Virus(trojan+cheval de troie+etc) svp!!!

xcynthiax Messages postés 7 Statut Membre -  
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
J'aurais vraiment besoin d'assistance...J'avais plusieurs virus(ordinateur de ma petite soeur) que j'ai réussi à éliminer grace à "avast" mais il en reste que je ne peux supprimer ni mettre en quarantaine et j'aimerais pouvoir faire un bon ménage pour repartir à neuf! voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 22:15:53, on 2008-03-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton Ghost\Agent\VProSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\services.exe
C:\DOCUME~1\Linda\LOCALS~1\Temp\Rar$EX01.768\HiJackThis_v2.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\msiexec.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [system43.exe] C:\WINDOWS\system32\system43.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe

Bitdefender n'est plus dans le système.je l'ai supprimer car il n'était plus actif...
Et voilà...J'èspère que quelqu'un saura m'éclairer svp!!!
Merci d'avance
Configuration: Windows XP
Internet Explorer 7.0 (pas sure du 7.0....)

11 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    vire norton ou avast sinon l'ordi va planter

    ______________

    pour bien finir de virer bitdefender

    http://www.bitdefender.fr/KB333

    __________________

    Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".

    O4 - HKLM\..\Run: [system43.exe] C:\WINDOWS\system32\system43.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    ____________________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    ______________________

    AVG antispyware

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    _____________________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\WINDOWS\system32\system43.exe

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    _____________________

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    _____________________

    colle le rapport d'un scan en ligne
    avec un des suivants:
    (desactiver avast si besoin)

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    ________________________

    recolle un rapport hijackhtis et dis tes soucis
    0
  2. xcynthiax Messages postés 7 Statut Membre
     
    BONJOUR MERCI BEAUCOUP POUR L'AIDE!!

    SDFIX:

    [b]SDFix: Version 1.159 [/b]

    Run by Administrateur on 23/03/2008 at 12:19

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\CMMGR32.EXE - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-23 12:29:31
    Windows 5.1.2600 Service Pack 2 FAT NTAPI

    scanning hidden processes ...

    scanning hidden services ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "D:\\Logiciels\\eMule_Xtreme\\emule.exe"="D:\\Logiciels\\eMule_Xtreme\\emule.exe:*:Disabled:eMule"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
    "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
    "C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Tue 4 Mar 2008 33,900 ..SHR --- "C:\WINDOWS\system32\MS3F8173.DLL"
    Fri 16 Feb 2007 31,122 ..SHR --- "C:\WINDOWS\system32\MS1919E1.DLL"
    Mon 19 Feb 2007 31,122 ..SHR --- "C:\WINDOWS\system32\MS38C5C3.DLL"
    Mon 19 Feb 2007 31,122 ..SHR --- "C:\WINDOWS\system32\MS15F644.DLL"
    Mon 19 Feb 2007 31,122 ..SHR --- "C:\WINDOWS\system32\MS5A1479.DLL"
    Sun 23 Mar 2008 31,122 ..SHR --- "C:\WINDOWS\system32\MS36BE98.DLL"
    Sun 23 Mar 2008 11,097 ..SHR --- "C:\Program Files\1919E171\131215F7.DLL"
    Sun 23 Mar 2008 13,875 ..SHR --- "C:\Program Files\3F81736E\131215F7.DLL"
    Sun 23 Mar 2008 11,097 ..SHR --- "C:\Program Files\36BE984F\131215F7.DLL"
    Wed 20 Feb 2002 98,304 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\AC3\AZID.DLL"
    Sun 21 Jul 2002 45,056 ...H. --- "C:\Program Files\Fichiers communs\Ahead\AudioPlugins\AC3\AC3ENC.DLL"

    [b]Finished![/b]

    AVG:AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 16:39:42 2008-03-23

    + Résultat de l'analyse:

    D:\Linda\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : Nettoyé.
    D:\Linda\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : Nettoyé.
    C:\Documents and Settings\Linda\Cookies\linda@pandasoftware.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    D:\Linda\Cookies\linda@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    D:\Linda\Cookies\linda@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé.

    Fin du rapport

    HIJACKTHIS:

    Logfile of HijackThis v1.99.1
    Scan saved at 00:51:57, on 2008-03-24
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Linda\LOCALS~1\Temp\Rar$EX01.827\HijackThis.exe
    C:\DOCUME~1\Linda\LOCALS~1\Temp\Rar$EX98.983\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AFAF621F-B494-42F2-804C-B17A1E2C2EBC}: NameServer = 207.164.234.129 206.47.244.54
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)

    PANDASOFTWARE N'A PAS FONCTIONNÉ, AVAST Y DÉTECTAIT UN CHEVAL DE TROIE. JE L'AI DÉSACTIVÉ MAIS ÇA N'A PAS FONCTIONNÉ..

    MERCI
    0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    mets a jour java:
    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    _________________
    mets a jour internet explorer:
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    __________________

    installe spybot pour te proteger des espions et scan avec:

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    __________________

    remplace avast par antivir et colle moi un rapport

    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    0
  4. xcynthiax Messages postés 7 Statut Membre
     
    Logfile of HijackThis v1.99.1
    Scan saved at 17:45:33, on 2008-03-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\WinRAR\WinRAR.exe
    C:\DOCUME~1\Linda\LOCALS~1\Temp\Rar$EX00.604\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ca/?gws_rd=ssl
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O16 - DPF: {8436FE12-31DB-48BF-83BF-FE682F9160B4} (NanoInstaller Class) - https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{AFAF621F-B494-42F2-804C-B17A1E2C2EBC}: NameServer = 207.164.234.129 206.47.244.54
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Server Advance (ServerAC) - Unknown owner - C:\WINDOWS\system32\Security.exe (file missing)

    Je n'ai pas pu faire les mises a jour de windows à cause que je n'ai pas l'original....
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. xcynthiax Messages postés 7 Statut Membre
     
    rapport de antivir..

    AntiVir PersonalEdition Classic
    Report file date: 27 mars 2008 20:16

    Scanning for 1167464 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: ST-810C7DB26A10

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:30
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:52
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:48
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:22
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:27:16
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 03:49:46
    ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21/03/2008 03:49:46
    ANTIVIR3.VDF : 7.0.3.79 91648 Bytes 26/03/2008 03:49:46
    AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 27/03/2008 03:49:46
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:28
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:18
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 27/03/2008 03:49:46
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:08
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:34
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:20
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:44
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:14
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:38
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:22

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 27 mars 2008 20:16

    The scan of running processes will be started
    Scan process 'update.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'AVGAS.EXE' - '1' Module(s) have been scanned
    Scan process 'LVComS.exe' - '1' Module(s) have been scanned
    Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'WgaTray.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
    Scan process 'GUARD.EXE' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    27 processes with 27 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '16' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\1919E171\131215F7.VIR000
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481d6607.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP259\A0087901.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481c6e11.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP259\A0088012.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481c6e1c.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP259\A0088987.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP259\A0089987.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481c6e2f.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP259\A0090987.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP262\A0091999.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was deleted!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP263\A0092987.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481c6e59.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP263\A0093085.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481c6e5f.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP263\A0094085.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481c6e61.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP264\A0094088.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [INFO] The file was moved to '481c6e64.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP264\A0094089.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '481c6e68.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP264\A0094090.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '481c6e6c.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP265\A0094119.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '481c6e71.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP265\A0094127.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '481c6e73.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP265\A0094128.DLL
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [INFO] The file was moved to '481c6e75.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP265\A0094137.dll
    [DETECTION] Is the Trojan horse TR/Agent.bux.1
    [INFO] The file was moved to '481c6e77.qua'!
    C:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP265\A0094173.dll
    [DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
    [INFO] The file was moved to '481c6e82.qua'!
    Begin scan in 'D:\'
    D:\Logiciels\Windates\WinDates v.5.04\Cerise\keygen.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [INFO] The file was moved to '48656f0d.qua'!
    D:\System Volume Information\_restore{8AEDD55D-74E6-4815-A8DB-F845EBFA66EF}\RP265\A0094203.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [INFO] The file was moved to '481c6f90.qua'!

    End of the scan: 27 mars 2008 23:10
    Used time: 2:53:24 min

    The scan has been done completely.

    4132 Scanning directories
    122789 Files were scanned
    18 viruses and/or unwanted programs were found
    2 Files were classified as suspicious:
    3 files were deleted
    0 files were repaired
    17 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    122771 Files not concerned
    896 Archives were scanned
    1 Warnings
    1 Notes
    0
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ne navigue plus avec internet explorer car il n'est pas a jour mais firefox ou safari ou opéra

    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/61.html

    http://www.mozilla-europe.org/fr/products/firefox/

    _______________

    mets a jour java:
    https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

    ________________
    installe la derniere version adobe

    https://get2.adobe.com/reader/otherversions/
    ___________________

    installe spybot pour te proteger des espions et scan avec:

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    __________________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là : https://www.informatruc.com

    _________________
    vire ce qui est en quarantaine dans antivir et recolle un rapport

    pour protéger gratos ton ordi

    http://www.commentcamarche.net/telecharger/logiciel 4 securite

    mettre un antivirus

    ((AVAST en français )) ou ANTIVIR (en anglais mais très efficace)
    https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
    -------------
    des anti-espions :
    MalwareByte's Anti-Malware + SPYBOT

    +
    SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

    --------
    un pare feu :
    celui de (Windows) ou mieux Online armor ou KERIO ou JETICO ou ZONE ALARM (mettre que le parefeu gratuit)

    http://www.commentcamarche.net/telecharger/telecharger 34055356 online armor personal firewall

    https://forum.pcastuces.com/sujet.asp?f=25&s=35606
    https://www.clubic.com/telecharger-fiche11071-sunbelt-personal-firewall-ex-kerio.html
    https://manuelsdaide.com/contact/
    http://www.open-files.com/forum/index.php?showtopic=29277
    http://www.commentcamarche.net/telecharger/telecharger 157 zonealarm

    -----------
    CCLEANER pour effacer les traces de surf
    ---------
    naviguer avec firefox ou safari ou opera et non internet explorer plus touché par les virus
    http://www.mozilla-europe.org/fr/products/firefox/
    0
  8. xcynthiax Messages postés 7 Statut Membre
     
    est-ce que je dois supprimer internet explorer?
    0
  9. xcynthiax Messages postés 7 Statut Membre
     
    aah...et puis j'ai opera et mozilla/firefox ...lequel est le mieux!?!
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    aah...et puis j'ai opera et mozilla/firefox ...lequel est le mieux!?!

    TU GARDE LES DEUX et tu vera lesquel tu préfère! les deux sont bien
    0
  11. xcynthiax Messages postés 7 Statut Membre
     
    est-ce que je dois supprimer internet explorer?
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    non tu le laisse mais ne l'utilise pas sauf si un site demande expressement internet explorer comme les scan en ligne bitdefender

    a plus
    0