Sujet Précédent Sujet Suivant

Envoi de spam par mon PC

Fermé
fabrice51 - 29 avril 2008 à 20:29
 Utilisateur anonyme - 2 mai 2008 à 18:47
Bonjour,

Je pense que mon PC est pas mal infecté, car je reçois des retour d'email envoyé avec mon adresse, sur des adresses mon valides.

Les mails que j'ai soit disant envoyés sont des spams ( viagra, rolex,....).

J'ai parcouru un peu les forums, j'ai cru comprendre qu'il faut commencer par un logfile de Hijackthis ( que j'ai renomme hjt.exe ).

Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:26:38, on 29/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Olitec\RNIS\vstartx.exe
C:\Program Files\Olitec\RNIS\gisdnlog.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Olitec\RNIS\gsyno.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\MICROS~3\Office\OUTLOOK.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\hjt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.netvibes.com/en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [GazelDisplay] "C:\Program Files\Olitec\RNIS\gsyno.exe" -h
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [Win Tasks 32] wintasks32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISWebManager.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Démarrage RNIS OLITEC (Gazel Startup) - F.H.L.P. - C:\Program Files\Olitec\RNIS\vstartx.exe
O23 - Service: Journal des connexions RNIS (GisdnLog) - F.H.L.P. - C:\Program Files\Olitec\RNIS\gisdnlog.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
A voir également:

6 réponses

Réponse 1 / 6
Utilisateur anonyme
29 avril 2008 à 20:32
Re alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware et Kerio.

AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
Tutoriel Kerio: https://forums.cnetfrance.fr

PS: TU LES INSTALLES SEULEMENT. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE. VOILA FAIT VITE.
0
Réponse 2 / 6
fabrice51
29 avril 2008 à 21:44
J'ai réussi a télécharger Malwarebytes Anti-Malware et Kerio, je suis en route pour antivir, mais cela va etre long, mon taux de transfert est tombé à 1,05 ko/sec !! j'y comprend rien, j'ai beau redemarrer le pc. Est un espion qui utilise enormement ma connexion ?

Fabrice.
0
Utilisateur anonyme
29 avril 2008 à 22:32
Je sais pas tu as fini de l'installer.
0
fabrice51 > Utilisateur anonyme
29 avril 2008 à 22:53
ca y est, j'ai recup. antivir par un torrent.

tout est installe et mis a jour.

Que dois je faire ?

Fabrice.

PS : au fait, je suis en réseau, g le meme probleme sur les 2 pcs
0
Utilisateur anonyme > fabrice51
29 avril 2008 à 22:56
Fais une mise a jour avec Antivir en mode sans echec.

Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
0
fabrice51 > Utilisateur anonyme
29 avril 2008 à 23:00
mis a jour et ensuite scan en mod sans echec ?

que dois je faire ensuite ?

fabrice.
0
Utilisateur anonyme > fabrice51
29 avril 2008 à 23:02
Excuse en mode sans échec tu fais une analyse lorsque qu'il détecte un virus tu clique sur "delete"
0
Réponse 3 / 6
Antispam
29 avril 2008 à 23:03
Slt
http://wwww.commentcamarche.net/faq/sujet 244 lutter contre le spam?onglet_faq
0
Utilisateur anonyme
29 avril 2008 à 23:13
Antispam tu voies pas que la discussion est prse.
0
Réponse 4 / 6
fabrice51
30 avril 2008 à 06:53
bonjour,

ca y est le scan est finit.

51 virus trouves !

voici le rapport
que dois je faire ?



Avira AntiVir Personal
Report file date: mardi 29 avril 2008 23:13

Scanning for 1244024 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: pc
Computer name: BUREAU

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 29/04/2008 20:39:45
AVSCAN.DLL : 8.1.1.0 53505 Bytes 29/04/2008 20:39:45
LUKE.DLL : 8.1.2.9 151809 Bytes 29/04/2008 20:39:46
LUKERES.DLL : 8.1.2.1 12033 Bytes 29/04/2008 20:39:46
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:39:49
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:39:50
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 20:39:50
ANTIVIR3.VDF : 7.0.3.228 223232 Bytes 29/04/2008 20:39:50
Engineversion : 8.1.0.36
AEVDF.DLL : 8.1.0.5 102772 Bytes 29/04/2008 20:39:51
AESCRIPT.DLL : 8.1.0.27 233851 Bytes 29/04/2008 20:39:51
AESCN.DLL : 8.1.0.14 119156 Bytes 29/04/2008 20:39:51
AERDL.DLL : 8.1.0.20 418165 Bytes 29/04/2008 20:39:51
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 20:39:50
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 29/04/2008 20:39:50
AEHEUR.DLL : 8.1.0.20 1196406 Bytes 29/04/2008 20:39:50
AEHELP.DLL : 8.1.0.14 115063 Bytes 29/04/2008 20:39:50
AEGEN.DLL : 8.1.0.18 299381 Bytes 29/04/2008 20:39:50
AEEMU.DLL : 8.1.0.5 430450 Bytes 29/04/2008 20:39:50
AECORE.DLL : 8.1.0.27 168310 Bytes 29/04/2008 20:39:50
AVWINLL.DLL : 1.0.0.7 14593 Bytes 29/04/2008 20:39:45
AVPREF.DLL : 8.0.0.1 25857 Bytes 29/04/2008 20:39:45
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 29/04/2008 20:39:45
AVARKT.DLL : 1.0.0.23 307457 Bytes 29/04/2008 20:39:44
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 29/04/2008 20:39:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 29/04/2008 20:39:47
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 29/04/2008 20:39:47
NETNT.DLL : 8.0.0.1 7937 Bytes 29/04/2008 20:39:46
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 29/04/2008 20:39:39
RCTEXT.DLL : 8.0.32.0 86273 Bytes 29/04/2008 20:39:39

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 29 avril 2008 23:13

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '33' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03425320.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03425320.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098F5831.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098F5831.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A056A2F.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A056A2F.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13174F11.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13174F11.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15B60FBC.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15B60FBC.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.114176.A
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164C32F8.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164C32F8.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\165C488D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\165C488D.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.134144.17
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19E9051E.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19E9051E.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AF70A3E.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AF70A3E.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C5C4391.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C5C4391.exe
[DETECTION] Is the Trojan horse TR/Proxy.Agent.HD.29
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21BA76CE.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21BA76CE.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23015339.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23015339.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24DC17FE.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\24DC17FE.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.114176.A
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25CF48E0.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25CF48E0.exe
[DETECTION] Contains detection pattern of the worm WORM/Gaobot.134144.4
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C15FD7.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27C15FD7.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29015271.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29015271.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D747E94.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D747E94.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32876E99.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32876E99.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\369206A8.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\369206A8.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\375C2CDE.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\375C2CDE.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3844596B.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3844596B.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.134144.17
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C7272C5.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C7272C5.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436B5CE0.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436B5CE0.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43957EB1.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43957EB1.exe
[DETECTION] Is the Trojan horse TR/Proxy.Agent.HD.29
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\445B1428.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\445B1428.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.114176.A
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44604188
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44604188
[DETECTION] Contains detection pattern of the worm WORM/Rbot.210944
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\447B1792.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\447B1792.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\449248B5
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\449248B5
[DETECTION] Contains detection pattern of the worm WORM/IRCBo.153600.2
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44D75386.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44D75386.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\470509B7.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\470509B7.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49B22D3B.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49B22D3B.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A437C26.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A437C26.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.114176.A
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B5A6025.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B5A6025.exe
[DETECTION] Is the Trojan horse TR/Proxy.Agent.HD.29
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B732B1D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B732B1D.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.95232.75
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\531724EE.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\531724EE.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53435446.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53435446.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.134144.17
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543F0936.EXE
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\543F0936.EXE
[DETECTION] Contains detection pattern of the worm WORM/Rbot.210944
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C716430.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C716430.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EDC5419.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EDC5419.exe
[DETECTION] Contains detection pattern of the worm WORM/Gaobot.134144.4
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EE07E15.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EE07E15.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F3E3BD1.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5F3E3BD1.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632B607D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\632B607D.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.134144.17
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64F811E6.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64F811E6.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.134144.17
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65831BC7.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65831BC7.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ACD574B.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ACD574B.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B82312E.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B82312E.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DBC354F.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DBC354F.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70172B14.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70172B14.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77E7468A.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\77E7468A.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BE84247.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7BE84247.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBo.134144.18
[NOTE] The file was deleted!
C:\Documents and Settings\pc\Mes documents\restauration outlook\2007-01-18 08-31-03 [Subj]Re Bad Request.eml
[0] Archive type: MIME
--> document.doc .scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.HB
[NOTE] The file was deleted!


End of the scan: mardi 29 avril 2008 23:47
Used time: 34:21 min

The scan has been done completely.

4625 Scanning directories
221130 Files were scanned
51 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
51 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
221079 Files not concerned
3199 Archives were scanned
1 Warnings
51 Notes
0
Utilisateur anonyme
30 avril 2008 à 11:13
Ok bien il a supprimé 51 virus.Maintenant fais un scan avec Malwarebytes Anti-Malware en mode sans echec.

1) Télécharge et installe Malwarebyte's Anti-Malware

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

A la fin de l'installation, veille à ce que l'option « mettre a jour Malwarebyte's Anti-Malware » soit cochée. >>> clique sur OK

Lance Malwarebyte's Anti-Malware en double-cliquant sur l'icône sur ton Bureau.

Au premier lancement, une fenêtre t'annonce que la version est Free >>> clique sur OK

Laisse les Mises à jour se télécharger

*** Referme le programme ***

2) Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Scan avec Malwarebyte's Anti-Malware

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>> clique sur Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"

--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.

PS: TU NE FAIS PAS LE 1 CAR TU L'AS DEJA FAT. A MOINS QUE T'AI PAS FAIS LA MISE A JOUR.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 6
fabrice51
30 avril 2008 à 21:17
le scan est fait.
Il n'a rien trouvé.

Que dois-je faire ?

voici le rapport :

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 703

Type de recherche: Examen complet (C:\|)
Eléments examinés: 86400
Temps écoulé: 29 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
0
Utilisateur anonyme
30 avril 2008 à 21:19
OK fais ceci maintenant https://www.bitdefender.com/toolbox/ avec Internet Explorer.
0
Réponse 6 / 6
fabrice51
2 mai 2008 à 17:34
bonjour,

voici le rapport de bitdefender online.
dois je faire autre chose ? sunbelt firewall est installe et en fonctionnement mais je n'y ai encore rien fait.

merci pour vos conseils,
Fabrice.

BitDefender Online Scanner - Real Time Virus Report


Generated at: Thu, May 01, 2008 - 11:39:39




Scan Info


Scanned Files
395825
Infected Files
137






Virus Detected


DeepScan:Generic.Stration.72D1AE53
1
Win32.Netsky.Y@mm
3
Trojan.Peed.D
1
Win32.Warezov.AEP
1
Exploit.Iframe.Vulnerability
1
JS.Feebs.Gen
1
Trojan.Win95.IconDanse
3
Exploit.Iframe.Vulnerability.B
21
Win32.Swen.H@mm
1
Win32.Netsky.C@mm
10
Trojan.Generic.20242
14
Win32.Netsky.T@mm
12
Trojan.Peed.Gen
2
Trojan.Downloader.DWC
1
Win32.Netsky.AA@mm
11
Trojan.Generic.105703
1
Win32.Warezov.FF@mm
2
Win32.Netsky.P@mm
34
Trojan.Downloader.Bai.DAM
17










This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.
0
Utilisateur anonyme
2 mai 2008 à 18:47
ok merci maintenant fais une defragmentation de disque stp.

Défragmenter le disque dur:

*Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.


*cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.


*Cliquez sur le bouton Afficher le rapport.


*cliquez sur le bouton Défragmenter.

0

Discussions similaires

Échec d’envoie message messenger
Kris68 -
Colibri -

2 réponses