Sujet Précédent Sujet Suivant

Infecté par Willpolo

Résolu/Fermé
newtech83 Messages postés 187 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 10 avril 2011 - 11 juil. 2007 à 13:47
freelog Messages postés 2067 Date d'inscription vendredi 12 octobre 2007 Statut Membre Dernière intervention 16 avril 2011 - 24 mars 2009 à 11:25
salut a tous

je suis nouveau sur ce forum et je viens d'etre infecté par willpolo. je ne sais pas ce que sais mais dans ma fenetre de mon navigateur il es ecris " Piraté par Willpolo ---- ingenieur en hacking ---- fuck u ------

et je n'ai plus acces a ma base de registre c'est a dire que je suis devenu comme un invité avec des restriction partout alors voila mon scan de hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 11:46:17, on 11/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\progra~1\mcafee\mcafee antispyware\massrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\WINDOWS\system32\temp1.exe
C:\progra~1\mcafee\MCAFEE~1\masalert.exe
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Répertoire temporaire 1 pour scanner.exe.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www8.hp.com/fr/fr/home.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Piraté par WillPolo ---- Ingénieur en hacking -------- fuck u ----------
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F3 - REG:win.ini: load=C:\WINDOWS\svchost.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [_AntiSpyware] c:\progra~1\mcafee\MCAFEE~1\masalert.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [WillPolo] C:\WINDOWS\WillPolo.vbs
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Mswinword] C:\Windows\KAMARA.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Display LiteSaver Startup.lnk = C:\WINDOWS\HPLiteSaver.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = C:\Program Files\Fichiers communs\Sonic Shared\CineTray.exe
O4 - Global Startup: TL-WN321G Wireless Utility.lnk = C:\Program Files\TP-LINK\TL-WN321G Wireless Utility\Installer\WINXP\TWCU.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F468D68-877E-4579-A77A-9D0371755C0B}: NameServer = 213.136.96.2,213.136.96.37
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB78C74D-AE54-4DC3-A069-BCDEFB3763F7}: NameServer = 213.138.96.12
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: McAfee AntiSpyware Service - McAfee, Inc. - c:\progra~1\mcafee\mcafee antispyware\massrv.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

ok merci pour tous

31 réponses

Précédent
  • 1
  • 2
Réponse 21 / 31
moe
11 juil. 2007 à 23:13
Excellent !

Dernière étape, fais scanner ton pc en ligne ici:
https://www.kaspersky.fr/downloads
Clic sur le bouton 'Kaspersky Online Scanner' et laisse toi guider.
Choisis le poste de travail comme cible d'analyse et poste le rapport.

J'ai jamais utilisé Mcafee, mais saches que l'antivirus parfait n'existe pas lol.
Tu as par exemple Kaspersky et Bitdefender qui se sortent honorablement de leur tâche, tout dépend si tu souhaites un tout-en-un (firewall+av), si tes moyens te permettent d'investir dans un payant ou si tu préfères un gratuit.
Sinon en gratuit tu as Avast et Antivir, mais bon...

Bonne fin de soirée.
0
Réponse 22 / 31
newtech83 Messages postés 187 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 10 avril 2011 15
12 juil. 2007 à 16:38
voila le scan

Thursday, July 12, 2007 2:33:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/07/2007
Kaspersky Anti-Virus database records: 339163


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
E:\
I:\
K:\
O:\
S:\
Y:\

Scan Statistics
Total number of scanned objects 37474
Number of viruses found 7
Number of infected objects 32 / 0
Number of suspicious objects 0
Duration of the scan process 00:27:02

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{6F8355F0-D4C3-466F-811A-7F0A8B0ADD6D}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{6F8355F0-D4C3-466F-811A-7F0A8B0ADD6D}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-07-12.07-24-54.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\tracking.log Object is locked skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP183\A0026439.exe Infected: Worm.Win32.Perlovga.b skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP183\A0026440.exe Infected: Backdoor.Win32.Small.lo skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP183\A0026444.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP183\A0027439.exe Infected: Worm.Win32.Perlovga.b skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP183\A0027440.exe Infected: Backdoor.Win32.Small.lo skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP183\A0027444.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP183\A0027445.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP184\A0027468.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP184\A0027469.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP184\A0027477.exe Infected: Worm.Win32.Perlovga.b skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP184\A0027478.exe Infected: Backdoor.Win32.Small.lo skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028353.exe Infected: Virus.Win32.VB.fm skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028354.exe Infected: Virus.Win32.VB.fm skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028355.exe Infected: Virus.Win32.VB.fm skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028356.exe Infected: Virus.Win32.VB.fm skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028357.exe Infected: Virus.Win32.VB.fm skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028358.exe Infected: Virus.Win32.VB.fm skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028369.exe Infected: Worm.Win32.Perlovga.b skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028370.exe Infected: Backdoor.Win32.Small.lo skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028375.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP186\A0028376.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028390.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028391.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028399.exe Infected: Worm.Win32.Perlovga.b skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028400.exe Infected: Backdoor.Win32.Small.lo skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028401.exe Infected: Trojan-Dropper.Win32.Small.apl skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028402.exe Infected: Worm.Win32.Perlovga.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028404.exe Infected: Worm.Win32.Perlovga.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028405.exe Infected: Trojan-Dropper.Win32.Small.apl skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028406.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP187\A0028408.vbs Infected: Worm.VBS.Solow.a skipped

C:\System Volume Information\_restore{FEEA537F-4E78-4814-A60F-A7A8BE8C9F38}\RP188\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{0ADAB149-5289-4851-8BA2-D2475D4495A4}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.log Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.log Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.log Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\OeApi.vbs Infected: Virus.VBS.Agui.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\sqlite_JFfZbuTXzxPs7KH Object is locked skipped

C:\WINDOWS\Temp\sqlite_L0kzxprWxbhGudp Object is locked skipped

C:\WINDOWS\Temp\sqlite_Oz5Ckq79wr1fiRV Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

A plus tard
0
Réponse 23 / 31
moe
12 juil. 2007 à 18:03
Salut newtech83

Rien de bien méchant dans le rapport d'analyse, se sont juste les points de restauration système qui se sont crées pendant l'infection, qui sont touchés.

Fais un clic droit sur poste de travail > propriétés > onglet restauration système
puis coche "désactiver la restauration système sur tous les lecteurs".

Redémarre le pc, et refais ensuite un scan de contrôle chez Kaspersky pour t'assurer que tout est ok.

Si c'est le cas, réactive là.

Pour la réactiver:
Clic droit sur poste de travail > propriétés > onglet restauration système
Décoches "désactiver la restauration système".

a++
0
Réponse 24 / 31
newtech83 Messages postés 187 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 10 avril 2011 15
12 juil. 2007 à 20:32
salut voila le rapport demander et je voudrai que tu me conseil un program qui va annalyser mes disque amovible avant de les use

Thursday, July 12, 2007 6:30:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/07/2007
Kaspersky Anti-Virus database records: 339406


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
I:\
K:\
O:\
S:\
Y:\

Scan Statistics
Total number of scanned objects 36029
Number of viruses found 1
Number of infected objects 1 / 0
Number of suspicious objects 0
Duration of the scan process 00:29:44

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Administrateur\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{6F8355F0-D4C3-466F-811A-7F0A8B0ADD6D}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Identities\{6F8355F0-D4C3-466F-811A-7F0A8B0ADD6D}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007071120070712\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Historique\History.IE5\MSHist012007071220070713\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Administrateur\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Administrateur\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masdata.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee\AntiSpyware\Data\masevents.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd001.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-07-12.17-52-31.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\tracking.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.log Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.log Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.log Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped

C:\WINDOWS\system32\OeApi.vbs Infected: Virus.VBS.Agui.a skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\sqlite_5gemZdsrbG6etOn Object is locked skipped

C:\WINDOWS\Temp\sqlite_gF3e6lLkn0FD1QR Object is locked skipped

C:\WINDOWS\Temp\sqlite_i6fBj2ShQe8AsUy Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.


merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 31
moe
12 juil. 2007 à 20:50
Il reste celui-ci à supprimer:
C:\WINDOWS\system32\OeApi.vbs

Pour tes disques amovibles, c'est exactement la même chose que pour les disques fixes, c'est ton AV qui doit les scanner.
L'outil que tu as utilisé, Flash_disinfector ne couvre que certaines infections sensées se propager par clé ou médias amovible et donc il vaut mieux d'abord qu'un AV parfaitement à jours scanne ce que tu connectes à ton pc, avant de penser à passer des outils qui ne font que supprimer certaines infections bien particulières.


a++
0
Réponse 26 / 31
newtech83 Messages postés 187 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 10 avril 2011 15
24 mars 2009 à 11:04
ok merci beaucoup
Mon probleme est resolu
0
Réponse 27 / 31
freelog Messages postés 2067 Date d'inscription vendredi 12 octobre 2007 Statut Membre Dernière intervention 16 avril 2011 130
24 mars 2009 à 11:16
euh t'as fait quoi entre le 12 juillet 07 et 24 mars 09 ?????
0
Réponse 28 / 31
newtech83 Messages postés 187 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 10 avril 2011 15
24 mars 2009 à 11:19
:):):) en fait jai oublié de precisé que le probleme etait resolu . Je suis en ce moment en 2eme année Ingenierie informatique
0
Réponse 29 / 31
freelog Messages postés 2067 Date d'inscription vendredi 12 octobre 2007 Statut Membre Dernière intervention 16 avril 2011 130
24 mars 2009 à 11:21
oui mais 2 ans aprés
ça surprend
mais comme dit green day
mieux vaut tard que jamais
remarque j'ai eu peur j'ai cru que willpolo était de retour
0
Réponse 30 / 31
newtech83 Messages postés 187 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 10 avril 2011 15
24 mars 2009 à 11:23
ha ok non il n'est pas revenu

Merci a tous
0
Réponse 31 / 31
freelog Messages postés 2067 Date d'inscription vendredi 12 octobre 2007 Statut Membre Dernière intervention 16 avril 2011 130
24 mars 2009 à 11:25
allez bonne continuation à tous
0

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
Virus détecté
Koony -
MisteryBean -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
y a t'il des virus qu'avast ne detecte pas
davivid -
Utilisateur anonyme -

24 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses