Se connecter / S'enregistrer
Votre question

Virus MSN [Résolu]

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
19 Mars 2008 20:37:29

Bonjour,

Désolé de re-créer un sujet mais peut-être que le titre n'était pas assez explicite. J'ai cliqué sur un lien envoyé par un de mes contact et je pense que c'était un ver mais je n'ai pas fait attention. Depuis j'envoie le même lien à mes contacts et mon windows live messenger ne fonctionne plus. J'ai lu certains topics et j'ai préparé les logs MSNfix et Hijackthis. Pourriez-vous m'aider s'il vous plait?

Merci et à bientôt !

Log MSN fix :

MSNFix 1.685

H:\Documents and Settings\Touleng\Bureau\MSNFix
Fix exécuté le 16/03/2008 - 23:09:02,42 By Touleng
mode normal

************************ Recherche les fichiers présents

... H:\WINDOWS\system32\eropfro.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... H:\DOCUME~1\Touleng\LOCALS~1\Temp\winlogon.exe
.. OK ... H:\DOCUME~1\Touleng\LOCALS~1\Temp\services.exe
/!\ ... H:\WINDOWS\system32\eropfro.exe
/!\ ... H:\WINDOWS\system32\eropfro.exe



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


Aucun Fichier trouvé
.. OK ... H:\WINDOWS\system32\eropfro.exe



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 16032008_23140926.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = H:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------



LOG HIJACKTHIS :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:31:02, on 16/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
H:\Program Files\Alwil Software\Avast4\ashServ.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Program Files\D-Tools\daemon.exe
H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
H:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
H:\Documents and Settings\Touleng\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "H:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [avast!] H:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] H:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - H:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - H:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5520 bytes

Autres pages sur : virus msn resolu

a b 8 Sécurité
19 Mars 2008 20:43:10

Bonjour,

Même problème ?
19 Mars 2008 21:20:26

Bonjour,

Oui toujours le même problème :'(  mon windows live messenger continue d'envoyer le message à mes contacts (je viens d'essayer).
Contenus similaires
Pas de réponse à votre question ? Demandez !
19 Mars 2008 23:24:39

Re !

Voici le rapport du scan Antivir.

Merci pour ton aide !

AntiVir PersonalEdition Classic
Report file date: mercredi 19 mars 2008 22:28

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: LOCHUNGVU

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: h:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: I:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 19 mars 2008 22:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'epmworker.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Generic.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'RtWLan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'Application Launcher.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'AsDHRemote.exe' - '1' Module(s) have been scanned
Scan process 'apdproxy.exe' - '1' Module(s) have been scanned
Scan process 'AsRc.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Start scanning boot sectors:
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'I:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '36' files ).


Starting the file scan:

Begin scan in 'H:\'
H:\pagefile.sys
[WARNING] The file could not be opened!
H:\Documents and Settings\Touleng\Bureau\catchme.zip
[0] Archive type: ZIP
--> eropfro.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> eropfro.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was deleted!
H:\System Volume Information\_restore{C4F84BFA-AEBC-42C5-BC9F-99554208634B}\RP147\A0014701.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4811895a.qua'!
H:\System Volume Information\_restore{C4F84BFA-AEBC-42C5-BC9F-99554208634B}\RP147\A0014712.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '4811895c.qua'!
Begin scan in 'I:\' <Stockage>


End of the scan: mercredi 19 mars 2008 22:53
Used time: 25:19 min

The scan has been done completely.

3793 Scanning directories
243044 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
243040 Files not concerned
966 Archives were scanned
1 Warnings
0 Notes

a b 8 Sécurité
20 Mars 2008 15:45:58

Reposte un rapport Hijackthis.
20 Mars 2008 20:15:45

Bonjour,

Voici le log de Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:52, on 20/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
H:\WINDOWS\System32\smss.exe
H:\WINDOWS\system32\winlogon.exe
H:\WINDOWS\system32\services.exe
H:\WINDOWS\system32\lsass.exe
H:\WINDOWS\system32\svchost.exe
H:\WINDOWS\System32\svchost.exe
H:\WINDOWS\Explorer.EXE
H:\WINDOWS\system32\spoolsv.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
H:\WINDOWS\system32\RUNDLL32.EXE
H:\WINDOWS\RTHDCPL.EXE
H:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
H:\Program Files\D-Tools\daemon.exe
H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
H:\WINDOWS\system32\ctfmon.exe
H:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
H:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
H:\Program Files\Fichiers communs\Teleca Shared\Generic.exe
H:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
H:\WINDOWS\system32\nvsvc32.exe
H:\WINDOWS\system32\svchost.exe
H:\Program Files\Mozilla Firefox\firefox.exe
H:\WINDOWS\system32\wuauclt.exe
H:\WINDOWS\system32\wuauclt.exe
H:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
H:\Documents and Settings\Touleng\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE H:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE H:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] H:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] H:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [Ai Quicker Help] "H:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "H:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "H:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "H:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "H:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "H:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [avgnt] "H:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] H:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [MsnMsgr] "H:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] H:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://H:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - H:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - H:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - H:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - H:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - H:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5527 bytes
a b 8 Sécurité
20 Mars 2008 21:02:36

Re,

Télécharge Lop S&D.exe sur ton Bureau.
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    20 Mars 2008 23:20:25

    Re,

    Quand j'ai lancé l'execution de l'outil, Antivir m'a détecté un fichier que j'ai mis en quarantaine :
    - dans la colonne "Détection" : TR/Inject.MF
    - "Source": bjdqepduU.dll

    Sinon voici le rapport de Lop S&D.exe :


    -----------------------[ Lop S&D 4.0.8 XP/Vista ]----------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : Touleng ] [ "H:\Lop SD" ]
    [ 20/03/2008 | 23:15:18,13 ] [ PC : LOCHUNGVU ]
    [ MAJ : 17-03-2008 | 21:50 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [19/03/2008|22:59] H:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [19/03/2008|22:59] H:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [19/03/2008|22:59] H:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
    [13/07/2007|08:59] H:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [19/03/2008|22:27] H:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [16/06/2007|17:00] H:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [16/03/2008|20:07] H:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [23/02/2008|20:19] H:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Ericsson
    [23/02/2008|20:20] H:\DOCUME~1\ALLUSE~1\APPLIC~1\Teleca
    [16/03/2008|20:01] H:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller

    [16/06/2007|17:00] H:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [16/06/2007|17:00] H:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [16/06/2007|17:00] H:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [16/06/2007|15:16] H:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [16/06/2007|15:25] H:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [16/06/2007|15:25] H:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [16/06/2007|15:16] H:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [16/06/2007|15:20] H:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [16/06/2007|15:20] H:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [16/06/2007|15:16] H:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    [23/02/2008|20:22] H:\DOCUME~1\Touleng\APPLIC~1\.
    [23/02/2008|20:22] H:\DOCUME~1\Touleng\APPLIC~1\..
    [13/07/2007|09:00] H:\DOCUME~1\Touleng\APPLIC~1\Adobe
    [12/07/2007|21:03] H:\DOCUME~1\Touleng\APPLIC~1\Aventail
    [16/06/2007|17:00] H:\DOCUME~1\Touleng\APPLIC~1\desktop.ini
    [26/01/2008|13:26] H:\DOCUME~1\Touleng\APPLIC~1\DivX
    [25/11/2007|20:13] H:\DOCUME~1\Touleng\APPLIC~1\dvdcss
    [16/06/2007|15:26] H:\DOCUME~1\Touleng\APPLIC~1\Identities
    [17/02/2008|21:06] H:\DOCUME~1\Touleng\APPLIC~1\Leadertech
    [17/06/2007|16:57] H:\DOCUME~1\Touleng\APPLIC~1\Macromedia
    [16/06/2007|21:33] H:\DOCUME~1\Touleng\APPLIC~1\Media Player Classic
    [01/03/2008|18:44] H:\DOCUME~1\Touleng\APPLIC~1\Microsoft
    [20/06/2007|19:25] H:\DOCUME~1\Touleng\APPLIC~1\Mozilla
    [23/02/2008|20:21] H:\DOCUME~1\Touleng\APPLIC~1\Sony Ericsson
    [12/07/2007|21:03] H:\DOCUME~1\Touleng\APPLIC~1\Sun
    [20/01/2008|20:48] H:\DOCUME~1\Touleng\APPLIC~1\teamspeak2
    [23/02/2008|20:22] H:\DOCUME~1\Touleng\APPLIC~1\Teleca
    [18/03/2008|22:09] H:\DOCUME~1\Touleng\APPLIC~1\uTorrent
    [21/09/2007|22:18] H:\DOCUME~1\Touleng\APPLIC~1\vlc

    ----------------[ Tâches planifiées dans H:\WINDOWS\tasks ]---------------

    [20/03/2008 20:09][--ah-----] H:\WINDOWS\tasks\SA.DAT
    [02/03/2006 13:00][-r-h-----] H:\WINDOWS\tasks\desktop.ini

    ---------------[ Listing des dossiers dans H:\Program Files ]--------------

    [19/03/2008|22:27] H:\Program Files\.
    [19/03/2008|22:27] H:\Program Files\..
    [13/07/2007|08:59] H:\Program Files\Adobe
    [16/06/2007|16:46] H:\Program Files\Alwil Software
    [16/06/2007|16:32] H:\Program Files\ASUS
    [16/06/2007|16:30] H:\Program Files\ASUS WiFi-AP Solo
    [19/03/2008|22:27] H:\Program Files\Avira
    [16/06/2007|15:14] H:\Program Files\ComPlus Applications
    [23/02/2008|20:05] H:\Program Files\Disc2Phone
    [26/01/2008|13:20] H:\Program Files\DivX
    [03/02/2008|19:06] H:\Program Files\D-Tools
    [16/03/2008|20:01] H:\Program Files\Fichiers communs
    [27/07/2007|18:17] H:\Program Files\Immortals Online
    [16/06/2007|16:32] H:\Program Files\InstallShield Installation Information
    [16/06/2007|16:18] H:\Program Files\Intel
    [23/02/2008|20:03] H:\Program Files\Internet Explorer
    [12/11/2007|20:23] H:\Program Files\Java
    [16/06/2007|16:29] H:\Program Files\Marvell
    [17/06/2007|21:46] H:\Program Files\Messenger
    [16/06/2007|15:16] H:\Program Files\microsoft frontpage
    [03/02/2008|19:09] H:\Program Files\Microsoft Office
    [03/02/2008|19:10] H:\Program Files\Microsoft.NET
    [28/02/2008|00:39] H:\Program Files\mIRC
    [16/06/2007|15:14] H:\Program Files\Movie Maker
    [20/03/2008|23:13] H:\Program Files\Mozilla Firefox
    [16/06/2007|15:13] H:\Program Files\MSN Gaming Zone
    [24/02/2008|23:40] H:\Program Files\MSXML 4.0
    [16/06/2007|15:14] H:\Program Files\NetMeeting
    [16/06/2007|15:13] H:\Program Files\Online Services
    [17/06/2007|21:45] H:\Program Files\Outlook Express
    [16/06/2007|16:22] H:\Program Files\Realtek
    [16/06/2007|21:33] H:\Program Files\Satsuki Decoder Pack
    [16/06/2007|15:15] H:\Program Files\Services en ligne
    [23/02/2008|20:19] H:\Program Files\Sony Ericsson
    [20/03/2008|20:09] H:\Program Files\Steam
    [27/10/2007|22:11] H:\Program Files\Teamspeak2_RC2
    [16/06/2007|15:26] H:\Program Files\Uninstall Information
    [06/11/2007|22:06] H:\Program Files\uTorrent
    [21/09/2007|22:09] H:\Program Files\VideoLAN
    [17/06/2007|10:05] H:\Program Files\Winamp
    [16/03/2008|20:06] H:\Program Files\Windows Live
    [17/06/2007|21:45] H:\Program Files\Windows Media Player
    [16/06/2007|15:13] H:\Program Files\Windows NT
    [16/06/2007|15:15] H:\Program Files\WindowsUpdate
    [13/07/2007|10:46] H:\Program Files\WinRAR
    [25/08/2007|15:18] H:\Program Files\WowCartographe
    [16/06/2007|15:16] H:\Program Files\xerox

    ------[ Listing des dossiers dans H:\Program Files\Fichiers communs ]------

    [16/03/2008|20:01] H:\Program Files\Fichiers communs\.
    [16/03/2008|20:01] H:\Program Files\Fichiers communs\..
    [13/07/2007|08:59] H:\Program Files\Fichiers communs\Adobe
    [16/06/2007|15:56] H:\Program Files\Fichiers communs\Blizzard Entertainment
    [03/02/2008|19:09] H:\Program Files\Fichiers communs\DESIGNER
    [16/06/2007|16:30] H:\Program Files\Fichiers communs\InstallShield
    [12/07/2007|21:01] H:\Program Files\Fichiers communs\Java
    [16/03/2008|20:07] H:\Program Files\Fichiers communs\Microsoft Shared
    [16/06/2007|15:14] H:\Program Files\Fichiers communs\MSSoap
    [16/06/2007|17:01] H:\Program Files\Fichiers communs\ODBC
    [16/06/2007|15:14] H:\Program Files\Fichiers communs\Services
    [23/02/2008|20:19] H:\Program Files\Fichiers communs\Sony Ericsson Shared
    [16/06/2007|17:00] H:\Program Files\Fichiers communs\SpeechEngines
    [03/02/2008|19:09] H:\Program Files\Fichiers communs\System
    [23/02/2008|20:19] H:\Program Files\Fichiers communs\Teleca Shared
    [16/03/2008|20:06] H:\Program Files\Fichiers communs\WindowsLiveInstaller

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-20 23:15:48
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:1582][Doss:70] H:\DOCUME~1\Touleng\LOCALS~1\Temp
    /!\ [Fich:188][Doss:0] H:\DOCUME~1\Touleng\Cookies
    /!\ [Fich:11361][Doss:16] H:\DOCUME~1\Touleng\LOCALS~1\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 23:16:07,89 ]----------------------
    a b 8 Sécurité
    21 Mars 2008 17:48:53

    Re,

    Ton pc se comporte mieux ?
    21 Mars 2008 19:15:13

    Re,

    Oui ca a l'air bon ! Pas de message envoyé pour l'instant :p  Je te remercie pour ton aide !

    Au revoir !
    a b 8 Sécurité
    21 Mars 2008 21:08:24

    Bon surf :) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    21 Mars 2008 23:47:38

    Encore merci !

    -->- Recherche:

    H:\Lop SD: trouvé !
    H:\Documents and Settings\Touleng\Bureau\Lop S&D.lnk: trouvé !
    H:\Documents and Settings\Touleng\Bureau\LopSD.exe: trouvé !
    H:\Documents and Settings\Touleng\Bureau\Msnfix.zip: trouvé !
    H:\Documents and Settings\Touleng\Bureau\HijackThis.exe: trouvé !
    H:\Documents and Settings\Touleng\Bureau\MsnFix: trouvé !
    H:\Documents and Settings\Touleng\Menu Démarrer\Programmes\Lop S&D: trouvé !
    H:\Documents and Settings\Touleng\Recent\MSNFix.lnk: trouvé !
    H:\Documents and Settings\Touleng\Recent\HijackThis.lnk: trouvé !
    H:\Lop SD\Lop S&D.lnk: trouvé !

    ---------------------------------
    -->- Suppression:

    H:\Documents and Settings\Touleng\Bureau\Lop S&D.lnk: supprimé !
    H:\Documents and Settings\Touleng\Bureau\LopSD.exe: supprimé !
    H:\Documents and Settings\Touleng\Bureau\Msnfix.zip: supprimé !
    H:\Documents and Settings\Touleng\Bureau\HijackThis.exe: supprimé !
    H:\Documents and Settings\Touleng\Recent\MSNFix.lnk: supprimé !
    H:\Documents and Settings\Touleng\Recent\HijackThis.lnk: supprimé !
    H:\Lop SD\Lop S&D.lnk: supprimé !
    H:\Lop SD: supprimé !
    H:\Documents and Settings\Touleng\Bureau\MsnFix: supprimé !
    H:\Documents and Settings\Touleng\Menu Démarrer\Programmes\Lop S&D: supprimé !
    a b 8 Sécurité
    22 Mars 2008 12:10:02

    De rien, c'est un plaisir ;) 
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS