"Win32:Trojan-gen", rapport hijackthis

Batmane -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

mon pc a chopé le vers ou virus "Win32:Trojan-gen". Après une rapide recherche sur le net, j'ai donc téléchargé Hijackthis et voici le rapport ci dessous.
Je serais ravie de connaitre à présent la marche à suivre ! Merci à qui me filera un coup de main :)
Bon dimanche

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:43, on 22/03/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{ED455B96-0ACD-4B2B-9F0B-D07DBC55B8F7}: NameServer = 192.168.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe

--
End of file - 8149 bytes
Configuration: Windows XP
Firefox 3.0.7

8 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    scan avec
    MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    __________________

    colle un rapport avec antivir que tu as

    __________________

    mettre a jour internet explorer
    pour XP
    http://download.microsoft.com/...
    pour VISTA:
    http://download.microsoft.com/download/5/9/8/598CDBFA-4C11-45BA-8283-91439C7B8E5B/IE8-WindowsVista-x86-FRA.exe

    mettre à jour adobe reader puis vire les anciennes versions via ton panneau de configuration
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    ________________________

    Mettre a jour java:
    https://javara.fr.malavida.com/

    Télécharge JavaRa.zip de Paul 'Prm753' McLain et Fred de Vries.
    Décompresse le fichier sur ton bureau (clique droit > Extraire tout.)
    Double-clique sur le répertoire JavaRa obtenu.
    Puis double-clique sur le fichier JavaRa.exe (le .exe peut ne pas s'afficher)
    Clique sur Search For Updates.
    Sélectionne Update Using jucheck.exe puis clique sur Search.
    Autorise le processus à se connecter s'il te le demande, clique sur Install et suis les instructions d'installation. Cela prendra quelques minutes.
    Quand l'installation est terminée, revient à l'écran de JavaRa et clique sur Remove Older Versions.
    Clique sur Oui pour confirmer. L'outil va travailler, clique ensuite sur Ok, puis une deuxième fois sur Ok.
    Un rapport va s'ouvrir, copie-colle le dans ta prochaine réponse.
    Note : le rapport se trouve aussi à la racine de la partition système, en général C:\ sous le nom JavaRa.log
    (c:\JavaRa.log)
    Ferme l'application.

    si cela ne fonctionne pas

    https://www.java.com/fr/download/windows_manual.jsp?locale=fr&host=www.java.com:80

    tu peux désinstaller les vieilles versions.
    __________________

    Télécharge ici :

    http://images.malwareremoval.com/random/RSIT.exe

    random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.

    Double-clique sur RSIT.exe afin de lancer RSIT.

    Clique Continue à l'écran Disclaimer.

    Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.

    Poste le contenu de log.txt (<<qui sera affiché)
    ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).

    NB : Les rapports sont sauvegardés dans le dossier C:\rsit
    0
    1. Batmane
       
      Hey

      merci de ta rapide réponse.

      Voilà le rapport Malware Byte ci dessous. J'attends le rapport antivirus, ça met du temps.

      Malwarebytes' Anti-Malware 1.34
      Version de la base de données: 1883
      Windows 5.1.2600 Service Pack 2

      22/03/2009 12:25:10
      mbam-log-2009-03-22 (12-25-10).txt

      Type de recherche: Examen rapide
      Eléments examinés: 68415
      Temps écoulé: 3 minute(s), 5 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 1
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    a plus
    0
    1. Batmane
       
      et voilà le rapport antiVir. Qu'en dites vous ?...

      Avira AntiVir Personal
      Report file date: dimanche 22 mars 2009 12:26

      Scanning for 1310220 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: BIKINI-KILL

      Version information:
      BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 29/11/2008 15:11:35
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 30/07/2008 08:47:35
      LUKE.DLL : 8.1.4.5 164097 Bytes 30/07/2008 08:47:35
      LUKERES.DLL : 8.1.4.0 12033 Bytes 30/07/2008 08:47:35
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:50:46
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 11:10:27
      ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 21:47:37
      ANTIVIR3.VDF : 7.1.2.197 263168 Bytes 20/03/2009 18:48:04
      Engineversion : 8.2.0.120
      AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 11:33:53
      AESCRIPT.DLL : 8.1.1.67 364923 Bytes 18/03/2009 18:37:12
      AESCN.DLL : 8.1.1.8 127346 Bytes 05/03/2009 19:00:09
      AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 12:12:04
      AEPACK.DLL : 8.1.3.10 397686 Bytes 05/03/2009 19:00:08
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 28/02/2009 20:18:46
      AEHEUR.DLL : 8.1.0.107 1663352 Bytes 18/03/2009 18:37:11
      AEHELP.DLL : 8.1.2.2 119158 Bytes 28/02/2009 20:18:44
      AEGEN.DLL : 8.1.1.30 336245 Bytes 18/03/2009 18:37:08
      AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 14:32:54
      AECORE.DLL : 8.1.6.6 176501 Bytes 18/02/2009 13:59:22
      AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 14:32:53
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 30/07/2008 08:47:35
      AVPREF.DLL : 8.0.2.0 38657 Bytes 30/07/2008 08:47:35
      AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 18:33:56
      AVREG.DLL : 8.0.0.1 33537 Bytes 30/07/2008 08:47:35
      AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 14:11:58
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 30/07/2008 08:47:35
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 14:11:58
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 30/07/2008 08:47:35
      NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 14:11:58
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 30/07/2008 08:47:34
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 30/07/2008 08:47:34

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:, E:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: dimanche 22 mars 2009 12:26

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'notepad.exe' - '1' Module(s) have been scanned
      Scan process 'VFonts.exe' - '1' Module(s) have been scanned
      Scan process 'mbam.exe' - '1' Module(s) have been scanned
      Scan process 'notepad.exe' - '1' Module(s) have been scanned
      Scan process 'notepad.exe' - '1' Module(s) have been scanned
      Scan process 'Illustrator.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'Photoshop.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
      Scan process 'emule.exe' - '1' Module(s) have been scanned
      Scan process 'PDVD8Serv.exe' - '1' Module(s) have been scanned
      Scan process 'SMax4.exe' - '1' Module(s) have been scanned
      Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
      Scan process 'Acrotray.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
      Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
      Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      41 processes with 41 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'E:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '49' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Program Files\eMule\Incoming\Quark Express 7.zip
      [0] Archive type: ZIP
      --> Quark Express 7.0/PARADOX/Quark_Xpress_7_Keygen.exe
      [DETECTION] Contains HEUR/Crypted suspicious code
      [WARNING] The file was ignored!
      C:\Program Files\eMule\Incoming\Quark Xpress 7 Keygen.rar
      [0] Archive type: RAR
      --> Quark_Xpress_7_Keygen.exe
      [DETECTION] Contains HEUR/Crypted suspicious code
      [WARNING] The file was ignored!
      C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING] The file could not be opened!
      Begin scan in 'E:\' <Robin>
      E:\Mes documents\CDs\Noir.Desir_Veuillez.Rendre.L'âme.(à.Qui.Elle.Appartient).(full.album).best.quality.by.MARY.ace
      [0] Archive type: ACE
      --> 02 - Aux sombres hツros de l'amer.mp3
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      E:\Mes documents\logiciels\Copie de CyberLink.2217D_TaRe38_On_DVD080924-02.exe.part
      [0] Archive type: CAB SFX (self extracting)
      --> \0x0407.ini
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      E:\Mes documents\MUSIC\punk\souris déglinguée\La souris deglinguee 5 albums (www.beedonkey.com).ace
      [0] Archive type: ACE
      --> Temp\La souris dツglinguツe 422337.m3u
      [WARNING] No further files can be extracted from this archive. The archive will be closed


      End of the scan: dimanche 22 mars 2009 13:09
      Used time: 43:08 Minute(s)

      The scan has been done completely.

      9843 Scanning directories
      525915 Files were scanned
      0 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      525911 Files not concerned
      3500 Archives were scanned
      7 Warnings
      0 Notes
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fais le reste déjà donné puis

    il faut faire gaffe quand tu télécharge!!! et analyser les fichiers avec antivir avant de les ouvrir!

    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    C:\Program Files\eMule\Incoming\Quark Express 7.zip
    C:\Program Files\eMule\Incoming\Quark Xpress 7 Keygen.rar
    E:\Mes documents\CDs\Noir.Desir_Veuillez.Rendre.L'âme.(à.Qui.Elle.Appartient).(full.album).best.quality.by.MARY.ace
    E:\Mes documents\logiciels\Copie de CyberLink.2217D_TaRe38_On_DVD080924-02.exe.part
    E:\Mes documents\MUSIC\punk\souris déglinguée\La souris deglinguee 5 albums (www.beedonkey.com).ace
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. Batmane
       
      excuse moi, je n'avais pas vu la suite des opérations à effectuer dans ton message. Donc c'est fait, pour java j'ai installé la version trouvée sur la 2è adresse donnée (la première ne fonctionnait pas).voilà les 2 rapports demandés :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Batmane at 2009-03-22 18:43:09
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 7 GB (12%) free of 60 GB
      Total RAM: 2047 MB (76% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:43:11, on 22/03/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared files\RichVideo.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Documents and Settings\Batmane\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Batmane.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
      O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O17 - HKLM\System\CCS\Services\Tcpip\..\{ED455B96-0ACD-4B2B-9F0B-D07DBC55B8F7}: NameServer = 192.168.1.1
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.

    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste instruction for items to be moved.
    (attention bien mettre :files)

    :files
    C:\Program Files\eMule\Incoming\Quark Express 7.zip
    C:\Program Files\eMule\Incoming\Quark Xpress 7 Keygen.rar
    E:\Mes documents\CDs\Noir.Desir_Veuillez.Rendre.L'âme.(à.Qui.Elle.A­ppartient).(full.album).best.quality.by.MARY.ace
    E:\Mes documents\logiciels\Copie de CyberLink.2217D_TaRe38_On_DVD080924-02.exe.part
    E:\Mes documents\MUSIC\punk\souris déglinguée\La souris deglinguee 5 albums (www.beedonkey.com).ace
    :reg
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c58991-d9b0-11dc-aaf9-001d60b70576}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa05c59-7828-11dd-872b-001d60b70576}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffe5484e-48fd-11dd-aba3-001d60b70576}]
    :commands
    [purity]
    [emptytemp]
    [start explorer]

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    0
    1. Batmane
       
      encore merci, voilà, quelle est la suite du programme ? J'ai fait deux fois la dernière manip, une fois avec
      :files
      C:\Program Files\eMule\Incoming\Quark Express 7.zip
      C:\Program Files\eMule\Incoming\Quark Xpress 7 Keygen.rar
      E:\Mes documents\CDs\Noir.Desir_Veuillez.Rendre.L'âme.(à.Qui.Elle.Appartient).(full.album).best.quality.by.MARY.ace
      E:\Mes documents\logiciels\Copie de CyberLink.2217D_TaRe38_On_DVD080924-02.exe.part
      E:\Mes documents\MUSIC\punk\souris déglinguée\La souris deglinguee 5 albums (www.beedonkey.com).ace
      :commands
      [purity]
      [emptytemp]
      [start explorer]

      et une fois avec
      :files
      C:\Program Files\eMule\Incoming\Quark Express 7.zip
      C:\Program Files\eMule\Incoming\Quark Xpress 7 Keygen.rar
      E:\Mes documents\CDs\Noir.Desir_Veuillez.Rendre.L'âme.(à.Qui.Elle.A­ppartient).(full.album).best.quality.by.MARY.ace
      E:\Mes documents\logiciels\Copie de CyberLink.2217D_TaRe38_On_DVD080924-02.exe.part
      E:\Mes documents\MUSIC\punk\souris déglinguée\La souris deglinguee 5 albums (www.beedonkey.com).ace
      :reg
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c58991-d9b0-11dc-aaf9-001d60b70576}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa05c59-7828-11dd-872b-001d60b70576}]
      [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffe5484e-48fd-11dd-aba3-001d60b70576}]
      :commands
      [purity]
      [emptytemp]
      [start explorer]

      Voici les deux rapports :
      ========== FILES ==========
      C:\Program Files\eMule\Incoming\Quark Express 7.zip moved successfully.
      C:\Program Files\eMule\Incoming\Quark Xpress 7 Keygen.rar moved successfully.
      E:\Mes documents\CDs\Noir.Desir_Veuillez.Rendre.L'âme.(à.Qui.Elle.Appartient).(full.album).best.quality.by.MARY.ace moved successfully.
      E:\Mes documents\logiciels\Copie de CyberLink.2217D_TaRe38_On_DVD080924-02.exe.part moved successfully.
      E:\Mes documents\MUSIC\punk\souris déglinguée\La souris deglinguee 5 albums (www.beedonkey.com).ace moved successfully.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\Batmane\LOCALS~1\Temp\etilqs_wYt8e9DfcoY1UuWwZgKr scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\Batmane\LOCALS~1\Temp\~DF9B7F.tmp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_8e8.dat scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03222009_184955

      Files moved on Reboot...
      File move failed. C:\DOCUME~1\Batmane\LOCALS~1\Temp\etilqs_wYt8e9DfcoY1UuWwZgKr scheduled to be moved on reboot.
      File move failed. C:\DOCUME~1\Batmane\LOCALS~1\Temp\~DF9B7F.tmp scheduled to be moved on reboot.
      File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
      File move failed. C:\WINDOWS\temp\Perflib_Perfdata_8e8.dat scheduled to be moved on reboot.
      File move failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_001_ scheduled to be moved on reboot.
      File move failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_002_ scheduled to be moved on reboot.
      File move failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_003_ scheduled to be moved on reboot.
      File move failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_MAP_ scheduled to be moved on reboot.
      File move failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\urlclassifier3.sqlite scheduled to be moved on reboot.
      File move failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\XUL.mfl scheduled to be moved on reboot.

      /////////////////////

      ========== FILES ==========
      File/Folder C:\Program Files\eMule\Incoming\Quark Express 7.zip not found.
      File/Folder C:\Program Files\eMule\Incoming\Quark Xpress 7 Keygen.rar not found.
      File/Folder E:\Mes documents\CDs\Noir.Desir_Veuillez.Rendre.L'âme.(à.Qui.Elle.A­ppartient).(full.album).best.quality.by.MARY.ace not found.
      File/Folder E:\Mes documents\logiciels\Copie de CyberLink.2217D_TaRe38_On_DVD080924-02.exe.part not found.
      File/Folder E:\Mes documents\MUSIC\punk\souris déglinguée\La souris deglinguee 5 albums (www.beedonkey.com).ace not found.
      ========== REGISTRY ==========
      Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10c58991-d9b0-11dc-aaf9-001d60b70576}\\ deleted successfully.
      Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4aa05c59-7828-11dd-872b-001d60b70576}\\ deleted successfully.
      Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ffe5484e-48fd-11dd-aba3-001d60b70576}\\ deleted successfully.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\Batmane\LOCALS~1\Temp\etilqs_eplwLKI3lq6171A9CD46 scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\Batmane\LOCALS~1\Temp\~DF69E5.tmp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Temporary Internet Files folder emptied.
      User's Internet Explorer cache folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.9.0 log created on 03222009_185927

      Files moved on Reboot...
      File C:\DOCUME~1\Batmane\LOCALS~1\Temp\etilqs_eplwLKI3lq6171A9CD46 not found!
      C:\DOCUME~1\Batmane\LOCALS~1\Temp\~DF69E5.tmp moved successfully.
      File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
      File C:\WINDOWS\temp\Perflib_Perfdata_1c4.dat not found!
      C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_001_ moved successfully.
      C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_002_ moved successfully.
      C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_003_ moved successfully.
      C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\Cache\_CACHE_MAP_ moved successfully.
      C:\Documents and Settings\Batmane\Local Settings\Application Data\Mozilla\Firefox\Profiles\tpa4mtli.default\urlclassifier3.sqlite moved successfully.
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    remets un rapport RSIt et dis si encore des soucis?
    0
    1. Batmane
       
      ci dessous le rapport Rsit.
      J'ai aussi relancé l'anitVir qui a l'air de détecter encore les mêmes trucs pas bons... (le rapport est en dessous)

      RSIT :

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Batmane at 2009-03-22 19:37:05
      Microsoft Windows XP Professionnel Service Pack 2
      System drive C: has 7 GB (12%) free of 60 GB
      Total RAM: 2047 MB (55% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:37:09, on 22/03/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\CyberLink\Shared files\RichVideo.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\eMule\emule.exe
      C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\wscntfy.exe
      c:\program files\avira\antivir personaledition classic\avcenter.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
      C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
      C:\Documents and Settings\Batmane\Bureau\RSIT.exe
      C:\Program Files\Trend Micro\HijackThis\Batmane.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O2 - BHO: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
      O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
      O3 - Toolbar: VMN Toolbar - {A057A204-BACC-4D26-8287-79A187E26987} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
      O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
      O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Ajouter au fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
      O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
      O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O17 - HKLM\System\CCS\Services\Tcpip\..\{ED455B96-0ACD-4B2B-9F0B-D07DBC55B8F7}: NameServer = 192.168.1.1
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
      0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok il a trouvé les fichiers qui ont déjà été mis en quarantaine

    vire le fichier otmovit en allant dans poste de travail puis c

    ______________

    vire ce qui est en quarantaine dans antivir

    ____________

    mettre à jour adobe reader puis vire les anciennes versions via ton panneau de configuration
    https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

    _____________

    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    voilà tu peux verifier avec antivir c'est bon!!!
    0
  8. Batmane
     
    otmovit viré.

    Mais je ne sais pas où trouver les fichiers mis en quarantaine par antiVir pour les virer. Où est-ce ?

    J'ai déjà mis à jour aujourd'hui adobe reader, mais je ne trouve nulle part comment virer l'ancienne version avec la panneau de config. C'est pas automatiquement écrasé ?
    0
    1. Batmane
       
      ça a l'air à peu près ok. ici le dernier rapport antvir.
      C'est tout bon ? merci beaucoup !!

      Avira AntiVir Personal
      Report file date: dimanche 22 mars 2009 22:11

      Scanning for 1310879 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: BIKINI-KILL

      Version information:
      BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 29/11/2008 15:11:35
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 30/07/2008 08:47:35
      LUKE.DLL : 8.1.4.5 164097 Bytes 30/07/2008 08:47:35
      LUKERES.DLL : 8.1.4.0 12033 Bytes 30/07/2008 08:47:35
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:50:46
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 11:10:27
      ANTIVIR2.VDF : 7.1.2.152 749568 Bytes 11/03/2009 21:47:37
      ANTIVIR3.VDF : 7.1.2.198 271872 Bytes 21/03/2009 18:48:22
      Engineversion : 8.2.0.120
      AEVDF.DLL : 8.1.1.0 106868 Bytes 31/01/2009 11:33:53
      AESCRIPT.DLL : 8.1.1.67 364923 Bytes 18/03/2009 18:37:12
      AESCN.DLL : 8.1.1.8 127346 Bytes 05/03/2009 19:00:09
      AERDL.DLL : 8.1.1.3 438645 Bytes 05/11/2008 12:12:04
      AEPACK.DLL : 8.1.3.10 397686 Bytes 05/03/2009 19:00:08
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 28/02/2009 20:18:46
      AEHEUR.DLL : 8.1.0.107 1663352 Bytes 18/03/2009 18:37:11
      AEHELP.DLL : 8.1.2.2 119158 Bytes 28/02/2009 20:18:44
      AEGEN.DLL : 8.1.1.30 336245 Bytes 18/03/2009 18:37:08
      AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 14:32:54
      AECORE.DLL : 8.1.6.6 176501 Bytes 18/02/2009 13:59:22
      AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 14:32:53
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 30/07/2008 08:47:35
      AVPREF.DLL : 8.0.2.0 38657 Bytes 30/07/2008 08:47:35
      AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 18:33:56
      AVREG.DLL : 8.0.0.1 33537 Bytes 30/07/2008 08:47:35
      AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 14:11:58
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 30/07/2008 08:47:35
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 14:11:58
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 30/07/2008 08:47:35
      NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 14:11:58
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 30/07/2008 08:47:34
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 30/07/2008 08:47:34

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:, E:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: dimanche 22 mars 2009 22:11

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
      Scan process 'firefox.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'FNPLicensingService.exe' - '1' Module(s) have been scanned
      Scan process 'emule.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'PDVD8Serv.exe' - '1' Module(s) have been scanned
      Scan process 'SMax4.exe' - '1' Module(s) have been scanned
      Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
      Scan process 'Acrotray.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
      Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
      Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
      Scan process 'jqs.exe' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      37 processes with 37 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'E:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '51' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\WINDOWS\system32\drivers\sptd.sys
      [WARNING] The file could not be opened!
      Begin scan in 'E:\' <Robin>


      End of the scan: dimanche 22 mars 2009 22:51
      Used time: 39:51 Minute(s)

      The scan has been done completely.

      9764 Scanning directories
      509532 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      509530 Files not concerned
      3330 Archives were scanned
      2 Warnings
      0 Notes
      0
  9. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    pour virer ce qui est en quarantaine dans antivir:

    tu lance antivir puis tu vas dans ADMINISTRATION puis quarantine et tu vire ce qui est dedans

    rq: pour antivir il est preferable au moment du scan de faire une recherche des rootkits

    Search for rootkits..............: off

    _______________

    J'ai déjà mis à jour aujourd'hui adobe reader, mais je ne trouve nulle part comment virer l'ancienne version avec la panneau de config. C'est pas automatiquement écrasé ?

    tu vas panneau de configuration puis AJOUT/SUPPRESSION DE PROGRAMME

    voila c'est bon

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ANTIVIR ou AVG8 ou (AVAST )
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    https://www.avira.com/fr/free-antivirus-windows
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT +/- si tea timer non active de spybot:
    WINDOWS DEFENDER ou SPYWARE TERMINATOR ou SPYWARE GUARD
    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    Rq : spybot … sortent de nouvelles versions régulièrement, vérifiez que vous avez la dernière version
    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit) ou COMODO

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/39911.html
    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    https://www.01net.com/telecharger/windows/Securite/firewall/fiches/18128.html
    https://www.zonealarm.com/software/free-firewall

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0