Probleme XP : virus + lenteur
patrice
-
Neo-Nil@u Messages postés 1595 Statut Contributeur -
Neo-Nil@u Messages postés 1595 Statut Contributeur -
Bonjour,
J'ai un souci avec mon portable, il est sous XP avec 128 de Ram.
depuis quelque temps IE est très lent.
J'ai lancer un antivirus qui m'a trouvé de trucs pas sympa .
Mais je ne sais pas trop comment faire le ménage.
voici le CR :
C:\
hiberfil.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\compaq\Mes documents\patrice\outils_à_récupérer
banque.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Error! Could not change directory: System Volume Information
C:\WINDOWS
HttpDownloader.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.CY.2
C:\WINDOWS\system32
arknd.exe
[DETECTION] Contains signature of the worm Worm/Korgo.R
taskmngrs.exe
[DETECTION] Contains signature of the worm Worm/Rbot.BE
wuamgrd.exe
[DETECTION] Contains signature of the worm Worm/Agobot.AAG
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7
x[1].exe
[DETECTION] Contains signature of the worm Worm/Korgo.R
x[2].exe
[DETECTION] Contains signature of the worm Worm/Korgo.W
x[3].exe
[DETECTION] Contains signature of the worm Worm/Korgo.Q
C:\WINDOWS\Temp
ZLT015e9.TMP
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
De plus j'ai lance Hijackthis pour voir ce qui tournait réellement, voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 16:45:24, on 10/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AVPersonal\AVWIN.EXE
C:\WINDOWS\System32\notepad.exe
C:\Documents and Settings\compaq\Mes documents\patrice\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.laposte.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=3C01&lc=040c&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=040c&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=040c&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=040c&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=3C01&lc=040c&ac
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [La Poste] C:\Program Files\LaPoste\laposte.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.0.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Quelqu'un peut il m'aider ?
J'ai un souci avec mon portable, il est sous XP avec 128 de Ram.
depuis quelque temps IE est très lent.
J'ai lancer un antivirus qui m'a trouvé de trucs pas sympa .
Mais je ne sais pas trop comment faire le ménage.
voici le CR :
C:\
hiberfil.sys
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
pagefile.sys
Access denied! Error during file opening!
This is a Windows swap file. This file is locked by Windows.
Error code: 0x000D
WARNING! Access error/file locked!
C:\Documents and Settings\compaq\Mes documents\patrice\outils_à_récupérer
banque.zip
ArchiveType: ZIP
NOTE! The whole archive is password protected
Error! Could not change directory: System Volume Information
C:\WINDOWS
HttpDownloader.exe
[DETECTION] Is the Trojan horse TR/Dldr.Delf.CY.2
C:\WINDOWS\system32
arknd.exe
[DETECTION] Contains signature of the worm Worm/Korgo.R
taskmngrs.exe
[DETECTION] Contains signature of the worm Worm/Rbot.BE
wuamgrd.exe
[DETECTION] Contains signature of the worm Worm/Agobot.AAG
C:\WINDOWS\system32\config
default
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SAM
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
SECURITY
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
software
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
system
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7
x[1].exe
[DETECTION] Contains signature of the worm Worm/Korgo.R
x[2].exe
[DETECTION] Contains signature of the worm Worm/Korgo.W
x[3].exe
[DETECTION] Contains signature of the worm Worm/Korgo.Q
C:\WINDOWS\Temp
ZLT015e9.TMP
Access denied! Error during file opening!
Error code: 0x000D
WARNING! Access error/file locked!
De plus j'ai lance Hijackthis pour voir ce qui tournait réellement, voici le rapport:
Logfile of HijackThis v1.99.1
Scan saved at 16:45:24, on 10/04/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\COMPAQ\CPQINET\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Samsung\Digimax Viewer 2.0\STImgBrowser.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AVPersonal\AVWIN.EXE
C:\WINDOWS\System32\notepad.exe
C:\Documents and Settings\compaq\Mes documents\patrice\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.laposte.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=3C01&lc=040c&ac
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=040c&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=040c&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redirectors/presario/srchredir2.dll?c=3C01&lc=040c&s=search&ap=b204
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://desktop.presario.net/scripts/redirectors/presario/deskredir2.dll?s=consumer&ap=b201&c=3C01&lc=040c&ac
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=374
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [La Poste] C:\Program Files\LaPoste\laposte.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digimax Viewer 2.0.lnk = ?
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Rappels du Calendrier Microsoft Works.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Sites Perso - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra 'Tools' menuitem: Compaq France - {06FE5D05-8F11-11d2-804F-00105A133818} - http://compaqnet.ifrance.com/heberg/accueil (file missing)
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {B94B4225-E02E-4D3F-BADB-026F1E2F3AD7} (HttpDownloader Control) - file://C:\WINDOWS\SexDownloader.cab
O16 - DPF: {DD3641E5-A9CF-11D1-9AA1-444553540000} (Surround Video V3.0 Control Object) - http://www.lanson.net/svideo3.cab
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Fichiers communs\EPSON\EBAPI\SAgent2.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Quelqu'un peut il m'aider ?
A voir également:
- Probleme XP : virus + lenteur
- Cle windows xp - Guide
- Cd burner xp - Télécharger - Gravure
- Telecharger windows xp - Télécharger - Systèmes d'exploitation
- Download windows xp sp2 32 bit iso bootable - Télécharger - Divers Utilitaires
- Winsetupfromusb windows xp - Télécharger - Utilitaires
5 réponses
Salut patrice,
lance un scan chez RAV :
http://www.ravantivirus.com/scan/
Clique sur "To continue without subscribing click here" et attends quelques minutes.
Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
A la fin de l'analyse, copie/colle le rapport ici
lance un scan chez RAV :
http://www.ravantivirus.com/scan/
Clique sur "To continue without subscribing click here" et attends quelques minutes.
Lorsque "Ready" est affiché dans "status", coche la case "Autoclean" puis clique sur "Scan my PC"
A la fin de l'analyse, copie/colle le rapport ici
pour l'option autoclean, cela ne risque pas de me
détruire des exe système s'ils sont infectés?
excuse pour cette question mais j'y connais pas grand chose .
détruire des exe système s'ils sont infectés?
excuse pour cette question mais j'y connais pas grand chose .
Autoclean: Automatic clean the infected/suspicious files.
Ne t inquiete pas cela nettoyera proprement et sans soucis...
Ne t inquiete pas cela nettoyera proprement et sans soucis...
voici le rapport:
Scan started at 11/04/2005 18:50:28
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\autoclk.exe - Trojan:Win32/KillReg.D -> Infected
C:\WINDOWS\system32\arknd.exe - Win32/Korgo.R.worm -> Infected
C:\WINDOWS\system32\taskmngrs.exe - Backdoor:Win32/Rbot -> Infected
C:\WINDOWS\system32\TFTP2560 - Backdoor:Win32/Rbot.dam#2 -> Infected
C:\WINDOWS\system32\wuamgrd.exe - Backdoor:Win32/Rbot -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7\x[1].exe - Win32/Korgo.R.worm -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7\x[2].exe - Win32/Korgo.AA.worm -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7\x[3].exe - Win32/Korgo.V.worm -> Infected
Scanned
============================
Objects: 29633
Directories: 2114
Archives: 6245
Size(Kb): 1610470
Infected files: 8
Found
============================
Viruses found: 6
Suspicious files: 0
Disinfected files: 0
Mail files: 41
que dois je faire pour virer ces merdes ?
merci d'avance pour votre aide
Scan started at 11/04/2005 18:50:28
Scanning memory...
Scanning boot sectors...
Scanning files...
C:\WINDOWS\autoclk.exe - Trojan:Win32/KillReg.D -> Infected
C:\WINDOWS\system32\arknd.exe - Win32/Korgo.R.worm -> Infected
C:\WINDOWS\system32\taskmngrs.exe - Backdoor:Win32/Rbot -> Infected
C:\WINDOWS\system32\TFTP2560 - Backdoor:Win32/Rbot.dam#2 -> Infected
C:\WINDOWS\system32\wuamgrd.exe - Backdoor:Win32/Rbot -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7\x[1].exe - Win32/Korgo.R.worm -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7\x[2].exe - Win32/Korgo.AA.worm -> Infected
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O1MFSHY7\x[3].exe - Win32/Korgo.V.worm -> Infected
Scanned
============================
Objects: 29633
Directories: 2114
Archives: 6245
Size(Kb): 1610470
Infected files: 8
Found
============================
Viruses found: 6
Suspicious files: 0
Disinfected files: 0
Mail files: 41
que dois je faire pour virer ces merdes ?
merci d'avance pour votre aide
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bonsoir Patrice,
suis les différents chemins et vire ce qui est en gras :
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\arknd.exe
C:\WINDOWS\system32\taskmngrs.exe
C:\WINDOWS\system32\TFTP2560
C:\WINDOWS\system32\config...\x[1].exe
C:\WINDOWS\system32\config...\x[2].exe
C:\WINDOWS\system32\config...\x[3].exe
Ensuite, reposte un nouveau log RAV
suis les différents chemins et vire ce qui est en gras :
C:\WINDOWS\autoclk.exe
C:\WINDOWS\system32\arknd.exe
C:\WINDOWS\system32\taskmngrs.exe
C:\WINDOWS\system32\TFTP2560
C:\WINDOWS\system32\config...\x[1].exe
C:\WINDOWS\system32\config...\x[2].exe
C:\WINDOWS\system32\config...\x[3].exe
Ensuite, reposte un nouveau log RAV
