Sujet Précédent Sujet Suivant

[Problème] Demande d'aide : Virus Carlton

Fermé
L'@rtiFici3r Messages postés 4 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 4 novembre 2007 - 2 nov. 2007 à 19:50
L'@rtiFici3r Messages postés 4 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 4 novembre 2007 - 4 nov. 2007 à 18:52
Bonsoir, je suis chez une amie qui a le virus Carlton attrapé par msn. J'ai fait une analyse MsnFix :

MSNFix 1.560

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix
Fix exécuté le 02/11/2007 - 18:55:56,65 By didou
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\LBTWiz.exe

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\WINDOWS\LBTWiz.exe



************************ Nettoyage du registre



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02112007_18570696.zip


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------



Et une analyse hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:03, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28952a5b793cdcc44c19/netzip/RdxIE601_fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe

6 réponses

Réponse 1 / 6
clownface Messages postés 1490 Date d'inscription mardi 28 août 2007 Statut Membre Dernière intervention 15 juin 2008 73
2 nov. 2007 à 22:43
Bonsoir,

avec hijackthis : coches et fixes ces lignes :
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - Global Startup: officejet 6100.lnk = ?

installes un parefeu : http://www.commentcamarche.net/faq/sujet 3486 s curit le parefeu de windows xp

fais un scan antivirus en ligne : www.bitdefender.com/scan8/ie.html (postes le rapport s'il trouve quelque chose)
s'il ne détecte rien : termines le nettoyage comme indiqué sur ce sujet : http://www.commentcamarche.net/faq/sujet 6781 virus msn album photo zip
0
Réponse 2 / 6
L'@rtiFici3r Messages postés 4 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 4 novembre 2007
3 nov. 2007 à 22:02
Voici le rapport de Bitdefender :

BitDefender Online Scanner



Scan report generated at: Sat, Nov 03, 2007 - 21:48:43





Scan path: C:\;D:\;E:\;







Statistics

Time
01:26:17

Files
269218

Folders
5220

Boot Sectors
3

Archives
9235

Packed Files
10347




Results

Identified Viruses
2

Infected Files
29

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
29




Engines Info

Virus Definitions
860168

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/3d3t4t8n7l.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/3d3t4t8n7l.exe
Deleted

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/carlton
Infected with: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/carlton
Deleted

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/k3d3t4t8n7l.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/k3d3t4t8n7l.exe
Deleted

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Infected with: Backdoor.Sdbot.DEXW

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Disinfection failed

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Deleted

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Infected with: Backdoor.Sdbot.DEXW

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Disinfection failed

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Deleted

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip
Updated

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/u8i4w9q6b7w2.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/u8i4w9q6b7w2.exe
Deleted

C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated

C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Infected with: Backdoor.Sdbot.DEXW

C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Disinfection failed

C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Deleted

C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\NBYQQV2V\dual[1].jpg
Infected with: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\NBYQQV2V\dual[1].jpg
Deleted

C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\P3HTU7OK\dual[1].jpg
Infected with: MemScan:Trojan.Dialer.VUY

C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\P3HTU7OK\dual[1].jpg
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036329.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036329.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036357.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036357.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036418.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036418.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036439.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036439.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036468.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036468.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036544.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036544.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036565.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036565.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037566.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037566.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037596.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037596.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037646.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037646.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP316\A0038647.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP316\A0038647.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP317\A0038677.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP317\A0038677.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038778.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038778.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038786.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038786.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038787.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038787.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Infected with: Backdoor.Sdbot.DEXW

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Infected with: Backdoor.Sdbot.DEXW

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Disinfection failed

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038819.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038819.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038820.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038820.exe
Deleted

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038821.exe
Infected with: MemScan:Trojan.Dialer.VUY

C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038821.exe
Deleted



Je vais installer Zone Alarm. Est-ce que je termine le nettoyage où y a-t-il encore quelque chose à faire avant? Merci d'avance !
0
Réponse 3 / 6
clownface Messages postés 1490 Date d'inscription mardi 28 août 2007 Statut Membre Dernière intervention 15 juin 2008 73
3 nov. 2007 à 22:06
bonsoir,

avant il serait bien de faire ceci :

desactiver la restauration systeme
redemarrer
refaire un scan en ligne avec bitdefender (qui devrait ne plus rien trouver)

réactiver la restauration systeme
0
Réponse 4 / 6
L'@rtiFici3r Messages postés 4 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 4 novembre 2007
3 nov. 2007 à 23:52
C'est bon. Je viens de finir l'analyse sans la restauration système. Il n'a rien trouvé.

Je passe alors au nettoyage en profondeur?

Merci encore et bonne nuit !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
clownface Messages postés 1490 Date d'inscription mardi 28 août 2007 Statut Membre Dernière intervention 15 juin 2008 73
3 nov. 2007 à 23:56
oui, nettoyage en profondeur (c'est important), et n'oublies pas le parefeu :)
bonne nuit
0
Réponse 6 / 6
L'@rtiFici3r Messages postés 4 Date d'inscription vendredi 2 novembre 2007 Statut Membre Dernière intervention 4 novembre 2007
4 nov. 2007 à 18:52
Normalement elle devrait s'en sortir avec ce que je lui ai installé. Merci encore Clownface !
0