Sujet Précédent Sujet Suivant

PROBLEME VIRUS

Fermé
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008 - 28 mai 2008 à 13:54
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008 - 28 mai 2008 à 19:42
Bonjour,

voila, je pense que mon Ordi a un gros virus, après avoir consulté quelques forum, j'ai lancé une analyse avec ComboFix.
Mais Combox fix a l'air de planté à l'etape 41 ?
Que faire ?
Merci

Voici un rapport Hijacthis réalisé ce jour:
Logfile of HijackThis v1.99.1
Scan saved at 12:09, on 2008-05-28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\USB Disk Win98 Driver\Res.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Documents and Settings\PC\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\lxctcoms.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\PC\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Lexmark Barre d'outils - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USB Disk Win98 Driver\Res.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [{22b59b77-11a2-f5a1-4875-360e719e8a9a}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\{0511357e-c9f5-2375-7f80-823437c2936f}.dll" DllStart
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\PC\lsass.exe
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Saas] "C:\WINDOWS\FNTS~1\ntvdm.exe" -vt ndrv
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\ocntqkdm.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A8B6894-B079-415A-B658-7605B139B18B}: NameServer = 192.168.1.1
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Fichiers communs\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
A voir également:

17 réponses

Réponse 1 / 17
Utilisateur anonyme
28 mai 2008 à 13:56
Salut désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware,Ccleaner et active le pare-feu Vista.

AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Ccleaner: https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html
Tutoriel Ccleaner: https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php (Tu l'installe sans la bare d'outil Yahoo)

PS: TU LES INSTALLES SEULEMENT ET TU NE FAIS PAS D'ANALYSE. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE.
0
Réponse 2 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 14:02
Je n'ai pas Vista et de plus je peux utiliser les liens ci joint, car je ne peux utiliser internet depuis le poste infecté suite au message suivant "Insecure Internet Activity", j'utilise un autre ordinateur pour discuter sur ce forum.
Que Faire ?
Merci
0
Utilisateur anonyme
28 mai 2008 à 14:06
et quel est le pb de ton ordinateur que veut dire "car je ne peux utiliser internet depuis le poste infecté suite au message suivant "Insecure Internet Activity""
0
Réponse 3 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 14:20
Internet n'arrete pas de planter et il faut 2 plombes pour ouvrir une page, c'est pour cela que je travaille depuis un autre poste.
0
Utilisateur anonyme
28 mai 2008 à 14:22
Ok pas grave prends ton deuxième ordinateur et fais ce que je t'ai demandé on a le temps.
0
Réponse 4 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 14:24
je transfere pas Clé USB ?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 14:26
par Clé UBS
Pardon pour la faute et encore merci
0
Réponse 6 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 14:43
Logiciels installé.
Que dois je faire ?
0
Utilisateur anonyme
28 mai 2008 à 14:45
Tu fais un scan en mode sans échec avec AntiVir. Tu lances le scan et si il détecte un virus (normalement oui) tu cliques sur "delete" et "apply sélection to all following détections. (pour qu'il le supprimes automatiquement). A la fin du scan tu cliques sur "report" tu redémarre en mode normal puis tu me postes le rapport.

Mode sans Echec:

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

PS: JE TE CONSEILLE D'ENREGISTRER CE MESSAGE DANS TON BUREAU OU CAS OU.
0
Réponse 7 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 15:56
ci joint rapport
Avira AntiVir Personal
Report file date: 2008-05-28 14:57

Scanning for 1295437 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: PC
Computer name: MAISON-B7993FF6

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-03-18 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-02-07 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-02-28 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-02-21 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 13:08:58
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 2008-05-17 12:36:08
ANTIVIR3.VDF : 7.0.4.106 279040 Bytes 2008-05-28 12:36:08
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-02-25 09:58:21
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 2008-05-28 12:36:14
AESCN.DLL : 8.1.0.18 119156 Bytes 2008-05-28 12:36:13
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-05-28 12:36:13
AEPACK.DLL : 8.1.1.5 364918 Bytes 2008-05-28 12:36:12
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-05-28 12:36:12
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 2008-05-28 12:36:11
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-05-28 12:36:10
AEGEN.DLL : 8.1.0.21 303477 Bytes 2008-05-28 12:36:10
AEEMU.DLL : 8.1.0.6 430451 Bytes 2008-05-28 12:36:09
AECORE.DLL : 8.1.0.29 168311 Bytes 2008-05-28 12:36:09
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-01-23 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-02-18 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-01-23 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-02-28 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-01-23 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-03-10 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-03-06 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 2008-05-28 14:57

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\{0511357e-c9f5-2375-7f80-823437c2936f}.dll
[DETECTION] Is the Trojan horse TR/Downloader.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\PC\lsass.exe
[DETECTION] Is the Trojan horse TR/Spy.VB.aho
[NOTE] The file was deleted!

The registry was scanned ( '35' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\VirusEffaceur\ugac.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Program Files\Online Services\prohdyxepr.html
[DETECTION] Contains suspicious code HEUR/HTML.Malware
[NOTE] The fund was classified as suspicious.
[NOTE] The file was moved to '48ac5e13.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\bcimvyfg.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.enl.1
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\byXRjhgG.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\cbXQkhgH.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcBQjGx.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\khfEWQkk.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJCVmjG.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\mlJdDUMd.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\QooBox\Quarantine\C\WINDOWS\system32\tjfgumhj.dll.vir
[DETECTION] Is the Trojan horse TR/Vundo.enl.1
[NOTE] The file was deleted!
C:\WINDOWS\b155.exe
[DETECTION] Is the Trojan horse TR/BHO.bkm.1
[NOTE] The file was deleted!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\bispram.dll
[DETECTION] Is the Trojan horse TR/ATRAPS.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\g6.exe
[DETECTION] Contains detection pattern of the dropper DR/Agent.byy.5
[NOTE] The file was deleted!
C:\WINDOWS\system32\hgGwXnOI.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\iifcDSmk.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\iifcyyaW.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\nnnlkklJ.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\emL1\roEbdll2.exe
[DETECTION] Contains detection pattern of the dropper DR/Nsis.StartPage.C.17
[NOTE] The file was deleted!
C:\WINDOWS\system32\vntiho18\vntiho182328.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.epp.1
[NOTE] The file was deleted!


End of the scan: 2008-05-28 15:54
Used time: 56:43 min

The scan has been done completely.

3466 Scanning directories
94887 Files were scanned
21 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
21 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
94866 Files not concerned
646 Archives were scanned
1 Warnings
22 Notes
0
Utilisateur anonyme
28 mai 2008 à 16:07
tu as mis un virus de la quarantaine supprime le.
0
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008 > Utilisateur anonyme
28 mai 2008 à 16:10
Comment je procede pour le supprimer?
0
Utilisateur anonyme > Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 16:12
Ok ouvre "AntiVir" vas dans l'onglet "Administration" puis dans "Quarantine" puis tu cliques sur la "Poubelle" qui est située au dessus.
0
Réponse 8 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 16:15
c'est fait, Ensuite ?
0
Utilisateur anonyme
28 mai 2008 à 16:25
1) Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

2) Scan avec Malwarebyte's Anti-Malware

*Lance Malwarebyte's Anti-Malware
*Puis vs dans l'onglet "Recherche" puis coche "Exécuter un examen complet" puis "Rechercher sélectionne tes disques durs" puis clique sur "Lancer l’examen"
*A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
*Suppression des éléments détectés >>>> clique sur Supprimer la sélection
*S'il t'es demandé de redémarrer >>> clique sur "Yes"

*--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
0
Réponse 9 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 17:14
ci joint rapport :

Malwarebytes' Anti-Malware 1.12
Version de la base de données: 793

Type de recherche: Examen complet (C:\|)
Eléments examinés: 60562
Temps écoulé: 30 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 31
Valeur(s) du Registre infectée(s): 9
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 6
Fichier(s) infecté(s): 61

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\urqQjhEt.dll (Trojan.Vundo) -> Unloaded module successfully.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8a9e6292-dfe3-40ce-8e5d-f8dee2fb8d71} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{8a9e6292-dfe3-40ce-8e5d-f8dee2fb8d71} (Trojan.Vundo) -> Delete on reboot.
HKEY_CLASSES_ROOT\Interface\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9f593aac-ca4c-4a41-a7ff-a00812192d61} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{749ec66f-a838-4b38-b8e5-e65d905fff74} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e404d48-670a-4085-a6a0-d195793ddd33} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\navigationtool.pornpro_bho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\navigationtool.pornpro_bho.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbar.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9b7d013b-b2b2-4b95-91ff-b17ab22290bb} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarbho.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\dbreg.dbarenabler.1 (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e2554085-b0bd-4f11-b252-32145d0a9257} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{80985322-3f89-4873-9bce-9297d217ccad} (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Purchased Products (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Deskbar.exe (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dbar (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\DBReg (Adware.SoftMate) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ecc46a49 (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\{59a40ac9-e67d-4155-b31d-4b7330fcd2d6} (Adware.PurityScan) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{b76cf1f4-ecdc-4ca1-89f8-32403496528e} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\BMeff759d5 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\mu (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjhet -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\urqqjhet -> Delete on reboot.

Dossier(s) infecté(s):
C:\Program Files\MalwareAlarm (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B} (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\Cache (Adware.SoftMate) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\WINDOWS\system32\rpiyxrva.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\avrxyipr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\urqQjhEt.dll (Trojan.Vundo) -> Delete on reboot.
C:\WINDOWS\system32\tEhjQqru.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tEhjQqru.ini2 (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\kl.exe.vir (Malware.Tool) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\dbar\deskbar.dll.vir (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\JavaCore\UnInstall.exe.vir (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP352\A0085278.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP362\A0095104.dll (Adware.ZenoSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095272.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095273.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095274.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095275.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095276.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095282.exe (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095293.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095307.exe (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095308.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095310.dll (Adware.SurfAccuracy) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095563.dll (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095577.exe (Adware.Insider) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095584.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095585.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095586.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095587.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0096504.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099591.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099593.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099594.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099597.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099598.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099599.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099600.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099601.exe (Trojan.StartPage) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099612.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099615.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099617.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm.lic (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\MalwareAlarm1.ma (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\mfc71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcp71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\msvcr71.dll (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\MalwareAlarm\Uninstall.exe (Rogue.Malware.Alarm) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder.lic (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder0.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\SpyShredder1.ss (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\SpyShredder\Uninstall.exe (Rogue.SpyShredder) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\local.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\log.txt (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\version.ini (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\Documents and Settings\PC\Application Data\Deskbar_{3C98F514-6D00-4058-9F88-E8607A3DFC9B}\Cache\d6e9bb027c32ce9950910af1fce37bb9.xml (Adware.SoftMate) -> Quarantined and deleted successfully.
C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gside.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winpfz33.sys (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tkbcegqs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
0
Utilisateur anonyme
28 mai 2008 à 17:15
Ok merci maintenant fais un scan en ligne avec Internet Explorer stp:

BitDefender en ligne: http://www.bitdefender.fr/scan_fr/scan8/ie.html
Tutoriel BitDefender en ligne: http://cybersecurite.xooit.com/t201-Scan-en-ligne-BitDefender.htm

Ps: N'oublies pas de me poster le rapport. Si tu as besoin d'aide aide toi tu tutoriel.
0
Réponse 10 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 18:24
ci joiint rapport bidefender:
<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Wed, May 28, 2008 - 18:21:12</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;</span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistiques</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Temps</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">00:58:15</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">28863</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Directoires</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3537</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Secteurs de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">497</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1900</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Résultats</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus identifiés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers infectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers suspects</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Désinfectés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Fichiers effacés</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Définition virus</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1249877</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Version des moteurs</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">16</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">42</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack des plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Système plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Première action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Désinfecté</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Seconde Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristique</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Acceptez les avertissements</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Extensions analysées</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Excludez les extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2"> </font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse d'emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyser paquets programmes</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse des fichiers</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Analyse de boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Oui</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td colspan=2>  
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095270.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Generic.274549</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP365\A0095270.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095580.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Peed.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095580.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP370\A0095580.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099609.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infecté par: Trojan.Peed.Gen</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099609.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la désinfection</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0099609.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100594.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Adware.BHO.WRH</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100594.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100605.exe=>(NSIS o)=>bzip2_solid_nsis0002</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Détecté avec: Adware.BHO.WRG</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100605.exe=>(NSIS o)=>bzip2_solid_nsis0002</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Supprimé</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{9C72C661-4401-4912-A396-025980D33D16}\RP371\A0100605.exe=>(NSIS o)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Echec de la mise à jour</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
</td>
<td width="40%">
<p> </p>
</td>
<td width="10%">
<p> </p>
</td>
</tr>

</table>
<p> </p>

</body>
</html>
0
Réponse 11 / 17
Utilisateur anonyme
28 mai 2008 à 18:26
c'est quoi ce rapport ???????????????????????????
0
Réponse 12 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 18:30
Comme précedement expliqué j'ai internet qui plante sur le poste infecté, toutefois pour faire un scan bitdefender en ligne je du utiliser ce poste et voila ce qu'il ma fournir sachant que je suis toujours bloqué à la fenetre internet "Insecure Internet Activity" et qu'il ne veut pas m'ouvrir la fenetre ou se trouve ce rapport.
0
Réponse 13 / 17
Utilisateur anonyme
28 mai 2008 à 18:31
Ok bon normalement si il a détecté un virus il a supprimé. Maintenant fais une defragmentation de disque.
0
Réponse 14 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 19:01
defragmentation
0
Réponse 15 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 19:03
defragmentation faite
0
Utilisateur anonyme
28 mai 2008 à 19:04
refait le stp:

Défragmenter le disque dur:

*Pour l'exécuter, cliquez sur le bouton Démarrer, sur Tous les programmes, sur Accessoires, Outils systèmes puis sur Défragmenteur de disque.

*cliquez sur le bouton Analyser. Le logiciel examine alors votre disque dur.

*Cliquez sur le bouton Afficher le rapport. (enregistre le et poste le moi stp)

*cliquez sur le bouton Défragmenter. (Afficher le rapport et tu me le poste poste.)
0
Réponse 16 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 19:10
Volume (C:)
Taille du volume = 37.26 Go
Taille de cluster = 4 Ko
Espace utilisé = 7.29 Go
Espace libre = 29.97 Go
Pourcentage d'espace libre = 80 %

Fragmentation du volume
Fragmentation totale = 0 %
Fragmentation de fichiers = 1 %
Fragmentation de l'espace libre = 0 %

Fragmentation de fichiers
Total de fichiers = 33,278
Taille moyenne de fichier = 394 Ko
Total de fichiers fragmentés = 1
Total de fragments en trop = 400
Nombre moyen de fragments par fichier = 1.01

Fragmentation du fichier paginé
Taille du fichier paginé = 672 Mo
Total de fragments = 1

Fragmentation de dossier
Total de dossiers = 3,535
Dossiers fragmentés = 1
Fragments de dossiers en trop = 0

Fragmentation de la table de fichiers principale (MFT)
Taille totale de la MFT = 74 Mo
Nombre d'enregistrements dans la MFT = 37,148
Pourcentage d'utilisation de la MFT = 49 %
Total de fragments dans la MFT = 3
0
Utilisateur anonyme
28 mai 2008 à 19:13
ok tu fais ceci dans l'ordre.

*Ok ouvre Ccleaner vas dans l'onglet "Option" puis "Avancé" puis decoches "Effacer uniquement les fichiers, du dossier temp de Windows, plus vieux que 48 heures.". Puis vas dans l'onglet "Nettoyeur" fais "Analyse" puis "Lancer le nettoyage". Puis vas dans l'onglet "Registre" puis fait "Chercher des erreurs" puis "Réparer les erreurs sélectionnée". Tu refais tous ca 4-5 fois.

**Allez sur le poste de travail
*Cliquez sur disque C:\ (c'est le disque ou se trouve votre système d'exploitation)
*Ensuite cliquez sur le dossier Windows C:\Windows
*ouvrez le dossier prefetch C:\Windows\prefetch (Tu fais Edition,Sélectionner tout, puis avec ton clavier tu cliques sur Sppr)
*Supprimez tous les fichiers de ce dossier.
*Puis vide la corbeille.

0
Réponse 17 / 17
Matcab65 Messages postés 26 Date d'inscription mercredi 28 mai 2008 Statut Membre Dernière intervention 30 mai 2008
28 mai 2008 à 19:42
Ensuite, y t-il une autre action a faire ?
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses