Votre question

virus msn AlbumPhoto [RESOLU]

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
16 Novembre 2007 00:16:55

Bonjour,

j'ai moi aussi ete infecte par le virus de l'album photo... j'ai suivi l'ensemble des instructions concerant MSNFix et Hijackthis voici les rapports les lignes ne gras me laissent perplexe...:

MSN FIX:

MSNFix 1.580

C:\Documents and Settings\galerie vivienne\Bureau\MSNFix\MSNFix
Fix exécuté le 15/11/2007 - 23:28:20,06 By galerie vivienne
mode normal

************************ Recherche les fichiers présents

... C:\PROGRA~1\Temporary\wininstall.exe
... C:\*-1-1148.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\ccSvcHst.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Dance_dec_jpg.zip

************************ MSNCHK ***** /!\ beta test /!\

[!] C:\WINDOWS\Dance_dec_jpg.zip is INFECTED


************************ Recherche les dossiers présents

... C:\PROGRA~1\Temporary\
... C:\PROGRA~1\WinAble\




************************ Suppression des fichiers

.. OK ... C:\PROGRA~1\Temporary\wininstall.exe
.. OK ... C:\*-1-1148.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\i-1-1148.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip


************************ Suppression des dossiers

.. OK ... C:\PROGRA~1\Temporary\
.. OK ... C:\PROGRA~1\WinAble\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\mrofinu*.exe



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\PROGRA~1\Firefox Setup 1.0.7.exe] 7D0704E7C919ED2ED1695560050F3D2D
[C:\PROGRA~1\install_flash_player.exe] 9133BD54CE9574FA2F67CE0102D72CCC
[C:\PROGRA~1\INSTALL_MSN_MESSENGER_DL.EXE] B9D110E1CFD22975288C7773835F0F4A
[C:\PROGRA~1\mp10setup.exe] 93F733C630B734563DB8E9D4AE7C8DB3
[C:\PROGRA~1\MsgPlus-354.exe] 7A62BAD0B0E61BC9CB4AFBEB37B995E2
[C:\PROGRA~1\msgr6fr.exe] A1E69396B945B51F11A618B86A6F2E72
[C:\PROGRA~1\rmxv3.exe] 6FB14665184E53C19966F569B54A022A
[C:\PROGRA~1\Satsuki.Decoder.Pack.2.0.0.3.exe] F5C8667FD540318044102685DC312B70
[C:\PROGRA~1\SetupDl.exe] 543CB8B1EC7F0F5A1413D31F4DFF9CE8
[C:\PROGRA~1\wrar342fr.exe] 17C6222F1478086474E954643A2026A1

==> SVP merci d'envoyer le fichier C:\DOCUME~1\GALERI~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr




Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 15112007_23354709.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------


Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:27, on 15/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7FEB1F1E-6829-3E8A-27B5-43B22797B136} - C:\DOCUME~1\GALERI~1\APPLIC~1\INFO16~1\Rule Chin.exe (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [InstRpro] c:\Windows\temp\pistart.exe c:\software\RecoverPro\HTML\scripts\start.cmd
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [signmanagerglobalname] C:\Documents and Settings\All Users\Application Data\COMPDVDSIGNMANAGER\readme loud.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CLOCK CREATIVE] C:\DOCUME~1\GALERI~1\APPLIC~1\THUNKE~1\title ace.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [BlazeServoTool] "d:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7535 bytes


que dois-je faire maintenant ?

Merci d'avance

Autres pages sur : virus msn albumphoto resolu

16 Novembre 2007 00:28:07

bonsoir

Citation :
les lignes ne gras me laissent perplexe...:

ce sont des fichiers que tu as téléchargés. (légitimes)

1

Citation :
SVP merci d'envoyer le fichier C:\DOCUME~1\GALERI~1\Bureau\Upload_Me.zip sur http://upload.changelog.fr

fais-le stp

2

Télécharge Lop S&D.zip.
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat.
Sélectionne la langue en tapant sur 1 puis en validant avec la touche Entrée.
Tape sur "R" puis valide en appuyant sur "Entrée".
Un rapport sera généré, poste son contenu ici.
16 Novembre 2007 19:40:01


------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\galerie vivienne\Bureau\Lop S&D"

Rapport créé Le 16/11/2007 à 19:32:09,70 PC : VIVIENNE

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Administrateur\Application Data\Microsoft
C:\Documents and settings\Administrateur\Application Data\Identities
C:\Documents and settings\Administrateur\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\Lavasoft
C:\Documents and settings\All Users\Application Data\CyberLink
C:\Documents and settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and settings\All Users\Application Data\DVD Shrink
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\COMPDVDSIGNMANAGER
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Messenger Plus!
C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\SSScanWizard
C:\Documents and settings\All Users\Application Data\SSScanAppDataDir
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\pixelStorm
C:\Documents and settings\All Users\Application Data\ScanSoft
C:\Documents and settings\All Users\Application Data\SBSI
C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\desktop.ini

C:\Documents and settings\galerie vivienne\Application Data\dvdcss
C:\Documents and settings\galerie vivienne\Application Data\vlc
C:\Documents and settings\galerie vivienne\Application Data\CyberLink
C:\Documents and settings\galerie vivienne\Application Data\Leadertech
C:\Documents and settings\galerie vivienne\Application Data\Microsoft
C:\Documents and settings\galerie vivienne\Application Data\AdobeUM
C:\Documents and settings\galerie vivienne\Application Data\Apple Computer
C:\Documents and settings\galerie vivienne\Application Data\thunk else
C:\Documents and settings\galerie vivienne\Application Data\INFO16DART
C:\Documents and settings\galerie vivienne\Application Data\Real
C:\Documents and settings\galerie vivienne\Application Data\F-Secure
C:\Documents and settings\galerie vivienne\Application Data\Lavasoft
C:\Documents and settings\galerie vivienne\Application Data\ArcSoft
C:\Documents and settings\galerie vivienne\Application Data\Mozilla
C:\Documents and settings\galerie vivienne\Application Data\Hulabee
C:\Documents and settings\galerie vivienne\Application Data\Media Player Classic
C:\Documents and settings\galerie vivienne\Application Data\Macromedia
C:\Documents and settings\galerie vivienne\Application Data\Help
C:\Documents and settings\galerie vivienne\Application Data\Adobe
C:\Documents and settings\galerie vivienne\Application Data\ScanSoft
C:\Documents and settings\galerie vivienne\Application Data\Yahoo! Messenger
C:\Documents and settings\galerie vivienne\Application Data\Sun
C:\Documents and settings\galerie vivienne\Application Data\Identities
C:\Documents and settings\galerie vivienne\Application Data\desktop.ini

C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\A0A0657F9187E4FB.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\Adobe
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\CASIO
C:\Program Files\ComPlus Applications
C:\Program Files\Cyberlink
C:\Program Files\DivX Total Pack
C:\Program Files\Everest Poker
C:\Program Files\ffdshow
C:\Program Files\Fichiers communs
C:\Program Files\Firefox Setup 1.0.7.exe
C:\Program Files\flowprotector
C:\Program Files\F-Secure Internet Security
C:\Program Files\GTO EDI
C:\Program Files\install_flash_player.exe
C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\KODAK
C:\Program Files\Lavasoft
C:\Program Files\Messenger
C:\Program Files\MessengerPlus! 3
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft.NET
C:\Program Files\monAlbumPhoto
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\mp10setup.exe
C:\Program Files\MsgPlus-354.exe
C:\Program Files\msgr6fr.exe
C:\Program Files\MSN
C:\Program Files\MSN Games
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\NetMeeting
C:\Program Files\Online Services
C:\Program Files\OPIUM
C:\Program Files\Outlook Express
C:\Program Files\Panicware
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\RM-X Player V3
C:\Program Files\rmxv3.exe
C:\Program Files\SAGEM
C:\Program Files\Satsuki Decoder Pack
C:\Program Files\Satsuki.Decoder.Pack.2.0.0.3.exe
C:\Program Files\ScanSoft
C:\Program Files\Services en ligne
C:\Program Files\SetupDl.exe
C:\Program Files\Softwin
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\thunk else
C:\Program Files\Trend Micro
C:\Program Files\VisData
C:\Program Files\Visicom Media
C:\Program Files\Windows Live Favorites
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\wrar342fr.exe
C:\Program Files\xerox
C:\Program Files\Xerox WorkCentre PE16
C:\Program Files\Yahoo!
D:\Program Files\DVD Shrink
D:\Program Files\myphotobook
D:\Program Files\VideoLAN

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Crystal Decisions
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\ScanSoft Shared
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\Softwin
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\WinFixer 2005
C:\program files\fichiers communs\Wise Installation Wizard
C:\program files\fichiers communs\xing shared

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]

"signmanagerglobalname"="C:\\Documents and Settings\\All Users\\Application Data\\COMPDVDSIGNMANAGER\\readme loud.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CLOCK CREATIVE"="C:\\DOCUME~1\\GALERI~1\\APPLIC~1\\THUNKE~1\\title ace.exe"

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

C:\Documents and settings\All Users\Application Data\COMPDVDSIGNMANAGER
C:\Documents and settings\galerie vivienne\Application Data\THUNKE~1
C:\Program Files\THUNKE~1
C:\Documents and settings\galerie vivienne\Cookies\galerie_vivienne@adserver.advertstream[1].txt
C:\Documents and settings\galerie vivienne\Cookies\galerie_vivienne@advertstream[2].txt
C:\WINDOWS\tasks\A0A0657F9187E4FB.job

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 19:32:25
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

--------------------[ Fin du rapport à 19:34:13,07 ]----------------------


voila le rapport de Lop S&D ... Par contre l'upload du fichier vers http://upload.changelog.fr n'est pas au top ...

Que ce passe-t-il maintenant ? merci
Contenus similaires
16 Novembre 2007 21:51:18

bonsoir

Citation :
Par contre l'upload du fichier vers http://upload.changelog.fr n'est pas au top ...

quel est ton souci avec ça?

++++++++++

Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "S" puis valide en appuyant sur "Entrée".
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer.exe puis valide.


17 Novembre 2007 12:45:03

En ce qui concerne l'upload di fichier, le problème est que je me prends un time out à chaque tentative...

J'ai executé le Scan.bat mais le rapport est vide...
17 Novembre 2007 12:47:13

du coup j'ai relance une recherche (R) et la suppression (S) . Lorsque je chosis l option S le programme refait un sacna comme pour l option R et me genere le rapport suivant


------------------------------[ Lop S&D 1.5 ]----------------------------

Version : Microsoft Windows XP [version 5.1.2600] [ OS : Windows_NT ]

Lancé depuis : "C:\Documents and Settings\galerie vivienne\Bureau\Lop S&D"

Rapport créé Le 17/11/2007 à 12:37:40,50 PC : VIVIENNE

! Faire analyser le rapport par un Helper avant intervention !

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Administrateur\Application Data\Microsoft
C:\Documents and settings\Administrateur\Application Data\Identities
C:\Documents and settings\Administrateur\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\Lavasoft
C:\Documents and settings\All Users\Application Data\CyberLink
C:\Documents and settings\All Users\Application Data\Windows Live Toolbar
C:\Documents and settings\All Users\Application Data\DVD Shrink
C:\Documents and settings\All Users\Application Data\Apple Computer
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Messenger Plus!
C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\SSScanWizard
C:\Documents and settings\All Users\Application Data\SSScanAppDataDir
C:\Documents and settings\All Users\Application Data\Adobe
C:\Documents and settings\All Users\Application Data\pixelStorm
C:\Documents and settings\All Users\Application Data\ScanSoft
C:\Documents and settings\All Users\Application Data\SBSI
C:\Documents and settings\All Users\Application Data\desktop.ini

C:\Documents and settings\Default User\Application Data\Microsoft
C:\Documents and settings\Default User\Application Data\Identities
C:\Documents and settings\Default User\Application Data\desktop.ini

C:\Documents and settings\galerie vivienne\Application Data\dvdcss
C:\Documents and settings\galerie vivienne\Application Data\vlc
C:\Documents and settings\galerie vivienne\Application Data\CyberLink
C:\Documents and settings\galerie vivienne\Application Data\Leadertech
C:\Documents and settings\galerie vivienne\Application Data\Microsoft
C:\Documents and settings\galerie vivienne\Application Data\AdobeUM
C:\Documents and settings\galerie vivienne\Application Data\Apple Computer
C:\Documents and settings\galerie vivienne\Application Data\INFO16DART
C:\Documents and settings\galerie vivienne\Application Data\Real
C:\Documents and settings\galerie vivienne\Application Data\F-Secure
C:\Documents and settings\galerie vivienne\Application Data\Lavasoft
C:\Documents and settings\galerie vivienne\Application Data\ArcSoft
C:\Documents and settings\galerie vivienne\Application Data\Mozilla
C:\Documents and settings\galerie vivienne\Application Data\Hulabee
C:\Documents and settings\galerie vivienne\Application Data\Media Player Classic
C:\Documents and settings\galerie vivienne\Application Data\Macromedia
C:\Documents and settings\galerie vivienne\Application Data\Help
C:\Documents and settings\galerie vivienne\Application Data\Adobe
C:\Documents and settings\galerie vivienne\Application Data\ScanSoft
C:\Documents and settings\galerie vivienne\Application Data\Yahoo! Messenger
C:\Documents and settings\galerie vivienne\Application Data\Sun
C:\Documents and settings\galerie vivienne\Application Data\Identities
C:\Documents and settings\galerie vivienne\Application Data\desktop.ini

C:\Documents and settings\LocalService\Application Data\Microsoft

C:\Documents and settings\NetworkService\Application Data\Microsoft

----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\Adobe
C:\Program Files\Alwil Software
C:\Program Files\Apple Software Update
C:\Program Files\ArcSoft
C:\Program Files\CASIO
C:\Program Files\ComPlus Applications
C:\Program Files\Cyberlink
C:\Program Files\DivX Total Pack
C:\Program Files\Everest Poker
C:\Program Files\ffdshow
C:\Program Files\Fichiers communs
C:\Program Files\Firefox Setup 1.0.7.exe
C:\Program Files\flowprotector
C:\Program Files\F-Secure Internet Security
C:\Program Files\GTO EDI
C:\Program Files\install_flash_player.exe
C:\Program Files\INSTALL_MSN_MESSENGER_DL.EXE
C:\Program Files\Internet Explorer
C:\Program Files\iPod
C:\Program Files\iTunes
C:\Program Files\Java
C:\Program Files\KODAK
C:\Program Files\Lavasoft
C:\Program Files\Messenger
C:\Program Files\MessengerPlus! 3
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft Visual Studio
C:\Program Files\Microsoft Works
C:\Program Files\Microsoft.NET
C:\Program Files\monAlbumPhoto
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Firefox
C:\Program Files\mp10setup.exe
C:\Program Files\MsgPlus-354.exe
C:\Program Files\msgr6fr.exe
C:\Program Files\MSN
C:\Program Files\MSN Games
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\MSXML 4.0
C:\Program Files\NetMeeting
C:\Program Files\Online Services
C:\Program Files\OPIUM
C:\Program Files\Outlook Express
C:\Program Files\Panicware
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\RM-X Player V3
C:\Program Files\rmxv3.exe
C:\Program Files\SAGEM
C:\Program Files\Satsuki Decoder Pack
C:\Program Files\Satsuki.Decoder.Pack.2.0.0.3.exe
C:\Program Files\ScanSoft
C:\Program Files\Services en ligne
C:\Program Files\SetupDl.exe
C:\Program Files\Softwin
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Trend Micro
C:\Program Files\VisData
C:\Program Files\Visicom Media
C:\Program Files\Windows Live Favorites
C:\Program Files\Windows Live Toolbar
C:\Program Files\Windows Media Connect 2
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinRAR
C:\Program Files\wrar342fr.exe
C:\Program Files\xerox
C:\Program Files\Xerox WorkCentre PE16
C:\Program Files\Yahoo!
D:\Program Files\DVD Shrink
D:\Program Files\myphotobook
D:\Program Files\VideoLAN

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Crystal Decisions
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\ScanSoft Shared
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\Softwin
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\System
C:\program files\fichiers communs\WinFixer 2005
C:\program files\fichiers communs\Wise Installation Wizard
C:\program files\fichiers communs\xing shared

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"CLOCK CREATIVE"="C:\\DOCUME~1\\GALERI~1\\APPLIC~1\\THUNKE~1\\title ace.exe"

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 12:37:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
scanning hidden files ...
scan completed successfully
hidden files: 0

--------------------[ Recherche d'autres infections ]---------------------

Aucune autre infection trouvée !

--------------------[ Fin du rapport à 12:39:49,18 ]----------------------
17 Novembre 2007 14:18:23

bonjour

reposte un log hijackthis stp
18 Novembre 2007 19:47:58

bonsoir,

voila le log de hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:45:34, on 18/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7FEB1F1E-6829-3E8A-27B5-43B22797B136} - C:\DOCUME~1\GALERI~1\APPLIC~1\INFO16~1\Rule Chin.exe (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [InstRpro] c:\Windows\temp\pistart.exe c:\software\RecoverPro\HTML\scripts\start.cmd
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [signmanagerglobalname] C:\Documents and Settings\All Users\Application Data\COMPDVDSIGNMANAGER\readme loud.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CLOCK CREATIVE] C:\DOCUME~1\GALERI~1\APPLIC~1\THUNKE~1\title ace.exe
O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O4 - HKCU\..\Run: [BlazeServoTool] "d:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/fr/SysWebTelecomInt.c...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7621 bytes
18 Novembre 2007 20:34:31

bonsoir

~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: (no name) - {7FEB1F1E-6829-3E8A-27B5-43B22797B136} - C:\DOCUME~1\GALERI~1\APPLIC~1\INFO16~1\Rule Chin.exe
O4 - HKLM\..\Run: [signmanagerglobalname] C:\Documents and Settings\All Users\Application Data\COMPDVDSIGNMANAGER\readme loud.exe
O4 - HKCU\..\Run: [CLOCK CREATIVE] C:\DOCUME~1\GALERI~1\APPLIC~1\THUNKE~1\title ace.exe

O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\uwfx5.exe" /min
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe (file missing)
O16 - DPF: {511F9316-771B-4953-A268-1C36DA667FE9} - http://ip.sponsoradulto.com/cab/3/ [...] comInt.cab


Clique sur Fix checked (en bas à gauche)


Sélectionne TOUS les emplacements en gras ci-dessous :

C:\Documents and settings\galerie vivienne\Application Data\INFO16DART
C:\Documents and settings\galerie vivienne\Application Data\THUNKE~1
C:\Program Files\WinFixer 2005
C:\program files\fichiers communs\WinFixer 2005
C:\Documents and Settings\All Users\Application Data\COMPDVDSIGNMANAGER


---> Clique-droit puis Copier (ou Ctrl+C)

Double-clique sur OTMoveIt.exe afin de le lancer.
Fais un Clique-droit sur le cadre de gauche puis choisis Coller (ou Ctrl+V).
Clique maintenant sur [#ff0000]MoveIt![/#f]

[#ff0000]Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer.
Accepte en cliquant sur YES.[/#f]

Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport correspond au moment de sa création : date_heure.log

->Informations sur le logiciel<-
18 Novembre 2007 21:24:48

j ai effectue les manips....

C:\Documents and settings\galerie vivienne\Application Data\INFO16DART moved successfully.
File/Folder C:\Documents and settings\galerie vivienne\Application Data\THUNKE~1 not found.
File/Folder C:\Program Files\WinFixer 2005 not found.
C:\program files\fichiers communs\WinFixer 2005 moved successfully.
File/Folder C:\Documents and Settings\All Users\Application Data\COMPDVDSIGNMANAGER not found.
File/Folder not found.

Created on 11/18/2007 21:22:49

18 Novembre 2007 21:33:40

ok

tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec et poster le rapport. :) 


Désinstalle correctement Avast!


Pour le remplacer par Antivir.

-->Tuto<--


Pourquoi changer ? : Avast! vs Antivir
18 Novembre 2007 22:38:29

Je suis en tarin de faire le scan compelt, il detecte quelques éléments suspect que je mets en quarantaine pour le moment, je post le rapport des que le scan est fini...
18 Novembre 2007 23:18:32

bon il a bien travaille :) 



AntiVir PersonalEdition Classic
Report file date: dimanche 18 novembre 2007 22:23

Scanning for 933576 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: VIVIENNE

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 21:04:14
ANTIVIR3.VDF : 7.0.0.227 112128 Bytes 18/11/2007 21:04:14
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 18/11/2007 21:04:14
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: dimanche 18 novembre 2007 22:23

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'Plauto.exe' - '1' Module(s) have been scanned
Scan process 'dslmon.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'MsgPlus.exe' - '1' Module(s) have been scanned
Scan process 'opware32.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\' <System>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\galerie vivienne\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/GALERI~1/Bureau/Upload_Me/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> DOCUME~1/GALERI~1/Bureau/Upload_Me/ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
--> DOCUME~1/GALERI~1/Bureau/Upload_Me/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
--> DOCUME~1/GALERI~1/Bureau/Upload_Me/i-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/GALERI~1/Bureau/Upload_Me/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/GALERI~1/Bureau/Upload_Me/wininstall.exe
[DETECTION] Is the Trojan horse TR/Agent.crf.1
[INFO] The file was moved to '47acaf50.qua'!
C:\Documents and Settings\galerie vivienne\Bureau\MSNFix\MSNFix\15112007_23354709.zip
[0] Archive type: ZIP
--> backup/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> backup/ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
--> backup/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
--> backup/i-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wininstall.exe
[DETECTION] Is the Trojan horse TR/Agent.crf.1
[INFO] The file was moved to '4771af3b.qua'!
C:\Documents and Settings\galerie vivienne\Local Settings\Temporary Internet Files\Content.IE5\L3VB5P4E\a8f5a020e4b833865a1034489887c8b9[1].zip
[0] Archive type: ZIP
--> b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '47a6b016.qua'!
C:\Documents and Settings\galerie vivienne\Local Settings\Temporary Internet Files\Content.IE5\NA83FD0T\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4790b058.qua'!
C:\Documents and Settings\galerie vivienne\Local Settings\Temporary Internet Files\Content.IE5\NA83FD0T\wr-1-1148[1].jpg
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '476db0ac.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055380.exe
[DETECTION] Is the Trojan horse TR/Agent.crf.1
[INFO] The file was moved to '4770b553.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055381.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4770b55b.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055382.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '4770b560.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055393.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[INFO] The file was moved to '4770b563.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055394.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4770b566.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055398.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '4770b56c.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055399.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.559616
[INFO] The file was moved to '4770b56e.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055407.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4770b571.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055408.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4770b574.qua'!
C:\System Volume Information\_restore{9B08B945-5FE8-4A8D-B5D0-31B3BB497D7F}\RP761\A0055411.exe
[DETECTION] Is the Trojan horse TR/Agent.crf.1
[INFO] The file was moved to '4770b576.qua'!
Begin scan in 'D:\' <Data>


End of the scan: dimanche 18 novembre 2007 23:17
Used time: 54:06 min

The scan has been done completely.

4909 Scanning directories
299248 Files were scanned
27 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
15 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
299221 Files not concerned
7665 Archives were scanned
1 Warnings
0 Notes

19 Novembre 2007 21:39:49

bonsoir

reposte un log hijackthis stp
19 Novembre 2007 22:01:42

Bonsoir, voila le log :) 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:12, on 19/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\CASIO\Photo Loader\Plauto.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?linkid=677
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [InstRpro] c:\Windows\temp\pistart.exe c:\software\RecoverPro\HTML\scripts\start.cmd
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BlazeServoTool] "d:\Program Files\BlazeVideo\BlazeDVD 5 Standard\MediaDetector.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Supervision de Photo Loader.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6653 bytes
19 Novembre 2007 22:06:49

tu as encore des soucis?
19 Novembre 2007 22:08:31

en fait j ai pas tente la reconnexion... j attendais ton feux vert ;) 
19 Novembre 2007 22:11:51

tu l'as :) 

Supprime tous les programmes installés pour la désinfection.
~Edite ton premier message (en cliquant sur la gomme) et marque [résolu] dans le titre.

:hello: 
19 Novembre 2007 22:12:41

Plus de problème à premiere vue :D 

merci beacoup pour ton aide !

bonne continuation
19 Novembre 2007 22:41:55

bon surf

:hello: 
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS