Virus WIN32: OnLineGames
Résolu
morgane3333
Messages postés
25
Date d'inscription
Statut
Membre
Dernière intervention
-
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
Bonjour,
Un virus circule ds ma promo.
Mon antivirus avast a détecté un cheval de troie (WIN 32 : OnLineGames - CVP [Trj]). Je l'ai mis en quarantaine, mais je l'ai toujours car quand je vais ds poste de travail, sur le disque dur C, j'ai un message sur un logiciel malveillant. Le virus est ds le système windows. Je sais que les autres de ma promo ont eu plusieurs fichiers infectés par WIN 32.
J'ai besoin d'aide.
Merci d'avance
Un virus circule ds ma promo.
Mon antivirus avast a détecté un cheval de troie (WIN 32 : OnLineGames - CVP [Trj]). Je l'ai mis en quarantaine, mais je l'ai toujours car quand je vais ds poste de travail, sur le disque dur C, j'ai un message sur un logiciel malveillant. Le virus est ds le système windows. Je sais que les autres de ma promo ont eu plusieurs fichiers infectés par WIN 32.
J'ai besoin d'aide.
Merci d'avance
A voir également:
- Virus WIN32: OnLineGames
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Altruistic virus ✓ - Forum Antivirus
31 réponses
J'ai mis la nouvelle version d'internet.
J'ai réinstallé antivir (mise à jour, scanner résident OK) et je l'ai configuré comme tu l'avais indiqué.
J'ai fait un scan complet de l'ordi : 4 détections et 2 fichiers qui n'ont pas pu être scannés !
Je mets le rapport :
AntiVir PersonalEdition Classic
Report file date: lundi 17 mars 2008 20:21
Scanning for 1150818 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ACER-318DE0055E
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:09:38
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 19:09:38
ANTIVIR3.VDF : 7.0.3.41 197632 Bytes 17/03/2008 19:09:38
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 17/03/2008 19:09:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 17/03/2008 19:09:38
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 17 mars 2008 20:21
Starting search for hidden objects.
'42026' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '46' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>
D:\xpbkh.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
D:\y82td3td.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '4810c978.qua'!
D:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP8\A0000519.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '480ec97f.qua'!
D:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP8\A0000520.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '480ec982.qua'!
End of the scan: lundi 17 mars 2008 20:48
Used time: 27:18 min
The scan has been done completely.
4272 Scanning directories
216684 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
216680 Files not concerned
6519 Archives were scanned
2 Warnings
0 Notes
42026 Objects were scanned with rootkit scan
0 Hidden objects were found
J'ai réinstallé antivir (mise à jour, scanner résident OK) et je l'ai configuré comme tu l'avais indiqué.
J'ai fait un scan complet de l'ordi : 4 détections et 2 fichiers qui n'ont pas pu être scannés !
Je mets le rapport :
AntiVir PersonalEdition Classic
Report file date: lundi 17 mars 2008 20:21
Scanning for 1150818 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ACER-318DE0055E
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 19:09:38
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 19:09:38
ANTIVIR3.VDF : 7.0.3.41 197632 Bytes 17/03/2008 19:09:38
AVEWIN32.DLL : 7.6.0.73 3334656 Bytes 17/03/2008 19:09:38
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 17/03/2008 19:09:38
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: lundi 17 mars 2008 20:21
Starting search for hidden objects.
'42026' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'Acer.Empowering.Framework.Launcher.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'Rainlendar2.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'eRAgent.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'CLI.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'MemCheck.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '46' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <ACERDATA>
D:\xpbkh.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was deleted!
D:\y82td3td.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '4810c978.qua'!
D:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP8\A0000519.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '480ec97f.qua'!
D:\System Volume Information\_restore{114BBA23-0C1A-4D24-8D0F-D4F7325498E1}\RP8\A0000520.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was moved to '480ec982.qua'!
End of the scan: lundi 17 mars 2008 20:48
Used time: 27:18 min
The scan has been done completely.
4272 Scanning directories
216684 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
216680 Files not concerned
6519 Archives were scanned
2 Warnings
0 Notes
42026 Objects were scanned with rootkit scan
0 Hidden objects were found
Il me reste encore le pare-feu à installer : t'en as mis 3; ils sont tous équivalents niveau performance ? jvè installer le 1er !
Sinon, voilà le rapport demandé :
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 499
Type de recherche: Examen complet (C:\|D:\|F:\|G:\|)
Eléments examinés: 84977
Temps écoulé: 31 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Sinon, voilà le rapport demandé :
Malwarebytes' Anti-Malware 1.08
Version de la base de données: 499
Type de recherche: Examen complet (C:\|D:\|F:\|G:\|)
Eléments examinés: 84977
Temps écoulé: 31 minute(s), 25 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
morganne333,
les par feu sont equivalent, sauf zone alarm qui est un peu moins perforamant, moi j´ai kerio...
ok pour malwarebytes ;-)
fais ceci pour verifier un truc :
Ouvre le bloc notes (Démarrer >> exécuter et tape notepad), et copie tout ce qui ci-dessous:
@ echo off
if exist \G!RLY.TXT del \G!RLY.TXT
FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO IF EXIST %%A: (
IF EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Non trouvé>>\G!RLY.TXT
IF EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Non trouvé>>\G!RLY.TXT
)
IF EXIST %WINDIR%\MS32DLL.dll.vbs (
ECHO %WINDIR%\MS32DLL.dll.vbs Présent>>\G!RLY.TXT) else (
ECHO %WINDIR%\MS32DLL.dll.vbs non trouvé >>\G!RLY.TXT)
REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
notepad \G!RLY.TXT
exit
Dans le menu du bloc notes, clic sur "Fichier" >> Enregistrer sous.
Choisis le bureau comme lieu d'enregistrement, puis dans:
Type -> choisis "tous les fichiers"
Nom du fichier -> tape G!RLY.bat
clic sur enregistrer.
Sur ton bureau tu auras maintenant un fichier nommé G!RLY.bat.
Connecte les périphériques externes susceptibles d'avoir été infectés au pc:
Clé USB, DD externe... etc
Puis une fois fait, double clic sur le fichier G!RLY.bat.
Une fenêtre noire va s'ouvrir et se refermer rapidement, c'est normal.
Le bloc note va s'ouvrir ensuite avec le listing des fichiers que le script aura détecté.
Copie et colle ici le contenu de ce rapport.
@´+
les par feu sont equivalent, sauf zone alarm qui est un peu moins perforamant, moi j´ai kerio...
ok pour malwarebytes ;-)
fais ceci pour verifier un truc :
Ouvre le bloc notes (Démarrer >> exécuter et tape notepad), et copie tout ce qui ci-dessous:
@ echo off
if exist \G!RLY.TXT del \G!RLY.TXT
FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO IF EXIST %%A: (
IF EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Non trouvé>>\G!RLY.TXT
IF EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Non trouvé>>\G!RLY.TXT
)
IF EXIST %WINDIR%\MS32DLL.dll.vbs (
ECHO %WINDIR%\MS32DLL.dll.vbs Présent>>\G!RLY.TXT) else (
ECHO %WINDIR%\MS32DLL.dll.vbs non trouvé >>\G!RLY.TXT)
REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
notepad \G!RLY.TXT
exit
Dans le menu du bloc notes, clic sur "Fichier" >> Enregistrer sous.
Choisis le bureau comme lieu d'enregistrement, puis dans:
Type -> choisis "tous les fichiers"
Nom du fichier -> tape G!RLY.bat
clic sur enregistrer.
Sur ton bureau tu auras maintenant un fichier nommé G!RLY.bat.
Connecte les périphériques externes susceptibles d'avoir été infectés au pc:
Clé USB, DD externe... etc
Puis une fois fait, double clic sur le fichier G!RLY.bat.
Une fenêtre noire va s'ouvrir et se refermer rapidement, c'est normal.
Le bloc note va s'ouvrir ensuite avec le listing des fichiers que le script aura détecté.
Copie et colle ici le contenu de ce rapport.
@´+
Nouveau rapport :
C:\autorun.inf Non trouvé
C:\MS32DLL.dll.vbs Non trouvé
D:\autorun.inf Non trouvé
D:\MS32DLL.dll.vbs Non trouvé
F:\autorun.inf Non trouvé
F:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Non trouvé
G:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LaunchApp REG_SZ
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
PCMService REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
Acer ePresentation HPD REG_SZ C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ePower_DMC REG_SZ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot REG_SZ C:\Acer\Empowering Technology\ePower\Boot.exe
RTHDCPL REG_SZ RTHDCPL.EXE
SkyTel REG_SZ SkyTel.EXE
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Rainlendar2 REG_SZ C:\Program Files\Rainlendar2\Rainlendar2.exe
BitComet REG_SZ "C:\Program Files\BitComet\BitComet.exe" /tray
C:\autorun.inf Non trouvé
C:\MS32DLL.dll.vbs Non trouvé
D:\autorun.inf Non trouvé
D:\MS32DLL.dll.vbs Non trouvé
F:\autorun.inf Non trouvé
F:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Non trouvé
G:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
LaunchApp REG_SZ
ATICCC REG_SZ "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
AzMixerSel REG_SZ C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
PCMService REG_SZ "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
ntiMUI REG_SZ C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
Acer ePresentation HPD REG_SZ C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
MSPY2002 REG_SZ C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A REG_SZ C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ePower_DMC REG_SZ C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Boot REG_SZ C:\Acer\Empowering Technology\ePower\Boot.exe
RTHDCPL REG_SZ RTHDCPL.EXE
SkyTel REG_SZ SkyTel.EXE
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
LManager REG_SZ C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService REG_SZ C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
MsnMsgr REG_SZ "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Rainlendar2 REG_SZ C:\Program Files\Rainlendar2\Rainlendar2.exe
BitComet REG_SZ "C:\Program Files\BitComet\BitComet.exe" /tray
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok ;-)
fais ceci :
Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.
puis
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
@+
fais ceci :
Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.
puis
Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).
@+
-->- Recherche:
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\acer\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\ComboFix.exe: trouvé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\acer\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\ComboFix.exe: supprimé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\Combofix: trouvé !
C:\Qoobox: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\acer\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\ComboFix.exe: trouvé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\HJTInstall.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\QooBox\Quarantine\C\Combofix: trouvé !
---------------------------------
-->- Suppression:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\acer\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\ComboFix.exe: supprimé !
C:\Documents and Settings\acer\Bureau\PB WIN 32\HJTInstall.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix: supprimé !
C:\Qoobox: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
