajouts suppression de programme.

 

 

1/Télécharge puis installe http://www.ewido.net/en/download

Une fois AVG AS lancé, clique sur Mise à jour

Ferme le programme.

 

 

 

2/demarre en mode sans echec http://www.sosordi.net/Faq/Faq.2.html

 

3/

demarrer/panneau de configuration/ajouts et suppresions de programmes et verifie la presence de:

 

RXToolBar

TBONBin

 

si ces programmes sont presents desinstallent les.

 

 

4/lance hijackthis en cliquant sur do a scan system only coche ces lignes:

 

O4 - HKLM\..\Run: [Win32] C:\Win32\dll\Win32k.exe -starthide C:\Win32\dll\Win32.exe -local

O4 - HKLM\..\Run: [semanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe

O4 - HKLM\..\Run: [system ##32] C:\WINDOWS\system32\luw32\iln.exe

O4 - HKLM\..\Run: [system Updater] C:\WINDOWS\system32\Sysupd\sysupd.exe -detach

O4 - HKCU\..\Run: [tbon] C:\Program Files\TBONBin\tbon.exe /r

O8 - Extra context menu item: &Search - http://ko.bar.need2find.com/KO/menusearch.html?p=KO

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/inst...leanerstart.cab

 

Ferme toutes les fenêtres ouvertes sauf Hijackthis et clique sur fix checked

 

 

5/pour supprimer les fichiers nefastes on va tous les afficher en faisant comme ceci:

 

Démarrer, Poste de travail ou autre dossier, Menu Outils, Option des dossiers, onglet Affichage :

Cocher la case : Afficher les fichiers et dossiers cachés

Décocher la case : Masquer les extensions des fichiers dont le type est connu

Décocher la case : Masquer les fichiers protégés du système d'exploitation

cliquer sur "Appliquer"

cliquer sur le bouton "Appliquer à tous les dossiers" / OK

 

6/supprime ce qui est en gras:

 

C:\ Win32<== tout le dossier

C:\Program Files\ RXToolBar<== tout le dossier

C:\WINDOWS\system32\ luw32<== tout le dossier

C:\WINDOWS\system32\ Sysupd<== tout le dossier

C:\Program Files\ TBONBin<== tout le dossier

 

 

7/ Relance AVG AS puis choisis l'onglet Analyse

Puis l'onglet Paramètres

Sous la question Comment réagir ?, clique sur Actions recommandées et choisis Quarantaine

Re-clique sur l'onglet Analyse puis réalise une Analyse complète du système

 

Si un fichier est infecté détécté en fin d'analyse

Clique sur Appliquer toutes les actions

 

Clique sur Enregistrer le rapport puis sur Enregistrer le rapport sous

Enregistre ce fichier texte sur ton bureau

 

 

8/redemarre en mode normal

 

9/poste le rapport d'AVG Anti spywaware 7.5 ainsi qu'un nouveau log hijackthis.

 

bon courage, et si tu as la moindre question n'hesite surtout pas :P

 

@+

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...