Sujet Précédent Sujet Suivant

Virus Privacy Danger

yannick9433 Messages postés 1 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,

J'ai moi aussi été victime de Privacy Danger.
J'ai donc regardé sur les différents Forums et j'ai suivi les procédures suivantes:

- SmitfraudFix avec option 1:

SmitFraudFix v2.274
Rapport fait à 11:24:51,96, 18/01/2008
Executé à partir de C:\Documents and Settings\Compaq_Propri‚taire\B ureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.e xe
C:\WINDOWS\system32\services.e xe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.e xe
C:\WINDOWS\system32\svchost.ex e
C:\WINDOWS\System32\svchost.ex e
C:\WINDOWS\system32\Ati2evxx.e xe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.ex e
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Logitech\Video\LogiTray. exe
C:\Program Files\Larousse\Petit Larousse 2004\bin\HiPL2002popup.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\LVComsX.ex e
C:\Program Files\Logitech\Video\FxSvr2.ex e
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\Java\jre1.5.0_11\bin\jus ched.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Back Web-8876480.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor. exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\drivers\CD AC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\tcpsvcs.ex e
C:\WINDOWS\system32\SLEE12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.e xe
C:\WINDOWS\system32\svchost.ex e
C:\PROGRA~1\Yahoo!\MESSEN~1\ym sgr_tray.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingSe rvice.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStore Svr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\cidaemon.e xe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOW
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system3
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Propri‚taire\A pplication Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\Favoris
C:\DOCUME~1\COMPAQ~1\Favoris\E rror Cleaner.url PRESENT !
C:\DOCUME~1\COMPAQ~1\Favoris\P rivacy Protector.url PRESENT !
C:\DOCUME~1\COMPAQ~1\Favoris\S pyware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
C:\DOCUME~1\COMPAQ~1\Bureau\Er ror Cleaner.url PRESENT !
C:\DOCUME~1\COMPAQ~1\Bureau\Pr ivacy Protector.url PRESENT !
C:\DOCUME~1\COMPAQ~1\Bureau\Sp yware?Malware Protection.url PRESENT !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Mic rosoft\Internet Explorer\Desktop\Components\0]
"Source"="about:Home"
"SubscribedURL"="about:Hom e"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\PROGRA~1\\ KASPER~1\\KASPER~1.0\\adialhk. dll"
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Mi crosoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 15.243.128.51
DNS Server Search Order: 15.243.160.51

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.54.252
DNS Server Search Order: 212.27.53.252

HKLM\SYSTEM\CCS\Services\Tcpip \..\{2FFED1F1-3C5C-4FEF-A349-C387946747A3}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip \..\{870DB5F0-C8A0-4C75-98AA-FDA2CC4E1A61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip \..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS1\Services\Tcpip \..\{2FFED1F1-3C5C-4FEF-A349-C387946747A3}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip \..\{870DB5F0-C8A0-4C75-98AA-FDA2CC4E1A61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip \..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CS3\Services\Tcpip \..\{2FFED1F1-3C5C-4FEF-A349-C387946747A3}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip \..\{870DB5F0-C8A0-4C75-98AA-FDA2CC4E1A61}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip \..\{DE246E2C-8697-44FE-A5BB-FA04D12D4DEC}: DhcpNameServer=15.243.128.51 15.243.160.51
HKLM\SYSTEM\CCS\Services\Tcpip \Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS1\Services\Tcpip \Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip \Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin

- SmitfraudFix.exe avec l'option 2 en mode sans échec.

SmitFraudFix v2.274
Rapport fait à 23:21:38.01, 2008-01-21
Executé à partir de C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode sans echec
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts

- Scan avec AVG Anti-spyware en mode sans échec.

VG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:42:50 20/01/2008

+ Résultat de l'analyse:

HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Nettoyé et sauvegardé (mise en quarantaine).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-21-4214699447-3294306491-2813402948-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\programme\Pinnacle studio 9\Pinnacle_Studio_9.3.5_MultiLanguage + Hollywood Fx 5.1 Plus Extra Packs.zip/Hollywood FX 5.1/FX 5.1/keygen.exe -> Downloader.Zlob.bnv : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\programme\AnyDVD.v6.0.7.0.Incl.Patch-dA.CLOwN.rar/AnyDVD v6.0.6.3 - v6.0.6.x Unblacklist.exe -> Dropper.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Compaq_Propriétaire\Cookies\compaq_propriétaire@estat[1].txt -> TrackingCookie.Estat : Nettoyé.

Fin du rapport

»»»»»»»»»»»»»»»»»»»»»»»» Arret des processus
»»»»»»»»»»»»»»»»»»»»»»»» hosts

- Scan en ligne avec Kaspersky qui m’aurait trouvé 2 virus (je suis protégé par Kaspersky Internet Security 6).

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 20, 2008 11:55:02 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 20/01/2008
Kaspersky Anti-Virus database records: 525024
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan Statistics:
Total number of scanned objects: 98834
Number of viruses found: 2
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 01:24:58

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\5d1a_ids_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\5d1f_File_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\5d21_Web_Monitoring_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\5d22_AdBlocker_eventcritlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\5d22_AdBlocker_eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.idx Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\detected.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\eventlog.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP6\Report\report.rpt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\call256.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\chat512.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\index2.dat Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\profile256.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\user1024.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\user256.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Skype\chihot2001\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Compaq_Propriétaire\Bureau\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Compaq_Propriétaire\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\Kevin musique\torrentsearcher53.exe/file61 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Ma musique\Kevin musique\torrentsearcher53.exe Inno: infected - 1 skipped
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Téléchargement\torrentsearcher53.exe/file61 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Téléchargement\torrentsearcher53.exe Inno: infected - 1 skipped
C:\Documents and Settings\Compaq_Propriétaire\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Compaq_Propriétaire\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\My Shared Folder\torrentsearcher53.exe/file61 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\My Shared Folder\torrentsearcher53.exe Inno: infected - 1 skipped
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-01-20.21-49-02.log Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\0001000B.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SBEEA0E1A.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

A cette heure, je ne suis plus embêté que par des alertes sécurité, des ouvertures intempestives de pages web de site de protection et l’apparition de 3 icônes sur le bureau (Error Cleaner, Privacy protector et Spyware & Malware Protection) qui reviennent systèmatiquement au démarrage et environ 5 heures aprés un nettoyage avec SmitfraudFix.exe avec l'option 2.

Merci de m'aider à le supprimer complètement.

Nota: je n'ai pas trouvé comment envoyer les rapports en pj.
A voir également:

1 réponse

Réponse 1 / 1
jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 040
 
nettoie avec smitfraud fix

______________

colle un rapport hijackthis

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Privacy shield ???
DYLLEN76 -
stam18 -

13 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses