Sujet Précédent Sujet Suivant

PC infesté par vers et virus, aidez-moi svp !

Fermé
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008 - 15 août 2008 à 17:41
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 24 août 2008 à 10:44
Bonjour,

je suis chez un ami et son PC est infesté par des vers et virus !
Norton qui est installé ne detecte rien !
je suis en train de faire un scan sur secuser et il a deja detecté 27 dossiers infectés !
il y a du trojan dloader, trojan agent, etc.... et aussi WORM NUCRP.GEn et aussi plein de JAVABYTEVER, JAVA STREAM, et aussi CRYP NAIX-5 etc.... et ca tourne encore !
Pourriez-vous m'aider et tous les identifier et surtout a les supprimer sans devoir faire une réinstall de windows car c'est un PC Compaq donc pas de CD windows, il y a uniquement la possibilité de faire un DVD de réinstall.
Pour info j'ai encore la possibilité de me connecter a internet.
Merci de votre aide
A voir également:

72 réponses

Précédent
Réponse 21 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 août 2008 à 07:56
T´as vu l´ami Ricoré ?
0
Réponse 22 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
17 août 2008 à 08:05
heu..... dites.....
ou dois-je telecharger antivir?
j'ai trouvé ca :
https://www.avira.com/en/downloads
mais je sais pas quoi selectionner ?
merci encore.


pour l'ami ricoré, il est déja passé..... y reviendra demain........
0
Réponse 23 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 août 2008 à 08:09
LOL

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

Reglages :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Si on t´as demandé de faire un scan, fais le en mode sans echec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

POst le rapport si on te l´as demandé

Thé ou café? en faite ?
0
Réponse 24 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
17 août 2008 à 08:13
Merci G!rly pour tes liens et pour tes explications très bien detaillées pour un diamanche matin !! lol
, toi ausii t'es un pote à ricoré ?
thé ou café ? .heu.. ben.. en fait cigarette ..... oui je sais PAS BIEN !!!!!!
0
Utilisateur anonyme
17 août 2008 à 08:15
lol..ça depend si tu trempes ta clope dans le café!
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 août 2008 à 08:20
Waahouuu, t´es bien réveillé en tout cas ;)
Je vais tenter la clope dans le thé LoL > Non j´suis pas encore assez folle pour ça ! Je vais la fumer en même temps ;)
Lipton yellow
0
Réponse 26 / 72
Utilisateur anonyme
17 août 2008 à 08:24
je fumerai bien mon patch moi...lol.
0
Réponse 27 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 août 2008 à 08:28
En arriver la c´est dramatique :D
0
Utilisateur anonyme
17 août 2008 à 08:30
helas!lol
0
Réponse 28 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 août 2008 à 08:29
Enfin plus que dramatique ! Je voulais dire LOL
0
Réponse 29 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
17 août 2008 à 08:29
Pas déjà ????? il est tot quand même non pour un patch........
bref, bon allez ,je coupe et je relance en mode sans echec pour faire le scan !
a tout a l'heure....... j'espère que moderator1 va pas etre patché au mur quand je reviendrais... lol
0
Utilisateur anonyme
17 août 2008 à 08:31
allé...va faire tes scans et dit nous comment ça c'est passé apres.
lol
0
Réponse 30 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
17 août 2008 à 08:39
patché on va être :)
scotché (en d´autres termes)
:D
0
Réponse 31 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
17 août 2008 à 13:01
Bon alors me revoila !!
sachez tout d'abord que aprés l'analyse de ANTIVIR , je ne peux plus demarer en mode "normal", l'ecran reste figé sur l'ecran "demarré" de windows et plus rien ne se passe. la je suis en mode sans echec, je peux rien faire d'autre :!!! et pourtant j'ai rien supprimé , j'ai juste fait le scan
voici donc le rapport d'antivir :


Avira AntiVir Personal
Report file date: dimanche 17 août 2008 09:03

Scanning for 1559120 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Compaq_Propriétaire
Computer name: NOM-D3A4C94E6FD

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 14/08/2008 06:22:36
ANTIVIR3.VDF : 7.0.6.24 103424 Bytes 16/08/2008 06:22:37
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 17/08/2008 06:22:49
AESCN.DLL : 8.1.0.23 119156 Bytes 17/08/2008 06:22:48
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 17/08/2008 06:22:47
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 17/08/2008 06:22:45
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 17/08/2008 06:22:44
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.35 315764 Bytes 17/08/2008 06:22:42
AEEMU.DLL : 8.1.0.7 430452 Bytes 17/08/2008 06:22:40
AECORE.DLL : 8.1.1.8 172406 Bytes 17/08/2008 06:22:39
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 17/08/2008 06:22:38
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: dimanche 17 août 2008 09:03

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'proper.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\proper.exe'
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

13 processes with 13 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
C:\WINDOWS\system32\winter.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\proper.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\proper.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\infos.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!

The registry was scanned ( '70' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\8q5ly9.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\ej.exe
[DETECTION] Is the TR/Lowzones.DP Trojan
[WARNING] The file was ignored!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\pj.exe
[DETECTION] Is the TR/Dldr.Wusst Trojan
[WARNING] The file was ignored!
C:\syssvoi.exe
[DETECTION] Is the TR/Dldr.FraudLoad.LP.14 Trojan
[WARNING] The file was ignored!
C:\winstall.exe
[DETECTION] Is the TR/Dldr.Small.cpg.1 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Ad-Aware QF 20080814 190703.aawqff
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Ad-Aware QF 20080814 190703.aawqff
[DETECTION] Is the TR/Dropper.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak11.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak8.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp10.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp14.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp15.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp18.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp20.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp24.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp27.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp8.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SWAgent.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\IE_UPDATE3R.0XE
[DETECTION] Is the TR/Proxy.Delf.CA Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\ie_update3r.exe
[DETECTION] Is the TR/Proxy.Delf.CA Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\us00info.exe
[DETECTION] Is the TR/Dldr.Small.cpg.1 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Application Data\xlibgfl254.dll
[DETECTION] Is the TR/Hijack.Age.17920 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysgbdk.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysgvty.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysmshn.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysrhyi.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\J6L5Z95Y\NavBar[2].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\infos.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\dossier anti virus\clean.zip
[0] Archive type: ZIP
--> clean/clean.cmd
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[WARNING] The file was ignored!
C:\Program Files\eMule\Incoming\La Saison Des Amours - louisy-joseph [ Full Album](1).zip
[0] Archive type: ZIP
--> La Saison Des Amours - louisy-joseph Play.exe
[DETECTION] Is the TR/Spy.Gampass.A Trojan
[WARNING] The file was ignored!
C:\Program Files\Helper\1203935960.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[WARNING] The file was ignored!
C:\Program Files\Helper\1204524427.dll
[DETECTION] Is the TR/BHO.Gen Trojan
[WARNING] The file was ignored!
C:\Program Files\PestTrap\Uninstall.exe
[DETECTION] Is the TR/Dldr.Agent.61440.3 Trojan
[WARNING] The file was ignored!
C:\Program Files\WinIFixer\WinIFixer.exe
[DETECTION] Contains recognition pattern of the PHISH/FraudTool.WinFixer.F phishing file/email
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-2387016603-1424035785-3476466510-1007\Dc11.1\Paris Hilton Sex-E Screensaver 3.1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\DC4263.0XE
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\Dc4263.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\DC4264.0XE
[DETECTION] Is the TR/Click.Costrat.AS Trojan
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\Dc4264.exe
[DETECTION] Is the TR/Click.Costrat.AS Trojan
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-2844853262-3901199095-1085502061-1007\Dc560.RB0
[0] Archive type: ZIP
--> Paris Hilton Sex-E Screensaver 3.1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\RECYCLER\S-1-5-21-2844853262-3901199095-1085502061-1007\Dc573.RB0
[0] Archive type: ZIP
--> Nicky and Paris Hilton Sexy Hot Screensaver 3.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\braviax.exe
[DETECTION] Is the TR/Dldr.FraudLoad.CQ Trojan
[WARNING] The file was ignored!
C:\WINDOWS\csrss.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.bik.1 back-door program
[WARNING] The file was ignored!
C:\WINDOWS\devadwp.exe
[DETECTION] Is the TR/Agent.16384.23 Trojan
[WARNING] The file was ignored!
C:\WINDOWS\fkwggshm.exe
[DETECTION] Is the TR/Crypt.FKM.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\ksacre.exe
[DETECTION] Is the TR/Peed.INM Trojan
[WARNING] The file was ignored!
C:\WINDOWS\spooldr.exe
[DETECTION] Contains recognition pattern of the WORM/Zhelatin.Gen worm
[WARNING] The file was ignored!
C:\WINDOWS\winsock64.dll
[DETECTION] Is the TR/Proxy.Agent.JI.40 Trojan
[WARNING] The file was ignored!
C:\WINDOWS\winsock64.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.aqo.57 Trojan
[WARNING] The file was ignored!
C:\WINDOWS\xhelper.dll
[DETECTION] Is the TR/Agent.126976 Trojan
[WARNING] The file was ignored!
C:\WINDOWS\pchealth\helpctr\PackageStore\package_9.cab
[0] Archive type: CAB (Microsoft)
--> \Panels\NavBar.htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[WARNING] The file was ignored!
C:\WINDOWS\pchealth\helpctr\System_OEM\Panels\NavBar.htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\WINDOWS\system32\proper.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\winter.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[WARNING] The file was ignored!
C:\WINDOWS\system32\drivers\etc\hosts
[DETECTION] Is the TR/Qhost.MY.3 Trojan
[WARNING] The file was ignored!
Begin scan in 'D:\' <PRESARIO_RP>


End of the scan: dimanche 17 août 2008 11:26
Used time: 2:22:39 Hour(s)

The scan has been done completely.

5906 Scanning directories
451366 Files were scanned
46 viruses and/or unwanted programs were found
27 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
451292 Files not concerned
13535 Archives were scanned
77 Warnings
25 Notes




et donc aprés j'ai fait un scan avec malwarebytes :

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1060
Windows 5.1.2600 Service Pack 2

12:57:00 17/08/2008
mbam-log-8-17-2008 (12-56-44).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 107700
Temps écoulé: 32 minute(s), 17 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 1
Dossier(s) infecté(s): 32
Fichier(s) infecté(s): 126

Processus mémoire infecté(s):
C:\WINDOWS\system32\proper.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Data: c:\windows\system32\proper.exe -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\PestTrap (Rogue.Pesttrap) -> No action taken.
C:\Program Files\Accoona (Adware.Accoona) -> No action taken.
C:\Program Files\e-zshopper (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721 (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721\assist (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Sotfone (Trojan.Zlob) -> No action taken.
C:\Program Files\Helper (Adware.BHO) -> No action taken.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Lang (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Logs (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Quarantine (Rogue.VirusHeat) -> No action taken.
C:\Program Files\Montorgueil (Dialer) -> No action taken.
C:\Program Files\WinIFixer (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\SystemDoctor 2006 Free\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\ultra (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Compaq_Propriétaire\IE_UPDATE3R.0XE (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\ie_update3r.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\sysdoctor.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\winantiviruspro2006freeinstall[1].exe (Rogue.Installer) -> No action taken.
C:\Program Files\Helper\1203935960.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\Helper\1204524427.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\PestTrap\Uninstall.exe (Rogue.PestTrap) -> No action taken.
C:\Program Files\Sotfone\1203935963.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> No action taken.
C:\Program Files\WinIFixer\WinIFixer.exe (Rogue.WinIFixer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006591.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006592.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006593.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006595.exe (Rogue.PestTrap) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006957.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006958.exe (Trojan.Win32.VB) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006959.exe (Proxy.Wopla) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006960.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006961.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP21\A0007106.exe (Rogue.PestTrap) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP21\A0007107.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP21\A0007111.exe (Rogue.VirusHeat) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007511.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007512.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007528.exe (Rogue.WinIFixer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007540.exe (Trojan.Proxy) -> No action taken.
C:\WINDOWS\devadwp.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\fkwggshm.exe (Trojan.Win32.VB) -> No action taken.
C:\WINDOWS\ksacre.exe (Proxy.Wopla) -> No action taken.
C:\Program Files\PestTrap\PestTrap.exe (Rogue.Pesttrap) -> No action taken.
C:\Program Files\Accoona\ASearchAssist.dll (Adware.Accoona) -> No action taken.
C:\Program Files\e-zshopper\BarLcher.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\p2pnetworks\amp2pl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\ijl15.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\mfc42.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\msvcrt.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\unis000.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721\helper.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721\assist\asbar.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\VirusHeat 4.3\msvcp71.dll (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\msvcr71.dll (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Lang\English.ini (Rogue.VirusHeat) -> No action taken.
C:\Program Files\WinIFixer\MFC71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\MFC71ENU.DLL (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\msvcp71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\msvcr71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\Uninstall.exe (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\WinIFixerSkin.dll (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\ultra\uninstall.bat (Rogue.Multiple) -> No action taken.
C:\WINDOWS\homepage.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo1.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo2.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo3.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo4.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo5.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo6.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.
C:\winstall.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Bureau\WinIFixer.lnk (Rogue.WinIFixer) -> No action taken.
C:\syssvoi.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\inf\ultra.inf (Malware.Trace) -> No action taken.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM8f750e5c.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM8f750e5c.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\proper.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\winter.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\System32KBRunOnce2.tm_ (Malware.Trace) -> No action taken.
C:\WINDOWS\System32KBRunOnce2.t__ (Malware.Trace) -> No action taken.
C:\WINDOWS\764.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\7search.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\absolute key logger.lnk (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\aconti.ini (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\aconti.sdb (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\adbar.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\cbinst$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\daxtime.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\dp0.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\eventlowg.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\fhfmm-Uninstaller.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\fhfmm.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\flt.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\hcwprn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ie_32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iexplorr23.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\jd2002.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kkcomp$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kkcomp.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kkcomp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kvnab$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kvnab.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kvnab.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqad$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqad.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqad.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqui-Uninstaller.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqui.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqui.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ngd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\pbar.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\pbsysie.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\settn.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\spredirect.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\wbeCheck.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\wbeInst$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xadbrk.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xadbrk.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xadbrk_.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xxxvideo.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\wml.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\vxddsk.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\WinIFixer.lnk (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Bureau\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> No action taken.



donc voilà, que dois-je faire ? j'aimerais bien pouvoir réussir a demarrer en mode normal...... et pis surtout supprimer toutes ces merdes.....
merci à vous
0
Réponse 32 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
17 août 2008 à 13:19
Z'avez vu un peu toutes les merdes qui a dans les rapports?? incroyable non?
0
Réponse 33 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
17 août 2008 à 14:17
y'a quelqu'un pour m'aider a m'en sortir?
0
Réponse 34 / 72
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 290
17 août 2008 à 16:07
Pourquoi tu n'as pas tout supprimé après le scan de MBAM ?
0
Réponse 35 / 72
Utilisateur anonyme
17 août 2008 à 16:21
il faut redemarer pour que malwaremalbyte finisse le netoyage,ensuite refait un autre scan passe un coup de ccleaner apres.
0
Réponse 36 / 72
Utilisateur anonyme
17 août 2008 à 16:41
t'aurais pas oublier de supprimer les bestioles?
"no action taken" en face de chaque infection,il fallait "afficher les resultat" et ensuite faire "supprimer la selection"
t'es bon pour un autre tour!
c'est pas grave,on aurait du mieux t'aiguiller aussi.
0
Réponse 37 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
17 août 2008 à 21:50
Oups ! ben disons que j'ai pas osé car vous m'aviez juste demandé de faire le scan et de poster le resultat......
je voulais... et puis j'ai preferé attendre vos avis !!!!
bon j'y retourne alors, je fais un scan de malwarebyte et je supprime puis un autre de antivir et je supprime aussi?
et a la fin, je redemarre et je refais un scan des deux pour voir ce qui reste que je poste ici.
est-ce que j'ai bien compris là? ou bien?
en tout cas, merci vraiment d'etre là vous tous !! merci merci, c'est vraiment sympa !!
a tout a l'heure (j'vous ai dit que y'avais que 256mo de ram sur le PC ? v'la la vitesse....)
0
Réponse 38 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
19 août 2008 à 04:28
Salut,

Tu en es où ?

@+
0
Réponse 39 / 72
ziougaziou Messages postés 44 Date d'inscription vendredi 15 août 2008 Statut Membre Dernière intervention 3 novembre 2008
19 août 2008 à 13:06
Hello à tous !!!
De retour ! Quelle galère ce PC avec ses 256 Mo de RAM je rame grâve !!!
donc voilà, j'ai refait 2 scan, 1 avec malwarebytes et cette fois ci j'ai supprimé ce qu'il avait trouvé, et ensuite un scan avec antivir par contre là j'ai pas osé supprimer, j'ai tout déplacé en quarantaine !!!
voici le rapport de malwarebytes :

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

10:04:39 19/08/2008
mbam-log-08-19-2008 (10-04-25).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 119579
Temps écoulé: 34 minute(s), 40 second(s)

Processus mémoire infecté(s): 1
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 32
Fichier(s) infecté(s): 126

Processus mémoire infecté(s):
C:\WINDOWS\system32\proper.exe (Trojan.FakeAlert) -> No action taken.

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\CLSID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{def85c80-216a-43ab-af70-1665edbe2780} (Spyware.Sinowal) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d27987b8-7244-4de0-ae10-39b826b492f1} (Trojan.FakeAlert) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\undefined (Trojan.FakeAlert) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Data: c:\windows\system32\proper.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.FakeAlert) -> Data: system32\proper.exe -> No action taken.

Dossier(s) infecté(s):
C:\Program Files\PestTrap (Rogue.Pesttrap) -> No action taken.
C:\Program Files\Accoona (Adware.Accoona) -> No action taken.
C:\Program Files\e-zshopper (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\p2pnetworks (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721 (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721\assist (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\Sotfone (Trojan.Zlob) -> No action taken.
C:\Program Files\Helper (Adware.BHO) -> No action taken.
C:\Program Files\VirusHeat 4.3 (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Lang (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Logs (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Quarantine (Rogue.VirusHeat) -> No action taken.
C:\Program Files\Montorgueil (Dialer) -> No action taken.
C:\Program Files\WinIFixer (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2006 (Rogue.WinAntivirus) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\SystemDoctor 2006 Free (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\SystemDoctor 2006 Free\Logs (Rogue.SystemDoctor) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\ultra (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKCU\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\HKLM\RunOnce (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuAllUsers (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Autorun\StartMenuCurrentUser (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\BrowserObjects (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\WinIFixer.com\WinIFixer\Quarantine\Packages (Rogue.WinIFixer) -> No action taken.

Fichier(s) infecté(s):
C:\Documents and Settings\Compaq_Propriétaire\IE_UPDATE3R.0XE (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\ie_update3r.exe (Trojan.Proxy) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\sysdoctor.exe (Rogue.Installer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\winantiviruspro2006freeinstall[1].exe (Rogue.Installer) -> No action taken.
C:\Program Files\Helper\1203935960.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\Helper\1204524427.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\PestTrap\Uninstall.exe (Rogue.PestTrap) -> No action taken.
C:\Program Files\Sotfone\1203935963.dll (Trojan.Zlob) -> No action taken.
C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe (Rogue.VirusHeat) -> No action taken.
C:\Program Files\WinIFixer\WinIFixer.exe (Rogue.WinIFixer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006591.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006592.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006593.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP14\A0006595.exe (Rogue.PestTrap) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006957.exe (Trojan.Downloader) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006958.exe (Trojan.Win32.VB) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006959.exe (Proxy.Wopla) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006960.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP19\A0006961.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP21\A0007106.exe (Rogue.PestTrap) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP21\A0007107.dll (Trojan.Zlob) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP21\A0007111.exe (Rogue.VirusHeat) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007511.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007512.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007528.exe (Rogue.WinIFixer) -> No action taken.
C:\System Volume Information\_restore{D7AEF27E-251E-434F-8471-67CC925E0801}\RP23\A0007540.exe (Trojan.Proxy) -> No action taken.
C:\WINDOWS\devadwp.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\fkwggshm.exe (Trojan.Win32.VB) -> No action taken.
C:\WINDOWS\ksacre.exe (Proxy.Wopla) -> No action taken.
C:\Program Files\PestTrap\PestTrap.exe (Rogue.Pesttrap) -> No action taken.
C:\Program Files\Accoona\ASearchAssist.dll (Adware.Accoona) -> No action taken.
C:\Program Files\e-zshopper\BarLcher.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\p2pnetworks\amp2pl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\ijl15.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\mfc42.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\msvcrt.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\amsys\unis000.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721\helper.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\3721\assist\asbar.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.dll (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\akl.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\uninstall.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\akl\unsetup.exe (Fake.Dropped.Malware) -> No action taken.
C:\Program Files\VirusHeat 4.3\msvcp71.dll (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\msvcr71.dll (Rogue.VirusHeat) -> No action taken.
C:\Program Files\VirusHeat 4.3\Lang\English.ini (Rogue.VirusHeat) -> No action taken.
C:\Program Files\WinIFixer\MFC71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\MFC71ENU.DLL (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\msvcp71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\msvcr71.dll (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\Uninstall.exe (Rogue.WinIFixer) -> No action taken.
C:\Program Files\WinIFixer\WinIFixerSkin.dll (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\ultra\uninstall.bat (Rogue.Multiple) -> No action taken.
C:\WINDOWS\homepage.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo1.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo2.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo3.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo4.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo5.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promo6.html (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif1.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif2.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\promogif3.gif (Malware.Trace) -> No action taken.
C:\WINDOWS\csrss.exe (Backdoor.Bot) -> No action taken.
C:\winstall.exe (Trojan.Agent) -> No action taken.
C:\Documents and Settings\All Users\Bureau\WinIFixer.lnk (Rogue.WinIFixer) -> No action taken.
C:\syssvoi.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\braviax.exe (Trojan.Downloader) -> No action taken.
C:\WINDOWS\inf\ultra.inf (Malware.Trace) -> No action taken.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM8f750e5c.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM8f750e5c.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\index.html (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\proper.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\winter.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\System32KBRunOnce2.tm_ (Malware.Trace) -> No action taken.
C:\WINDOWS\System32KBRunOnce2.t__ (Malware.Trace) -> No action taken.
C:\WINDOWS\764.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\7search.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\absolute key logger.lnk (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\aconti.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\aconti.ini (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\aconti.sdb (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\adbar.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\cbinst$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\daxtime.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\dp0.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\eventlowg.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\fhfmm-Uninstaller.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\fhfmm.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\flt.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\hcwprn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\hotporn.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ie_32.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\iexplorr23.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\jd2002.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kkcomp$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kkcomp.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kkcomp.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kvnab$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kvnab.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\kvnab.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqad$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqad.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqad.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqui-Uninstaller.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqui.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\liqui.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\ngd.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\pbar.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\pbsysie.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\settn.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\spredirect.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\wbeCheck.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\wbeInst$.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xadbrk.dll (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xadbrk.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xadbrk_.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\xxxvideo.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\wml.exe (Fake.Dropped.Malware) -> No action taken.
C:\WINDOWS\vxddsk.exe (Fake.Dropped.Malware) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\WinIFixer.lnk (Rogue.WinIFixer) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Bureau\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> No action taken.
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusHeat 4.3.lnk (Rogue.VirusHeat) -> No action taken.


ET voic le rapport de ANTIVIR (c'est là ou aprés j'ai rien supprimé et tout déplacé en quarantaine):



Avira AntiVir Personal
Report file date: mardi 19 août 2008 10:17

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode with network
Username: Compaq_Propriétaire
Computer name: NOM-D3A4C94E6FD

Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.6
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.46 283002 Bytes 08/07/2008 06:33:29
AESCN.DLL : 8.1.0.22 119157 Bytes 09/07/2008 08:46:50
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.1.6 364918 Bytes 09/07/2008 08:46:50
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 09/07/2008 08:46:50
AEHEUR.DLL : 8.1.0.35 1298806 Bytes 08/07/2008 06:33:29
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.29 307573 Bytes 09/07/2008 08:46:50
AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 08:46:50
AECORE.DLL : 8.1.1.3 172404 Bytes 09/07/2008 08:46:50
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:, G:, H:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: mardi 19 août 2008 10:17

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
15 processes with 15 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\autos.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '491e8253.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Menu Démarrer\Programmes\Démarrage\infos.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to '4910824d.qua'!

The registry was scanned ( '67' files ).


Starting the file scan:

Begin scan in 'C:\' <PRESARIO>
C:\8q5ly9.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48df8250.qua'!
C:\ej.exe
[DETECTION] Is the TR/Lowzones.DP Trojan
[NOTE] The file was moved to '48d8824a.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\pj.exe
[DETECTION] Is the TR/Dldr.Wusst Trojan
[NOTE] The file was moved to '49bf78f3.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48d8824a.qua
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48d8824a.qua
[DETECTION] Is the TR/Lowzones.DP Trojan
[NOTE] The file was moved to '490e8225.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\49bf78f3.qua
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\49bf78f3.qua
[DETECTION] Is the TR/Dldr.Wusst Trojan
[NOTE] The file was moved to '490c8227.qua'!
C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Ad-Aware QF 20080814 190703.aawqff
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Ad-Aware QF 20080814 190703.aawqff
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48d78253.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48ec8258.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak1.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48ec8259.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak11.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '498235e2.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48ec825b.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak5.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48ec825a.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '498235e3.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AdBreak8.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48ec825c.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49138264.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC4.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '487e071d.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC6.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49138265.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '487e071e.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp10.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49138267.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp12.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49138266.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp14.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '487e071f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp15.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49138258.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp18.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '487e0721.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp20.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '487e0710.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp23.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49138269.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp24.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '487e0712.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp27.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49138268.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp7.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '487e0711.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudCgp8.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4913826b.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SWAgent.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48eb8253.qua'!
C:\Documents and Settings\Compaq_Propriétaire\us00info.exe
[DETECTION] Is the TR/Dldr.Small.cpg.1 Trojan
[NOTE] The file was moved to '48da8281.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Application Data\xlibgfl254.dll
[DETECTION] Is the TR/Hijack.Age.17920 Trojan
[NOTE] The file was moved to '4913827a.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysgbdk.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[NOTE] The file was moved to '491d82a0.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysgvty.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[NOTE] The file was moved to '491d82a1.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysmshn.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[NOTE] The file was moved to '48747a5a.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Bureau\sysrhyi.exe
[DETECTION] Is the TR/Dldr.Small.DDT.2 Trojan
[NOTE] The file was moved to '491d82a3.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\J6L5Z95Y\NavBar[2].htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '492082f1.qua'!
C:\Documents and Settings\Compaq_Propriétaire\Mes documents\dossier anti virus\clean.zip
[0] Archive type: ZIP
--> clean/clean.cmd
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '490f8366.qua'!
C:\RECYCLER\S-1-5-21-2387016603-1424035785-3476466510-1007\Dc11.1\Paris Hilton Sex-E Screensaver 3.1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '491c8a9e.qua'!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\DC4263.0XE
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '48de8ab7.qua'!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\Dc4263.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '48de8ad7.qua'!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\DC4264.0XE
[DETECTION] Is the TR/Click.Costrat.AS Trojan
[NOTE] The file was moved to '48de8ab8.qua'!
C:\RECYCLER\S-1-5-21-2826780217-2912664876-1574520281-1007\Dc4264.exe
[DETECTION] Is the TR/Click.Costrat.AS Trojan
[NOTE] The file was moved to '48de8ad8.qua'!
C:\RECYCLER\S-1-5-21-2844853262-3901199095-1085502061-1007\Dc560.RB0
[0] Archive type: ZIP
--> Paris Hilton Sex-E Screensaver 3.1.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48df8b88.qua'!
C:\RECYCLER\S-1-5-21-2844853262-3901199095-1085502061-1007\Dc573.RB0
[0] Archive type: ZIP
--> Nicky and Paris Hilton Sexy Hot Screensaver 3.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '49b77ad1.qua'!
C:\WINDOWS\winsock64.dll
[DETECTION] Is the TR/Proxy.Agent.JI.40 Trojan
[NOTE] The file was moved to '49188b9d.qua'!
C:\WINDOWS\winsock64.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the TR/Agent.aqo.57 Trojan
[NOTE] The file was moved to '49188b9e.qua'!
C:\WINDOWS\xhelper.dll
[DETECTION] Is the TR/Agent.126976 Trojan
[NOTE] The file was moved to '490f8b9d.qua'!
C:\WINDOWS\pchealth\helpctr\PackageStore\package_9.cab
[0] Archive type: CAB (Microsoft)
--> \Panels\NavBar.htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '490d8e31.qua'!
C:\WINDOWS\pchealth\helpctr\System_OEM\Panels\NavBar.htm
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49208e37.qua'!
C:\WINDOWS\system32\drivers\etc\hosts
[DETECTION] Is the TR/Qhost.MY.3 Trojan
[NOTE] The file was moved to '491d8f7f.qua'!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.


End of the scan: mardi 19 août 2008 11:22
Used time: 1:04:16 Hour(s)

The scan has been done completely.

6326 Scanning directories
468012 Files were scanned
25 viruses and/or unwanted programs were found
27 Files were classified as suspicious:
0 files were deleted
0 files were repaired
52 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
467959 Files not concerned
13682 Archives were scanned
5 Warnings
52 Notes

Voilà donc la ou j'en suis ben... je suis toujours en mode sans echec, j'ai peur de retourner en mode normal !!
j'attends vos réactions merci à vous... vraiment...
by
0
Réponse 40 / 72
g!rly Messages postés 18209 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 406
19 août 2008 à 13:38
Salut Ziougaziou,

On va dire que c´est pas vraiment la joie...

Mais cependant beaucoup d´infections ont eté supprimés ;)

Vide la quarantaine d´antivir puis passe ceci pour voir stp

Télécharge Lop S&D (de Angeldark et Eric71) sur le Bureau :
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/LopSD.exe?attachauth=ANoY7co3ntqUavpZ3q1BG-h4pc13vqDZmhcNeEPChtsyrgAykRbhE8bZzhk979EfQD4AgwtQUHCaQ7ZQwNYMo3_0kA8htAspckDJtu2K5t6J9z6dLW4fpZyH4FpFL1tVMBZ8H-KnN7afZ5vt-WxZRpnynk-a0XmV_Y0C0q6DxGEDKie1TnPT7gFoZnoCnspzBmbW6ZzxA4fNr3oEDlbelNZON-LjF8nOmQ%3D%3D&attredirects=2

[*]Double-clique sur Lop S&D.exe pour lancer l'installation,
[*]Puis double-clique sur le raccourci Lop S&D présent sur le Bureau.
[*]Séléctionne la langue souhaitée , puis choisis l'Option 1 (Recherche)
Le scan prend moins d'une minute.
[*]A l'issue du scan, le bloc-notes va s'ouvrir avec le résultat de la recherche.
[*]Enregistre le rapport LopR.txt sur le Bureau pour le retrouver facilement, sinon il sauvegardé à la racine de la partition système : C:\LopR.txt

@+
0

Discussions similaires

Colis en cours de transport vers votre site de livraison ?
Ninan_5568 -
senda -

8 réponses