Sujet Précédent Sujet Suivant

Problem avec ERASEME

Belle boule Messages postés 12 Statut Membre -  
 Utilisateur anonyme -
Bonjour

Voila cela fait une semaine que je cherche a me débarasser de ERASME et il revient tous le temps.

Mon ordinateur fonctionne avec windows 2000 et norton antivirus ver 10.1 qui reusi a le détecter et le supprimer mais il trouve le moyen de resurgir de temps a autres.

Voila un rapport de hi jact:

Logfile of HijackThis v1.99.1
Scan saved at 13:08:38, on 25-09-06
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1036\msoffice.exe
C:\WINNT\System32\cidaemon.exe
C:\Documents and Settings\Alain Fleurant\Desktop\hj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lapresse.ca
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Alain Fleurant\Application Data\Mozilla\Profiles\default\m142bcef.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alain Fleurant\Application Data\Mozilla\Profiles\default\m142bcef.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O12 - Plugin for .php: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: 11003 - Unknown owner - \\10.2.2.103\Admin$\eraseme_63645.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Merci a l'avance de votre aide

Belle Boule

19 réponses

Réponse 1 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour

voici une image d'un message de norton

http://img170.imageshack.us/img170/1733/erasemeep7.gif

Merci de me dépanner

Belle Boule
0
Réponse 2 / 19
Utilisateur anonyme
 
Salut

clic sur executer, tape: services.msc ,cherche dans la liste cette ligne et régle la sur "désactivé"

11003

Cherche et supprime ce fichier:

eraseme_63645.exe

**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement

Scannes ton Pc avec ces logiciels

SpyBot-Search & Destroy: (gratuit)
Spybot Search & Destroy

A² squared: (gratuit)
A² squared

Ad-Aware SE Personal: (en anglais, gratuit)
Ad-aware SE personal
-Le patch pour le faire fonctionner Ad-Aware SE en français: www.01net.com

A++
0
Réponse 3 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour boulepate62,

Merci beaucoups pour ta réponse,

j'ai déja Spybot & destroye et Adaware se, je télécharge A² squared et ferai un scan avec,

J'ai désactivé 11033 et je vais attendre un 12 heures pour voir ce que norton me dira

Merci encore vous faite du bon boulot

Salutation

Belle Boule
0
Réponse 4 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour boulepate62,

Merci beaucoups pour ta réponse,

j'ai déja Spybot & destroye et Adaware se, je télécharge A² squared et ferai un scan avec,

J'ai désactivé 11033 et je vais attendre un 12 heures pour voir ce que norton me dira

Merci encore vous faite du bon boulot

Salutation

Belle Boule
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour

Je crois etre un boulet car malgré les bon conseil que vous m'avez donner je ne reussi pas a nettoyer ....

Voici un scan de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 13:16:31, on 26-09-06
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1036\msoffice.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\a-squared Free\a2free.exe
C:\WINNT\System32\cidaemon.exe
C:\Documents and Settings\Alain Fleurant\Desktop\hj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lapresse.ca
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Alain Fleurant\Application Data\Mozilla\Profiles\default\m142bcef.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alain Fleurant\Application Data\Mozilla\Profiles\default\m142bcef.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O12 - Plugin for .php: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Voici un rappart de a2 squared

http://img92.imageshack.us/img92/8180/squadcq1.gif

Merci de votre support

Belle Boule
0
Réponse 6 / 19
Utilisateur anonyme
 
Si c'es tdéjà mieux ;-)

Pour a-squared tu peux tout supprimer ce qu'il t'a trouver.

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2 (en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp

https://www.bitdefender.com/toolbox/

a++
0
Réponse 7 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour

Voici le rapport fait a bitdefender

Merci pour votre temps

SAlutation

Belle Boule

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Wed, Sep 27, 2006 - 07:51:49</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">00:47:01</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">288628</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3353</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">15249</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">49571</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">456021</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\Dossier Partage\WPO2002SP3.exe=>wise0340</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: DeepScan:Generic.PWStealer.4355C91B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\Dossier Partage\WPO2002SP3.exe=>wise0340</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\Dossier Partage\WPO2002SP3.exe=>wise0340</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\Dossier Partage\WPO2002SP3.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP3.exe=>wise0340</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: DeepScan:Generic.PWStealer.4355C91B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP3.exe=>wise0340</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP3.exe=>wise0340</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP3.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP4EN.exe=>wise0284</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: DeepScan:Generic.PWStealer.8FE1D892</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP4EN.exe=>wise0284</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP4EN.exe=>wise0284</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Alain Fleurant\Desktop\anc win98\download\Corel office update\WPO2002SP4EN.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>
0
Réponse 8 / 19
Utilisateur anonyme
 
Salut,

ça me semble ok, ou en est ton probléme ?
0
Réponse 9 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour

Bien moi aussi je croyais que c'était ok mais ce matin tous cela recommence et a2 squared n'est pas en mesure de cleaner ce qu'il trouve car a chaques fois que je lui dit de nettoyer il redemmarre le pc et de plus un geniric dialer est apparue aussi

voici un rapport de hijackyhis

Logfile of HijackThis v1.99.1
Scan saved at 11:42:57, on 28-09-06
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\cisvc.exe
C:\WINNT\system32\crypserv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINNT\spoolsv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1036\msoffice.exe
C:\WINNT\System32\cidaemon.exe
C:\WINNT\system32\mmc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Alain Fleurant\Desktop\hj\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.lapresse.ca
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_2/home.html"); (C:\Documents and Settings\Alain Fleurant\Application Data\Mozilla\Profiles\default\m142bcef.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Alain Fleurant\Application Data\Mozilla\Profiles\default\m142bcef.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [IMONTRAY] C:\Program Files\Intel\Intel(R) Active Monitor\imontray.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\system32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O12 - Plugin for .php: C:\Program Files\Netscape\Netscape Browser\PLUGINS\npTrident.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Spool SubSystem App - Unknown owner - C:\WINNT\spoolsv.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

Merci infiniment pour l'aide car la je ne sais plus quoi faire
0
Réponse 10 / 19
Utilisateur anonyme
 
Salut,

Redémarres le PC en mode sans échec : tu tapotes sur la touche F8 de ton clavier (ou F5 ) et tu choisis le mode sans échec)

Attends un peu .. puis scan ton Pc avec les trois logiciels que je t'avais donné au dessus: A-squared, Spybot et ad-aware
Tu supprimes tout ce qu'il te trouveront

Profite en pour faire un nettoyage avec Ccleaner toujours en mode sans echec

A++
0
Réponse 11 / 19
Belle boule Messages postés 12 Statut Membre
 
Bounjour boulepate62,

Bien meme en sans echec cela ne va pas, mais je crois avoir trouvé une solution a tous ce probleme un format c: va tous règlé.....

Ou il me reste une dernière chose a faire avant:

1 ) je retire le disque dur de mon pc et je change le cavalier afin de le positionner en esclave et je le mettre dans un autre pc dans lequel j'ai bien pris de changer le positionnement du cavalier du disque afin qu'il puisse prendre en cosideration un 2 ieme disque et redémarre le pc, de cette façon aucun processus ne sera actif du disque infecter et je pourrai passer un antivirus et tous les utilitaire qui devrait éliminer toutes les saloperie qu'il contient

qu'en pensez vous quel seront les risque d'infection de l'autre pc ???

Merci a l'avance de vos conseil

Belle Boule
0
Réponse 12 / 19
Utilisateur anonyme
 
Salut,

alors la, concernant ce que tu voudrais faire je peux pas te dire les conséquences ..

si tu veux continuer à le nettoyer ..
-->
Télécharge SmitfraudFix (enregistre le sur le "bureau")
http://siri.urz.free.fr/Fix/SmitfraudFix.zip

décompresse SmitfraudFix
Lance le fichier SmitfraudFix ou SmitfraudFix.cmd et choisis l option 1 copie le rapport ici stp

Télécharges Blacklight et sauvegarde le sur ton bureau.
https://www.f-secure.com/en
Double cliques sur " blbeta.exe " et acceptes la licence; clic sur "Scan" puis "Next"

Un rapport, va se créer sur ton bureau "fslb-....."

Copies et colles le contenu de ce rapport ici.

Ne touche à rien d'autre!
0
Réponse 13 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour

désolé pour le délais a vous répondre étant absent ce week end

J'ai télécharger les 2 log recommender et fait un scan don voici le rapport

SmitFraudFix v2.104

Rapport fait à 8:33:23,89, lun. 02-10-2006
Executé à partir de C:\Documents and Settings\Alain Fleurant\Desktop\Outil de detection virus\aaa\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alain Fleurant

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alain Fleurant\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALAINF~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Bureau

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

»»»»»»»»»»»»»»»»»»»»»»»» Fin

Mertci a l'avance
0
Réponse 14 / 19
Belle boule Messages postés 12 Statut Membre
 
Voici le rapport de blacklight

10/02/06 12:15:06 [Info]: BlackLight Engine 1.0.47 initialized
10/02/06 12:15:06 [Info]: OS: 5.0 build 2195 (Service Pack 4)
10/02/06 12:15:06 [Note]: 7019 4
10/02/06 12:15:06 [Note]: 7005 0
10/02/06 12:15:09 [Note]: 7006 0
10/02/06 12:15:09 [Note]: 7011 1412
10/02/06 12:15:09 [Note]: 7026 0
10/02/06 12:15:10 [Note]: 7026 0
10/02/06 12:15:23 [Note]: FSRAW library version 1.7.1020
10/02/06 12:17:57 [Note]: 7007 0

Bien moi je n'Y comprend rien a ce rapport

Merci pour votre précieuse aide

Belle boule
0
Réponse 15 / 19
Utilisateur anonyme
 
Salut,

c'est bon tu peux jeter ces deux programmes; blackligt et SmiFraudfix

telecharge ça:
http://download.bleepingcomputer.com/sUBs/combofix.exe

appuyes sur "Y" pour continuer

Attends quelques minutes..un rapport va s'ouvrir enregistre son contenu, puis copie et colle le sur ici stp
0
Réponse 16 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour

Voila le rapport de combofix

J'espere que tu comprend le chinois ....

_____

Alain Fleurant - mar. 03-10-2006 7:16:11,73 Service Pack 4
ComboFix 06.09.28 - Running from: "C:\Documents and Settings\Alain Fleurant\Desktop\Outil de detection virus"

((((((((((((((((((((((((((((((( Files Created from 2006-09-03 to 2006-10-03 ))))))))))))))))))))))))))))))))))

2006-10-02 08:29 53,248 --a------ C:\WINNT\system32\Process.exe
2006-10-02 08:29 40,960 --a------ C:\WINNT\system32\swsc.exe
2006-10-02 08:29 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2006-10-02 08:29 135,168 --a------ C:\WINNT\system32\swreg.exe
2006-10-02 08:09 2,855 --a------ C:\WINNT\spoolsv.PIF
2006-10-02 06:54 0 --a------ C:\WINNT\eraseme_07215.exe
2006-09-29 05:08 86,094 --a------ C:\WINNT\BPMNT.dll
2006-09-29 05:08 71,749 --a------ C:\WINNT\hcextoutput.dll
2006-09-29 05:08 176,709 --a------ C:\WINNT\tsc.exe
2006-09-29 05:08 1,101,904 --a------ C:\WINNT\vsapi32.dll
2006-09-29 05:07 69,689 --a------ C:\WINNT\UNZIP.DLL
2006-09-29 05:07 507,904 --a------ C:\WINNT\TMUPDATE.DLL
2006-09-29 05:07 286,720 --a------ C:\WINNT\PATCH.EXE
2006-09-28 12:34 15,360 --a------ C:\WINNT\system32\drivers\sshrmd.sys
2006-09-28 12:34 14,848 --a------ C:\WINNT\system32\drivers\sskbfd.sys
2006-09-28 12:34 13,824 --a------ C:\WINNT\system32\drivers\SSFS041A.sys
2006-09-28 12:34 117,248 --a------ C:\WINNT\system32\drivers\ssidrv.sys
2006-09-28 07:30 28,672 --a------ C:\WINNT\system32\drivers\CO_Mon.sys
2006-09-26 09:37 0 -rahs---- C:\WINNT\eraseme_54007.exe
2006-09-21 06:25 87,808 --a------ C:\WINNT\system32\S32EVNT1.DLL
2006-09-21 06:25 107,696 --a------ C:\WINNT\system32\drivers\SYMEVENT.SYS
2006-09-18 18:07 70,059 -rahs---- C:\WINNT\eraseme_00105.exe

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2006-10-02 15:59 -------- d-------- C:\Program Files\Symantec AntiVirus
2006-10-02 08:27 -------- d-------- C:\Program Files\WinZip
2006-09-29 17:51 39696 --a------ C:\WINNT\system32\FTP.EXE
2006-09-29 17:51 17680 --a------ C:\WINNT\system32\tftp.exe
2006-09-29 11:46 -------- d-------- C:\Program Files\Common Files\System
2006-09-28 12:34 -------- d-------- C:\Program Files\Webroot
2006-09-28 12:34 -------- d-------- C:\Documents and Settings\Alain Fleurant\Application Data\Webroot
2006-09-28 12:26 -------- d-------- C:\Program Files\SpywareBlaster
2006-09-27 12:19 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-09-27 12:08 -------- d-------- C:\Program Files\CCleaner
2006-09-26 12:26 -------- d-------- C:\Program Files\a-squared Free
2006-09-22 15:08 -------- d-------- C:\Program Files\Internet Explorer
2006-09-22 15:07 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-09-21 06:25 -------- d-------- C:\Program Files\Symantec
2006-09-21 06:24 -------- d-a------ C:\Program Files\Common Files\Microsoft Shared
2006-09-20 14:40 95024 --a------ C:\WINNT\system32\sfc.dll
2006-09-20 08:02 -------- d-a------ C:\Program Files\Common Files
2006-09-13 18:05 -------- d-------- C:\Program Files\Snapshot Viewer
2006-09-12 07:48 1735808 --a------ C:\WINNT\system32\NTKRNLPA.EXE
2006-09-12 07:48 1714432 --a------ C:\WINNT\system32\NTOSKRNL.EXE
2006-08-22 12:48 136912 --------- C:\WINNT\system32\drivers\fltmgr.sys
2006-07-25 01:08 840976 --a------ C:\WINNT\system32\mmcndmgr.dll
2006-07-21 11:08 72704 --a------ C:\WINNT\system32\hlink.dll
2006-07-06 11:52 613648 --a------ C:\WINNT\system32\mmc.exe
2006-07-06 07:45 96528 --a------ C:\WINNT\system32\dnsrslvr.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="\"mobsync.exe\" /logon"
"SoundMAXPnP"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\SMax4PNP.exe\""
"SoundMAX"="\"C:\\Program Files\\Analog Devices\\SoundMAX\\Smax4.exe\" /tray"
"IgfxTray"="C:\\WINNT\\System32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINNT\\System32\\hkcmd.exe"
"IMONTRAY"="\"C:\\Program Files\\Intel\\Intel(R) Active Monitor\\imontray.exe\""
"QuickFinder Scheduler"="\"C:\\Program Files\\Corel\\WordPerfect Office 2002\\Programs\\QFSCHD100.EXE\""
"NeroFilterCheck"="C:\\WINNT\\system32\\NeroCheck.exe"
"RoxioDragToDisc"="\"C:\\Program Files\\Roxio\\Easy Media Creator 7\\Drag to Disc\\DrgToDsc.exe\""
"NWEReboot"=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\VPTray.exe"
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000003
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,2c,01,00,00,00,00,00,00,d4,02,00,00,dc,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f0,01,00,00,1f,00,00,00,80,00,00,00,76,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe"

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce]
"^SetupICWDesktop"="C:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe /desktop"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"CDRAutoRun"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"disablecad"=dword:00000000

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Network.ConnectionTray"="{7007ACCF-3202-11D1-AAD2-00805FC1270E}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WebrootSpySweeperService

Contents of the 'Scheduled Tasks' folder
C:\WINNT\tasks\RoxioBackup Sauvegarde Production.job
C:\WINNT\tasks\RoxioUpdator.job

Completion time: Tue 2006-10-03 7:17:03.09
ComboFix.txt

Merci encore pour ton temps

SAlutation

Belle boule
0
Réponse 17 / 19
Utilisateur anonyme
 
Salut,

Clic sur C:, WINT, et supprime ces fichiers:

eraseme_07215.exe
eraseme_54007.exe
eraseme_00105.exe

**Si un fichier persiste lors de la suppression fais ceci:
-Redemarres ton pc, dès l'allumage de celui-ci tapote la touche F8 (ou F5 si F8 ne fonctionne pas), à l'écran qui va apparaitre choisis "mode sans echec" attends un peu.. puis vas supprimer les fichiers/dossiers qui persistaient, vides ta corbeille et redemarres normalement

Fait ce scan anti-virus en ligne avec Internet Explorer, accepte l'active X; la barre anti-popup du SP2(en haut) va se mettre à clignoter, clic dessus et choisis "accepter l'active X" pour faire fonctionner le scan anti-virus.
Une fois qu'il a terminé colle le rapport ici stp; rapport texte non HTML

_Online Scanner
_Kaspersky Online Scanner
_My Computer

www.kaspersky.com/scanforvirus

A++
0
Réponse 18 / 19
Belle boule Messages postés 12 Statut Membre
 
Bonjour

Voila le rapport de kaspersky

Merci pour tous

Belle boule

Tuesday, October 03, 2006 1:24:05 PMOperating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)Kaspersky Online Scanner version: 5.0.83.0Kaspersky Anti-Virus database last update: 3/10/2006Kaspersky Anti-Virus database records: 215347

Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\C:\D:\E:\

Scan Statistics
Total number of scanned objects 46789
Number of viruses found 1
Number of infected objects 7 / 0
Number of suspicious objects 0
Duration of the scan process 00:54:18

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Alain Fleurant\Application Data\Webroot\Spy Sweeper\Logs\060929161755.ses Object is locked skipped

C:\Documents and Settings\Alain Fleurant\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Alain Fleurant\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Alain Fleurant\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Alain Fleurant\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alain Fleurant\Local Settings\History\History.IE5\MSHist012006100320061004\index.dat Object is locked skipped

C:\Documents and Settings\Alain Fleurant\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Alain Fleurant\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Alain Fleurant\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS00D8F44B-BF75-462E-9EA9-25318BCF8CE7.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0151E857-7AA3-4628-8A55-9D4F4BF98220.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS028A0F9C-C3DD-46E2-9D9B-3A6F9AAD377C.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS047DB944-9A81-4745-B6DD-DA6BE12B558E.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS06385DE6-B624-4C0C-A34B-3220632298DB.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS08069B90-03DE-4693-8DE4-266DAE38FD7A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS0B6EB29B-1754-4A72-B033-2CD17C6E01D0.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS13A6A14F-3873-4ABC-9AAA-4E851454320E.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS15D20B76-59C7-49C5-9ACE-D8056687AFDA.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS15E6476F-0764-473F-BD40-30C36D812279.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS1BB0B2C3-F694-4DA4-8F2B-29278F1E2ACE.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS1EC19E66-4FAE-487A-B834-8298B2E0AE2D.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS242AFA81-771D-4EB9-94EB-AAA49405A3ED.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS28355AD7-8055-4F19-BAF3-B0D9EEDEC6F9.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS2841E995-5266-46C1-A77A-83CEF1FF7C60.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS293BAC58-9CC3-487A-A9B4-D7DD51279C0A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS2C4ACF67-610D-4620-AD8D-CDAE8DD4B4E5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS3701ADFB-2339-476D-9220-813333106BFE.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS42B4DAFD-5415-4892-AFC9-7ADC612E0EE6.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4395324E-254E-41A4-A0C0-D65FC5A32FC8.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS43F0552D-6BB0-4B59-BDC3-980FB5058F8B.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS44DF4536-DF2D-4EB0-9BB2-502D7ABE05F0.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS495BC93C-A206-400B-80FA-43ED903B3345.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS4B1836F3-23BE-4CCA-857D-2A01E7B3B26B.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5343D471-7845-4D57-8971-1657CC01C02B.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS53641A0F-800B-4652-891E-C81DCDEA764F.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5606744F-9927-4AA3-985A-79432DD85D68.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS593C58C0-6E08-4C93-8EFD-D70F94BE1616.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C54E838-807E-4657-AA4E-AA21FAC71D0F.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5C827F42-DE2F-4C44-9A29-E12B6D098297.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CB805C9-BD9E-4DA8-B5A6-81A3458C2BAA.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5CC56ED5-4235-43BA-A8B2-BD9A42CC5444.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5D7EB71B-433B-402A-B26B-5E078B5A0B91.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5E9E5691-E945-4911-8551-CAD105219370.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS5F15F4AC-4A2E-4B0C-9EC0-F5684ACA25B8.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS602F7301-60A7-4104-AEAB-608CD2377454.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6278DC52-8120-4C03-8E36-BC4A736E6292.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS645392E4-15FE-4525-852F-EB857620ED86.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS679D01E1-609F-4193-A899-3F73C6BCF194.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS69C8EC34-DFFF-420B-80F8-65E6F52910E5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS6C555633-E38E-4C28-BF8C-CA80D0B2430E.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS73E51D9D-1A37-41C2-ADC3-F3345A875BB0.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS752D07C4-CC66-433F-B4D4-523B56E33804.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7630685F-F42F-4760-98E0-F6DB494117C3.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS79145DD1-C0AD-40F3-9998-8EB6B13867D9.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7A719D33-1F95-49E1-B57D-D512383AE6AA.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D0AE3CC-788F-4B1B-B01F-B47F2CBE40DA.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7D4F309D-B104-49DA-B64E-37FA0FE15BBE.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS7F466DA7-F19E-4FD2-844B-9BCCC06C641F.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS830094BF-FEFD-4A65-AE52-366E45531B4C.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS850541A7-514E-4974-A30D-D9ECBC469E95.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS87974129-A603-44CC-9A77-F36B0C16243A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8A435FD7-D12F-4347-8EDB-95D7D8B75E6F.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AD16D1C-25E5-45BE-A221-474A633329A3.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS8AD9190E-AD4A-4CD0-A78A-4BBD4597C527.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9487B722-B5C7-4494-95F4-2F3AB73BC33D.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS96DB3035-2B3E-427B-8630-74E96828DB87.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9BB1E22F-259D-464E-88B7-062578ECA26D.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9E98413B-2CD0-496D-A7C8-45011D4ED16F.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCS9EFE501E-741C-4147-8CE3-C0BF5B0CC72D.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA2786673-5A1A-4737-AAE1-04DD26FF6417.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA37A0E89-909F-4A72-94E6-559D12A18ABB.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA4DC3E45-CCEA-49C0-96DE-5F66A27C6855.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5A18CE2-A611-4DD0-BA37-C485609B67F4.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA5C9240B-EB1B-493E-B7EA-CE223F64FFE5.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA74FF773-5026-494B-8222-04EDF51B8C9B.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA7689C63-DF83-4421-AE14-04C2B6BEC9F2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSA83438EC-DA63-46ED-B9B5-D24E518E766A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAA4DB7D0-25A5-4279-AA18-AC07EC54E941.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAC5A0CDD-CF43-4A95-98B4-B92314DBD827.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSAFB44BF6-0B0E-4399-8021-E71E758D617E.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSB91DE3A4-5C8D-4930-AB46-656EB222734A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBA5A0034-F989-4795-9B93-027AA8C5D7B2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBCCCBF69-A1CA-4402-B62B-4FC9B14FD182.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSBD962E52-B322-42AD-BD3D-A3706BE00630.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC0152160-867D-471C-8A23-D28E18ECB90A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC4E270F4-3D77-4B15-B7BE-3452AC7DE270.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6D0A4D7-6FF6-4242-A957-B9B1E0BEE2D6.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC6FDFF9D-E3A7-4D2C-9F12-BBF04CD42F74.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC77A132B-57DB-429C-A95D-F3256040CB80.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8C8E53B-99A7-409C-937B-6FF68797F1D8.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8DFF345-0A56-47CD-80FE-F3ADBD9BE9A0.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC8F67617-9896-4CFC-AC80-B42A3D8CBFDB.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSC990A75E-C3DD-48D6-B6C7-EED09A7F81B4.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC7EF704-A662-4A45-8E6D-89A9DF8C0853.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEC1C48C-76E9-48F5-94F1-54D399F4D6AE.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSCEF204A5-0E7D-4168-B2E9-76BE3583350A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD173FE93-7BA6-4A55-B35C-5EA090D42BFB.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1A05229-9B86-429B-8673-E7A307B77EEA.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD1CA140A-7938-4A3E-A1A6-60951B2AA86B.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD3389F94-E654-426E-BFD3-78E62EC78527.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD42556D2-0F33-4CE3-81BF-05A8401624FA.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD68EC95D-2200-462F-BA08-53914F116222.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD97805AA-3DFA-43C7-8719-3C2C027F837A.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSD9BEA1D5-FC5E-43B0-9696-817BE71311A2.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSDBBA3B48-5CAE-4F4D-AD89-86640630E3C0.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSDCC6F1F9-16F3-4C91-A6D3-E1B472ED33D1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSDD3CE7DE-C469-4E36-9869-927263AC800D.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE054F263-6B23-4C8E-A218-9BFDF97E3115.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE1AD2CF6-A1C7-4AE6-8796-DA851151CF34.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE267D2CD-DE70-41A9-9581-CCA003D6AC20.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSE8FBD23C-BC08-4DDF-85DB-E8F69AF894BC.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSEA4B1F29-0C4D-40AA-BFC1-1840314A420C.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSEF4E1ECD-4556-496E-B427-00CD57FF706F.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSF11E2383-E566-436D-BB67-DB42667B31D4.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSF40D154E-49D5-4B10-99D1-C365A5C28712.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSF91FE408-968E-42CB-BB14-857F099B8F22.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSFC3CE4ED-9694-4191-9E9E-AFB405EA9054.tmp Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Webroot\Spy Sweeper\Temp\SSCSFF39288F-74A1-49B0-8250-49AED1F4D7D9.tmp Object is locked skipped

C:\Documents and Settings\Default User\Cookies\index.dat Object is locked skipped

C:\Program Files\a-squared Free\Quarantine\14775964c033c9aa0c1caade77bbf22a.a2q/WINNT/system32/sfc.dll Infected: Trojan-Spy.Win32.Banker.alr skipped

C:\Program Files\a-squared Free\Quarantine\14775964c033c9aa0c1caade77bbf22a.a2q ZIP: infected - 1 skipped

C:\Program Files\a-squared Free\Quarantine\570ddf2b869fe239b14861cb649d1768.a2q/WINNT/system32/sfc.dll Infected: Trojan-Spy.Win32.Banker.alr skipped

C:\Program Files\a-squared Free\Quarantine\570ddf2b869fe239b14861cb649d1768.a2q ZIP: infected - 1 skipped

C:\Program Files\a-squared Free\Quarantine\c27ec9a2e5ec116a7e802cf9a7cfccb0.a2q/WINNT/system32/sfc.dll Infected: Trojan-Spy.Win32.Banker.alr skipped

C:\Program Files\a-squared Free\Quarantine\c27ec9a2e5ec116a7e802cf9a7cfccb0.a2q ZIP: infected - 1 skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0299NAV~.TMP Object is locked skipped

C:\Program Files\Symantec AntiVirus\SAVRT\0805NAV~.TMP Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped

C:\Program Files\Webroot\Spy Sweeper\settings.dat Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci\00010008.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\WINNT\CSC\00000001 Object is locked skipped

C:\WINNT\Debug\ipsecpa.log Object is locked skipped

C:\WINNT\Debug\oakley.log Object is locked skipped

C:\WINNT\Debug\PASSWD.LOG Object is locked skipped

C:\WINNT\History\History.IE5\index.dat Object is locked skipped

C:\WINNT\SchedLgU.Txt Object is locked skipped

C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped

C:\WINNT\system32\config\default Object is locked skipped

C:\WINNT\system32\config\default.LOG Object is locked skipped

C:\WINNT\system32\config\SAM Object is locked skipped

C:\WINNT\system32\config\SAM.LOG Object is locked skipped

C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped

C:\WINNT\system32\config\SECURITY Object is locked skipped

C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped

C:\WINNT\system32\config\software Object is locked skipped

C:\WINNT\system32\config\software.LOG Object is locked skipped

C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped

C:\WINNT\system32\config\system Object is locked skipped

C:\WINNT\system32\config\SYSTEM.ALT Object is locked skipped

C:\WINNT\system32\Perflib_Perfdata_6f8.dat Object is locked skipped

C:\WINNT\system32\sfc.dll Infected: Trojan-Spy.Win32.Banker.alr skipped

C:\WINNT\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINNT\WindowsUpdate.log Object is locked skipped

Scan process completed.
0
Réponse 19 / 19
Utilisateur anonyme
 
Salut,

Clique sur C:, WINT, system32, et supprime ce fichier:
sfc.dll

si le fichier resiste à la suppression supprime le en mode sans echec

puis tu me dira ou en est ton problème ;-)
0