PROBLEME VIRUS

Matcab65 Messages postés 26 Statut Membre -  
Matcab65 Messages postés 26 Statut Membre -
Bonjour,

voila, je pense que mon Ordi a un gros virus, après avoir consulté quelques forum, j'ai lancé une analyse avec ComboFix.
Mais Combox fix a l'air de planté à l'etape 41 ?
Que faire ?
Merci

Voici un rapport Hijacthis réalisé ce jour:
Logfile of HijackThis v1.99.1
Scan saved at 12:09, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Documents and Settings\PC\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\PC\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{22b59b77-11a2-f5a1-4875-360e719e8a9a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{0511357e-c9f5-2375-7f80-823437c2936f}.dll" DllStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\PC\lsass.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Saas] "C:\WINDOWS\FNTS~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntqkdm.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A8B6894-B079-415A-B658-7605B139B18B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Configuration: Windows XP
Internet Explorer 7.0

17 réponses

  1. Utilisateur anonyme
     
    Salut désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware,Ccleaner et active le pare-feu Vista.

    AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
    Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

    Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
    Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

    Ccleaner: https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html
    Tutoriel Ccleaner: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php (Tu l'installe sans la bare d'outil Yahoo)

    PS: TU LES INSTALLES SEULEMENT ET TU NE FAIS PAS D'ANALYSE. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE.
    0
  2. Matcab65 Messages postés 26 Statut Membre
     
    Je n'ai pas Vista et de plus je peux utiliser les liens ci joint, car je ne peux utiliser internet depuis le poste infecté suite au message suivant "Insecure Internet Activity", j'utilise un autre ordinateur pour discuter sur ce forum.
    Que Faire ?
    Merci
    0
    1. Utilisateur anonyme
       
      et quel est le pb de ton ordinateur que veut dire "car je ne peux utiliser internet depuis le poste infecté suite au message suivant "Insecure Internet Activity""
      0
  3. Matcab65 Messages postés 26 Statut Membre
     
    Internet n'arrete pas de planter et il faut 2 plombes pour ouvrir une page, c'est pour cela que je travaille depuis un autre poste.
    0
    1. Utilisateur anonyme
       
      Ok pas grave prends ton deuxième ordinateur et fais ce que je t'ai demandé on a le temps.
      0
  4. Matcab65 Messages postés 26 Statut Membre
     
    je transfere pas Clé USB ?
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Matcab65 Messages postés 26 Statut Membre
     
    par Clé UBS
    Pardon pour la faute et encore merci
    0
  7. Matcab65 Messages postés 26 Statut Membre
     
    Logiciels installé.
    Que dois je faire ?
    0
    1. Utilisateur anonyme
       
      Tu fais un scan en mode sans échec avec AntiVir. Tu lances le scan et si il détecte un virus (normalement oui) tu cliques sur "delete" et "apply sélection to all following détections. (pour qu'il le supprimes automatiquement). A la fin du scan tu cliques sur "report" tu redémarre en mode normal puis tu me postes le rapport.

      Mode sans Echec:

      Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
      Sélectionner "Mode sans échec" et appuie sur [Entrée]
      Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
      Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

      PS: JE TE CONSEILLE D'ENREGISTRER CE MESSAGE DANS TON BUREAU OU CAS OU.
      0
  8. Matcab65 Messages postés 26 Statut Membre
     
    ci joint rapport
    Avira AntiVir Personal
    Report file date: 2008-05-28 14:57

    Scanning for 1295437 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: PC
    Computer name: MAISON-B7993FF6

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
    ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 12:36:08
    ANTIVIR3.VDF : 7.0.4.106 279040 Bytes 2008-05-28 12:36:08
    Engineversion : 8.1.0.46
    AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
    AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-28 12:36:14
    AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-28 12:36:13
    AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-28 12:36:13
    AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-28 12:36:12
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-28 12:36:12
    AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-28 12:36:11
    AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-28 12:36:10
    AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-28 12:36:10
    AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-28 12:36:09
    AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-28 12:36:09
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: 2008-05-28 14:57

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    C:\WINDOWS\system32\{0511357e-c9f5-2375-7f80-823437c2936f}.dll
    [DETECTION] Is the Trojan horse TR/Downloader.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\PC\lsass.exe
    [DETECTION] Is the Trojan horse TR/Spy.VB.aho
    [NOTE] The file was deleted!

    The registry was scanned ( '35' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Program Files\Fichiers communs\VirusEffaceur\ugac.exe
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Program Files\Online Services\prohdyxepr.html
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [NOTE] The file was moved to '48ac5e13.qua'!
    C:\QooBox\Quarantine\C\WINDOWS\system32\bcimvyfg.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.enl.1
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\byXRjhgG.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQkhgH.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBQjGx.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\khfEWQkk.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mlJCVmjG.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\mlJdDUMd.dll.vir
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\QooBox\Quarantine\C\WINDOWS\system32\tjfgumhj.dll.vir
    [DETECTION] Is the Trojan horse TR/Vundo.enl.1
    [NOTE] The file was deleted!
    C:\WINDOWS\b155.exe
    [DETECTION] Is the Trojan horse TR/BHO.bkm.1
    [NOTE] The file was deleted!
    C:\WINDOWS\mrofinu1188.exe
    [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\bispram.dll
    [DETECTION] Is the Trojan horse TR/ATRAPS.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\g6.exe
    [DETECTION] Contains detection pattern of the dropper DR/Agent.byy.5
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\hgGwXnOI.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\iifcDSmk.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\iifcyyaW.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\nnnlkklJ.dll
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\emL1\roEbdll2.exe
    [DETECTION] Contains detection pattern of the dropper DR/Nsis.StartPage.C.17
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\vntiho18\vntiho182328.exe
    [DETECTION] Is the Trojan horse TR/Dldr.VB.epp.1
    [NOTE] The file was deleted!

    End of the scan: 2008-05-28 15:54
    Used time: 56:43 min

    The scan has been done completely.

    3466 Scanning directories
    94887 Files were scanned
    21 viruses and/or unwanted programs were found
    1 Files were classified as suspicious:
    21 files were deleted
    0 files were repaired
    1 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    94866 Files not concerned
    646 Archives were scanned
    1 Warnings
    22 Notes
    0
    1. Utilisateur anonyme
       
      tu as mis un virus de la quarantaine supprime le.
      0
      1. Matcab65 Messages postés 26 Statut Membre > Utilisateur anonyme
         
        Comment je procede pour le supprimer?
        0
      2. Utilisateur anonyme > Matcab65 Messages postés 26 Statut Membre
         
        Ok ouvre "AntiVir" vas dans l'onglet "Administration" puis dans "Quarantine" puis tu cliques sur la "Poubelle" qui est située au dessus.
        0
  9. Matcab65 Messages postés 26 Statut Membre
     
    c'est fait, Ensuite ?
    0
    1. Utilisateur anonyme
       
      1) Redémarre en "Mode sans échec"

      Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
      Sélectionner "Mode sans échec" et appuie sur [Entrée]
      Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
      Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

      Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

      2) Scan avec Malwarebyte's Anti-Malware

      *Lance Malwarebyte's Anti-Malware
      *Puis vs dans l'onglet "Recherche" puis coche "Exécuter un examen complet" puis "Rechercher sélectionne tes disques durs" puis clique sur "Lancer l’examen"
      *A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
      *Suppression des éléments détectés >>>> clique sur Supprimer la sélection
      *S'il t'es demandé de redémarrer >>> clique sur "Yes"

      *--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
      0
  10. Matcab65 Messages postés 26 Statut Membre
     
    ci joint rapport :

    Malwarebytes' Anti-Malware 1.12
    Version de la base de données: 793

    Type de recherche: Examen complet (C:\|)
    Eléments examinés: 60562
    Temps écoulé: 30 minute(s), 23 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 1
    Clé(s) du Registre infectée(s): 31
    Valeur(s) du Registre infectée(s): 9
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 6
    Fichier(s) infecté(s): 61

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    C:\WINDOWS\system32\urqQjhEt.dll (Trojan.Vundo) -> Unloaded module successfully.

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a9e6292-dfe3-40ce-8e5d-f8dee2fb8d71} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\CLSID\{8a9e6292-dfe3-40ce-8e5d-f8dee2fb8d71} (Trojan.Vundo) -> Delete on reboot.
    HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\navigationtool.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\navigationtool.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CLASSES_ROOT\CLSID\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecc46a49 (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMeff759d5 (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjhet -> Delete on reboot.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjhet -> Delete on reboot.

    Dossier(s) infecté(s):
    C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B} (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\WINDOWS\system32\rpiyxrva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\avrxyipr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\urqQjhEt.dll (Trojan.Vundo) -> Delete on reboot.
    C:\WINDOWS\system32\tEhjQqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tEhjQqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\kl.exe.vir (Malware.Tool) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\dbar\deskbar.dll.vir (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\QooBox\Quarantine\C\Program Files\JavaCore\UnInstall.exe.vir (Adware.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP352\A0085278.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP362\A0095104.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095272.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095273.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095274.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095275.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095276.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095282.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095293.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095307.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095308.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095310.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095563.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095577.exe (Adware.Insider) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095585.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095586.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095587.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0096504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099593.exe (Trojan.BHO) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099601.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099612.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099615.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099617.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
    C:\Program Files\SpyShredder\SpyShredder.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    C:\Program Files\SpyShredder\Uninstall.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
    C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\tkbcegqs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
    0
    1. Utilisateur anonyme
       
      Ok merci maintenant fais un scan en ligne avec Internet Explorer stp:

      BitDefender en ligne: http://www.bitdefender.fr/scan_fr/scan8/ie.html
      Tutoriel BitDefender en ligne: http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm

      Ps: N'oublies pas de me poster le rapport. Si tu as besoin d'aide aide toi tu tutoriel.
      0
  11. Matcab65 Messages postés 26 Statut Membre
     
    ci joiint rapport bidefender:
    <HTML>
    <HEAD>
    <TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    </HEAD>
    <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

    <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
    <tr>
    <td width="458">
    <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>
    <tr>
    <td colspan="3" width="912">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Wed, May 28, 2008 - 18:21:12</b></span></font></p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;</span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Statistiques</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Temps</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">00:58:15</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">28863</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Directoires</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">3537</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Secteurs de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">2</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">497</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1900</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Résultats</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Virus identifiés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers infectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers suspects</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Désinfectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers effacés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Définition virus</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1249877</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Version des moteurs</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">16</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archive des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">42</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Unpack des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">7</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">E-mail plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Système plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Première action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Désinfecté</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Seconde Action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Heuristique</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Acceptez les avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Extensions analysées</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
    </td>
    </tr>

    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Excludez les extensions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2"> </font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse d'emails</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyser paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td colspan=2>  
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="252" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
    </td>
    <td width="195" bgcolor="#CCCCCC" align="right">
    <p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095270.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Generic.274549</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095270.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095580.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Peed.Gen</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095580.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095580.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099609.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Peed.Gen</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099609.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099609.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100594.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.BHO.WRH</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100594.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100605.exe=>(NSIS o)=>bzip2_solid_nsis0002</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Adware.BHO.WRG</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100605.exe=>(NSIS o)=>bzip2_solid_nsis0002</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100605.exe=>(NSIS o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
    </td>
    </tr>
    </table>
    </td>

    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    </table>
    <p> </p>

    </body>
    </html>
    0
  12. Utilisateur anonyme
     
    c'est quoi ce rapport ???????????????????????????
    0
  13. Matcab65 Messages postés 26 Statut Membre
     
    Comme précedement expliqué j'ai internet qui plante sur le poste infecté, toutefois pour faire un scan bitdefender en ligne je du utiliser ce poste et voila ce qu'il ma fournir sachant que je suis toujours bloqué à la fenetre internet "Insecure Internet Activity" et qu'il ne veut pas m'ouvrir la fenetre ou se trouve ce rapport.
    0
  14. Utilisateur anonyme
     
    Ok bon normalement si il a détecté un virus il a supprimé. Maintenant fais une defragmentation de disque.
    0
  15. Matcab65 Messages postés 26 Statut Membre
     
    defragmentation
    0
  16. Matcab65 Messages postés 26 Statut Membre
     
    defragmentation faite
    0
    1. Utilisateur anonyme
       
      refait le stp:

      Défragmenter le disque dur:

      *Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.

      *cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.

      *Cliquez sur le bouton Afficher le rapport. (enregistre le et poste le moi stp)

      *cliquez sur le bouton Défragmenter. (Afficher le rapport et tu me le poste poste.)
      0
  17. Matcab65 Messages postés 26 Statut Membre
     
    Volume (C:)
    Taille du volume = 37.26 Go
    Taille de cluster = 4 Ko
    Espace utilisé = 7.29 Go
    Espace libre = 29.97 Go
    Pourcentage d'espace libre = 80 %

    Fragmentation du volume
    Fragmentation totale = 0 %
    Fragmentation de fichiers = 1 %
    Fragmentation de l'espace libre = 0 %

    Fragmentation de fichiers
    Total de fichiers = 33,278
    Taille moyenne de fichier = 394 Ko
    Total de fichiers fragmentés = 1
    Total de fragments en trop = 400
    Nombre moyen de fragments par fichier = 1.01

    Fragmentation du fichier paginé
    Taille du fichier paginé = 672 Mo
    Total de fragments = 1

    Fragmentation de dossier
    Total de dossiers = 3,535
    Dossiers fragmentés = 1
    Fragments de dossiers en trop = 0

    Fragmentation de la table de fichiers principale (MFT)
    Taille totale de la MFT = 74 Mo
    Nombre d'enregistrements dans la MFT = 37,148
    Pourcentage d'utilisation de la MFT = 49 %
    Total de fragments dans la MFT = 3
    0
    1. Utilisateur anonyme
       
      ok tu fais ceci dans l'ordre.

      *Ok ouvre Ccleaner vas dans l'onglet "Option" puis "Avancé" puis decoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures.". Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage". Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée". Tu refais tous ca 4-5 fois.

      **Allez sur le poste de travail
      *Cliquez sur disque C:\ (c'est le disque ou se trouve votre système d'exploitation)
      *Ensuite cliquez sur le dossier Windows C:\Windows
      *ouvrez le dossier prefetch C:\Windows\prefetch (Tu fais Edition,Sélectionner tout, puis avec ton clavier tu cliques sur Sppr)
      *Supprimez tous les fichiers de ce dossier.
      *Puis vide la corbeille.

      0
  18. Matcab65 Messages postés 26 Statut Membre
     
    Ensuite, y t-il une autre action a faire ?
    0