[Problème] Demande d'aide : Virus Carlton
L'@rtiFici3r
Messages postés
4
Statut
Membre
-
L'@rtiFici3r Messages postés 4 Statut Membre -
L'@rtiFici3r Messages postés 4 Statut Membre -
Bonsoir, je suis chez une amie qui a le virus Carlton attrapé par msn. J'ai fait une analyse MsnFix :
MSNFix 1.560
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix
Fix exécuté le 02/11/2007 - 18:55:56,65 By didou
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\LBTWiz.exe
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\LBTWiz.exe
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02112007_18570696.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Et une analyse hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:03, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28952a5b793cdcc44c19/netzip/RdxIE601_fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
MSNFix 1.560
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix
Fix exécuté le 02/11/2007 - 18:55:56,65 By didou
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\LBTWiz.exe
************************ MSNCHK ***** /!\ beta test /!\
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\LBTWiz.exe
************************ Nettoyage du registre
************************ Fichiers suspects
Aucun Fichier trouvé
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 02112007_18570696.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Et une analyse hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:03, on 02/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\STDSB.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://home.sweetim.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [STDSB] C:\WINDOWS\System32\STDSB.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AliceSAV] C:\Program Files\TechCity Solutions\AliceSAV\AliceAgent.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: MSN Pictures Displayer.lnk = C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: officejet 6100.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/28952a5b793cdcc44c19/netzip/RdxIE601_fr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
6 réponses
Bonsoir,
avec hijackthis : coches et fixes ces lignes :
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - Global Startup: officejet 6100.lnk = ?
installes un parefeu : http://www.commentcamarche.net/faq/sujet 3486 s curit le parefeu de windows xp
fais un scan antivirus en ligne : www.bitdefender.com/scan8/ie.html (postes le rapport s'il trouve quelque chose)
s'il ne détecte rien : termines le nettoyage comme indiqué sur ce sujet : http://www.commentcamarche.net/faq/sujet 6781 virus msn album photo zip
avec hijackthis : coches et fixes ces lignes :
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - Global Startup: officejet 6100.lnk = ?
installes un parefeu : http://www.commentcamarche.net/faq/sujet 3486 s curit le parefeu de windows xp
fais un scan antivirus en ligne : www.bitdefender.com/scan8/ie.html (postes le rapport s'il trouve quelque chose)
s'il ne détecte rien : termines le nettoyage comme indiqué sur ce sujet : http://www.commentcamarche.net/faq/sujet 6781 virus msn album photo zip
Voici le rapport de Bitdefender :
BitDefender Online Scanner
Scan report generated at: Sat, Nov 03, 2007 - 21:48:43
Scan path: C:\;D:\;E:\;
Statistics
Time
01:26:17
Files
269218
Folders
5220
Boot Sectors
3
Archives
9235
Packed Files
10347
Results
Identified Viruses
2
Infected Files
29
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
29
Engines Info
Virus Definitions
860168
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/3d3t4t8n7l.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/3d3t4t8n7l.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/carlton
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/carlton
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/k3d3t4t8n7l.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/k3d3t4t8n7l.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Infected with: Backdoor.Sdbot.DEXW
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Disinfection failed
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Infected with: Backdoor.Sdbot.DEXW
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Disinfection failed
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/u8i4w9q6b7w2.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/u8i4w9q6b7w2.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Infected with: Backdoor.Sdbot.DEXW
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Disinfection failed
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Deleted
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\NBYQQV2V\dual[1].jpg
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\NBYQQV2V\dual[1].jpg
Deleted
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\P3HTU7OK\dual[1].jpg
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\P3HTU7OK\dual[1].jpg
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036329.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036329.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036357.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036357.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036418.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036418.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036439.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036439.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036468.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036468.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036544.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036544.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036565.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036565.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037566.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037566.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037596.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037596.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037646.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037646.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP316\A0038647.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP316\A0038647.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP317\A0038677.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP317\A0038677.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038778.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038778.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038786.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038786.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038787.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038787.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Infected with: Backdoor.Sdbot.DEXW
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Infected with: Backdoor.Sdbot.DEXW
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038819.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038819.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038820.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038820.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038821.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038821.exe
Deleted
Je vais installer Zone Alarm. Est-ce que je termine le nettoyage où y a-t-il encore quelque chose à faire avant? Merci d'avance !
BitDefender Online Scanner
Scan report generated at: Sat, Nov 03, 2007 - 21:48:43
Scan path: C:\;D:\;E:\;
Statistics
Time
01:26:17
Files
269218
Folders
5220
Boot Sectors
3
Archives
9235
Packed Files
10347
Results
Identified Viruses
2
Infected Files
29
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
29
Engines Info
Virus Definitions
860168
Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)
Scan plugins
14
Archive plugins
38
Unpack plugins
7
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/3d3t4t8n7l.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/3d3t4t8n7l.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/carlton
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/carlton
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/k3d3t4t8n7l.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/k3d3t4t8n7l.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Infected with: Backdoor.Sdbot.DEXW
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Disinfection failed
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/LBTWiz.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Infected with: Backdoor.Sdbot.DEXW
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Disinfection failed
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip=>www.Nokia_19_jpg-msn.com
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/Nokia_19_jpg.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/u8i4w9q6b7w2.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip=>backup/u8i4w9q6b7w2.exe
Deleted
C:\Documents and Settings\didou\Bureau\MSNFix\MSNFix\02112007_18570696.zip
Updated
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Infected with: Backdoor.Sdbot.DEXW
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Disinfection failed
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\4EL5574T\tl[1].jpg
Deleted
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\NBYQQV2V\dual[1].jpg
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\NBYQQV2V\dual[1].jpg
Deleted
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\P3HTU7OK\dual[1].jpg
Infected with: MemScan:Trojan.Dialer.VUY
C:\Documents and Settings\didou\Local Settings\Temporary Internet Files\Content.IE5\P3HTU7OK\dual[1].jpg
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036329.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036329.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036357.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP312\A0036357.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036418.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036418.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036439.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036439.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036468.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP313\A0036468.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036544.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036544.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036565.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP314\A0036565.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037566.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037566.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037596.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037596.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037646.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP315\A0037646.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP316\A0038647.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP316\A0038647.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP317\A0038677.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP317\A0038677.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038778.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038778.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038786.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038786.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038787.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038787.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Infected with: Backdoor.Sdbot.DEXW
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038807.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Infected with: Backdoor.Sdbot.DEXW
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Disinfection failed
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038808.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038819.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038819.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038820.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038820.exe
Deleted
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038821.exe
Infected with: MemScan:Trojan.Dialer.VUY
C:\System Volume Information\_restore{9AEDEF4B-1977-4657-B854-EFDB21259CFF}\RP318\A0038821.exe
Deleted
Je vais installer Zone Alarm. Est-ce que je termine le nettoyage où y a-t-il encore quelque chose à faire avant? Merci d'avance !
bonsoir,
avant il serait bien de faire ceci :
desactiver la restauration systeme
redemarrer
refaire un scan en ligne avec bitdefender (qui devrait ne plus rien trouver)
réactiver la restauration systeme
avant il serait bien de faire ceci :
desactiver la restauration systeme
redemarrer
refaire un scan en ligne avec bitdefender (qui devrait ne plus rien trouver)
réactiver la restauration systeme
C'est bon. Je viens de finir l'analyse sans la restauration système. Il n'a rien trouvé.
Je passe alors au nettoyage en profondeur?
Merci encore et bonne nuit !
Je passe alors au nettoyage en profondeur?
Merci encore et bonne nuit !
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question