[trojan] TR/Spy.159

Résolu
cris18 -  
 cris18 -
Bonjour,
j'ai attrapé une saleté sur un ordi (trojan?). Avira antivir personal me le détecte comme dangereux. à chaque fois que je branche ma clé USB, je clique sur delete pour m'en débarasser mais rien à faire.
j'ai fait le nettoyage sur mon ordi (ad-aware, a-quared, malwarebyte's anti-malware).
comment puis je faire pour bien nettoyer mon ordi et ma clé une fois pour toute?

merci de votre aide
comme firewall j'ai sunbelt.
Configuration: Windows XP
Firefox 2.0.0.16

12 réponses

  1. cris18
     
    bonsoir,
    ci-dessous les 2 rapports avec virus total et un nouveau rapport antivir:

    Fichier xmldso4.cab reçu le 2008.09.28 21:37:11 (CET)
    Situation actuelle: terminé

    Résultat: 1/36 (2.78%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.9.25.0 2008.09.26 -
    AntiVir 7.8.1.34 2008.09.28 -
    Authentium 5.1.0.4 2008.09.28 -
    Avast 4.8.1195.0 2008.09.27 -
    AVG 8.0.0.161 2008.09.28 -
    BitDefender 7.2 2008.09.28 -
    CAT-QuickHeal 9.50 2008.09.27 -
    ClamAV 0.93.1 2008.09.28 -
    DrWeb 4.44.0.09170 2008.09.28 -
    eSafe 7.0.17.0 2008.09.28 -
    eTrust-Vet 31.6.6110 2008.09.26 -
    Ewido 4.0 2008.09.28 -
    F-Prot 4.4.4.56 2008.09.27 File is damaged
    F-Secure 8.0.14332.0 2008.09.28 -
    Fortinet 3.113.0.0 2008.09.28 -
    GData 19 2008.09.28 -
    Ikarus T3.1.1.34.0 2008.09.28 -
    K7AntiVirus 7.10.476 2008.09.27 -
    Kaspersky 7.0.0.125 2008.09.28 -
    McAfee 5393 2008.09.27 -
    Microsoft 1.3903 2008.09.28 -
    NOD32 3478 2008.09.28 -
    Norman 5.80.02 2008.09.26 -
    Panda 9.0.0.4 2008.09.28 -
    PCTools 4.4.2.0 2008.09.26 -
    Prevx1 V2 2008.09.28 -
    Rising 20.63.62.00 2008.09.28 -
    SecureWeb-Gateway 6.7.6 2008.09.28 -
    Sophos 4.34.0 2008.09.28 -
    Sunbelt 3.1.1675.1 2008.09.27 -
    Symantec 10 2008.09.28 -
    TheHacker 6.3.0.9.095 2008.09.27 -
    TrendMicro 8.700.0.1004 2008.09.26 -
    VBA32 3.12.8.6 2008.09.27 -
    ViRobot 2008.9.26.1394 2008.09.26 -
    VirusBuster 4.5.11.0 2008.09.28 -
    Information additionnelle
    File size: 26662 bytes
    MD5...: d49ee376e407b0681e99148bd215f2ce
    SHA1..: df0274ff9b264fdb1b1eb22792b214926b889643
    SHA256: 054383f8e248e5bd1defc2330b0650af2b87d1211a51e289e6d6e568072e9275
    SHA512: d6a533e5ced9a5a7d0cba55a3c0c7fa65d77105c977ef13fca6614cfbb14f67c
    8515d60851f3d4904c3a178302cf54063fc057d106166ecb794a0515a5a0028a
    PEiD..: -
    TrID..: File type identification
    Microsoft Cabinet Archive (99.9%)
    Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
    PEInfo: -

    Fichier srmclean.exe reçu le 2008.09.25 19:07:27 (CET)
    Situation actuelle: terminé

    Résultat: 0/36 (0.00%)
    Formaté Impression des résultats
    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2008.9.25.0 2008.09.25 -
    AntiVir 7.8.1.34 2008.09.25 -
    Authentium 5.1.0.4 2008.09.25 -
    Avast 4.8.1195.0 2008.09.25 -
    AVG 8.0.0.161 2008.09.25 -
    BitDefender 7.2 2008.09.25 -
    CAT-QuickHeal 9.50 2008.09.25 -
    ClamAV 0.93.1 2008.09.25 -
    DrWeb 4.44.0.09170 2008.09.25 -
    eSafe 7.0.17.0 2008.09.25 -
    eTrust-Vet 31.6.6106 2008.09.25 -
    Ewido 4.0 2008.09.25 -
    F-Prot 4.4.4.56 2008.09.25 -
    F-Secure 8.0.14332.0 2008.09.25 -
    Fortinet 3.113.0.0 2008.09.25 -
    GData 19 2008.09.25 -
    Ikarus T3.1.1.34.0 2008.09.25 -
    K7AntiVirus 7.10.473 2008.09.25 -
    Kaspersky 7.0.0.125 2008.09.25 -
    McAfee 5391 2008.09.24 -
    Microsoft 1.3903 2008.09.25 -
    NOD32 3471 2008.09.25 -
    Norman 5.80.02 2008.09.25 -
    Panda 9.0.0.4 2008.09.24 -
    PCTools 4.4.2.0 2008.09.25 -
    Prevx1 V2 2008.09.25 -
    Rising 20.63.32.00 2008.09.25 -
    Sophos 4.33.0 2008.09.25 -
    Sunbelt 3.1.1668.1 2008.09.24 -
    Symantec 10 2008.09.25 -
    TheHacker 6.3.0.9.093 2008.09.25 -
    TrendMicro 8.700.0.1004 2008.09.25 -
    VBA32 3.12.8.6 2008.09.25 -
    ViRobot 2008.9.25.1392 2008.09.25 -
    VirusBuster 4.5.11.0 2008.09.25 -
    Webwasher-Gateway 6.6.2 2008.09.25 -
    Information additionnelle
    File size: 36864 bytes
    MD5...: 787b8ad5fef1a68d3ed00e4e393b9d18
    SHA1..: 3a1287bd91d72798bede92d7f9062e7a982578a5
    SHA256: 9914f333685a74a45dfd6b26bb8f81c0ed62200f0c623e7f030230c4124bb046
    SHA512: 75296e7f6776cfb9f48a9333b30c05c589028799481b8cf0c8500f20088f86a2
    2df21578b9ca3d88ba249804ba8d55d30615ceb4364736c96f50fe76bdb02c5a
    PEiD..: Armadillo v1.71
    TrID..: File type identification
    Win32 Executable MS Visual C++ (generic) (65.2%)
    Win32 Executable Generic (14.7%)
    Win32 Dynamic Link Library (generic) (13.1%)
    Generic Win/DOS Executable (3.4%)
    DOS Executable Generic (3.4%)
    PEInfo: PE Structure information

    ( base data )
    entrypointaddress.: 0x401020
    timedatestamp.....: 0x3b5de9e1 (Tue Jul 24 21:34:25 2001)
    machinetype.......: 0x14c (I386)

    ( 3 sections )
    name viradd virsiz rawdsiz ntrpy md5
    .text 0x1000 0x35ce 0x4000 5.96 a340e038fc4ec926ae9d5a067be0669c
    .rdata 0x5000 0x7e0 0x1000 3.22 e37cc8b9570edc9ed1558d63e57ebc66
    .data 0x6000 0x2a1c 0x3000 0.41 2ca2770889d849fd9f5b26122f0b52f2

    ( 2 imports )
    > SHLWAPI.dll: SHDeleteKeyA
    > KERNEL32.dll: HeapDestroy, GetVersionExA, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetEnvironmentVariableA, GetStringTypeW, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA

    ( 0 exports )

    ThreatExpert info: https://www.symantec.com?md5=787b8ad5fef1a68d3ed00e4e393b9d18

    Avira AntiVir Personal
    Report file date: dimanche 28 septembre 2008 21:32

    Scanning for 1646460 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: CPQ20278267151

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 20/07/2008 08:44:12
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 20/07/2008 08:44:12
    LUKE.DLL : 8.1.4.5 164097 Bytes 20/07/2008 08:44:16
    LUKERES.DLL : 8.1.4.0 12033 Bytes 20/07/2008 08:44:16
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 08:00:11
    ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:00:44
    ANTIVIR3.VDF : 7.0.6.220 16384 Bytes 28/09/2008 19:00:47
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/05/2008 09:36:55
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 22/09/2008 08:46:01
    AESCN.DLL : 8.1.0.23 119156 Bytes 20/07/2008 08:44:17
    AERDL.DLL : 8.1.1.2 438644 Bytes 22/09/2008 08:46:00
    AEPACK.DLL : 8.1.2.3 364918 Bytes 28/09/2008 19:00:59
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 22/09/2008 08:45:58
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 22/09/2008 08:45:57
    AEHELP.DLL : 8.1.0.15 115063 Bytes 11/06/2008 10:20:55
    AEGEN.DLL : 8.1.0.36 315764 Bytes 25/08/2008 10:55:15
    AEEMU.DLL : 8.1.0.7 430452 Bytes 02/08/2008 17:29:32
    AECORE.DLL : 8.1.1.11 172406 Bytes 22/09/2008 08:45:51
    AEBB.DLL : 8.1.0.1 53617 Bytes 20/07/2008 08:44:17
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 20/07/2008 08:44:12
    AVPREF.DLL : 8.0.2.0 38657 Bytes 20/07/2008 08:44:12
    AVREP.DLL : 8.0.0.2 98344 Bytes 02/08/2008 17:29:29
    AVREG.DLL : 8.0.0.1 33537 Bytes 20/07/2008 08:44:12
    AVARKT.DLL : 1.0.0.23 307457 Bytes 25/05/2008 09:36:53
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 20/07/2008 08:44:11
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 25/05/2008 09:36:54
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 20/07/2008 08:44:16
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/05/2008 09:36:54
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 20/07/2008 08:44:06
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 20/07/2008 08:44:06

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, F:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 28 septembre 2008 21:32

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'urlmap.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'ONETOUCH.EXE' - '1' Module(s) have been scanned
    Scan process 'carpserv.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFSvc.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
    Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned
    Scan process 'HPConfig.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '59' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\cris\Local Settings\Temp\a2archive\xmldso4.cab
    [0] Archive type: CAB (Microsoft)
    --> temp\Microsoft XML Parser for Java.osd
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'F:\' <WD Passport>

    End of the scan: dimanche 28 septembre 2008 22:13
    Used time: 40:30 Minute(s)

    The scan has been done completely.

    6066 Scanning directories
    257355 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    257353 Files not concerned
    7380 Archives were scanned
    3 Warnings
    0 Notes
    1
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois le registre) sans installer la barre yahoo
    (dans les options puis avancé :désactive la case: effacer les fichiers de plus de 48 heures)
    https://www.malekal.com/tutoriel-ccleaner/
    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    _____________________

    ensuite

    scan avec
    MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport

    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    __________________

    mettre a jour internet explorer
    https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html

    ___________________

    encore des alertes ? des problèmes?
    1
  3. cris18
     
    salut,
    j'ai fait ccleaner 3 fois mais je n'ai pas trouvé "effacer les fichiers de plus de 48 heures" à l'emplacement que tu m'indiquais.
    ci-dessous le rapport malwarebytes'. quand MAM a scanné ma clé infectée, c'est antivir qui a détecté le fichier problème et s'en est chargé donc il n'y a pas de traces dans le rapport MAM...

    Malwarebytes' Anti-Malware 1.28
    Version de la base de données: 1227
    Windows 5.1.2600 Service Pack 2

    04/10/2008 21:20:45
    mbam-log-2008-10-04 (21-20-37).txt

    Type de recherche: Examen complet (C:\|E:\|F:\|)
    Eléments examinés: 114402
    Temps écoulé: 1 hour(s), 37 minute(s), 16 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 2
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 2

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SecurityProviders (Broken.SecurityProviders) -> Bad: (msapsspc.dll schannel.dll digest.dll msnsspc.dll) Good: (msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll) -> No action taken.
    HKEY_CLASSES_ROOT\scrfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("%1" %*) Good: ("%1" /S) -> No action taken.

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    C:\Program Files\eMule\LinkCreator.exe (Rogue.Fake!emule.exe) -> No action taken.
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP46\A0007393.exe (Rogue.Fake!emule.exe) -> No action taken.
    1
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    vire ce qui a été trouvé par malwarebyte

    puis vire ce qui est en quarantaine dans malwarebyte et antivir
    _______________

    relance ccleaner et nettoie le cache de firefox et autre

    __________________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là : https://www.informatruc.com

    ___________________

    recolle un rapport antivir pour verifier
    1
    1. cris18
       
      Salut,
      J’ai viré ce que malvarebytes a trouvé + ce qui était en quarantaire dans malvarebytes et antivir
      J’ai lancé ccleaner 3 fois
      Résultats : malvarebytes n’a rien trouvé mais antivir oui

      Comme des virus ont été trouvé, je n’ai pas désactiver la restauration système etc, je ne sais même pas si j’aurai su faire…

      Les rapports de malware et antivir:

      Malwarebytes' Anti-Malware 1.28
      Version de la base de données: 1227
      Windows 5.1.2600 Service Pack 2

      06/10/2008 14:03:29
      mbam-log-2008-10-06 (14-03-29).txt

      Type de recherche: Examen complet (C:\|F:\|)
      Eléments examinés: 103794
      Temps écoulé: 28 minute(s), 42 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)



      Avira AntiVir Personal
      Report file date: lundi 6 octobre 2008 14:05

      Scanning for 1658825 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: CPQ20278267151

      Version information:
      BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
      AVSCAN.EXE : 8.1.4.7 315649 Bytes 20/07/2008 08:44:12
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 20/07/2008 08:44:12
      LUKE.DLL : 8.1.4.5 164097 Bytes 20/07/2008 08:44:16
      LUKERES.DLL : 8.1.4.0 12033 Bytes 20/07/2008 08:44:16
      ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
      ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 08:00:11
      ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:00:44
      ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 17:09:44
      Engineversion : 8.1.1.35
      AEVDF.DLL : 8.1.0.5 102772 Bytes 25/05/2008 09:36:55
      AESCRIPT.DLL : 8.1.0.76 319867 Bytes 22/09/2008 08:46:01
      AESCN.DLL : 8.1.0.23 119156 Bytes 20/07/2008 08:44:17
      AERDL.DLL : 8.1.1.2 438644 Bytes 22/09/2008 08:46:00
      AEPACK.DLL : 8.1.2.3 364918 Bytes 28/09/2008 19:00:59
      AEOFFICE.DLL : 8.1.0.25 196986 Bytes 22/09/2008 08:45:58
      AEHEUR.DLL : 8.1.0.59 1438071 Bytes 22/09/2008 08:45:57
      AEHELP.DLL : 8.1.0.15 115063 Bytes 11/06/2008 10:20:55
      AEGEN.DLL : 8.1.0.36 315764 Bytes 25/08/2008 10:55:15
      AEEMU.DLL : 8.1.0.7 430452 Bytes 02/08/2008 17:29:32
      AECORE.DLL : 8.1.1.11 172406 Bytes 22/09/2008 08:45:51
      AEBB.DLL : 8.1.0.1 53617 Bytes 20/07/2008 08:44:17
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 20/07/2008 08:44:12
      AVPREF.DLL : 8.0.2.0 38657 Bytes 20/07/2008 08:44:12
      AVREP.DLL : 8.0.0.2 98344 Bytes 02/08/2008 17:29:29
      AVREG.DLL : 8.0.0.1 33537 Bytes 20/07/2008 08:44:12
      AVARKT.DLL : 1.0.0.23 307457 Bytes 25/05/2008 09:36:53
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 20/07/2008 08:44:11
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 25/05/2008 09:36:54
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 20/07/2008 08:44:16
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/05/2008 09:36:54
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 20/07/2008 08:44:06
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 20/07/2008 08:44:06

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: lundi 6 octobre 2008 14:05

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
      Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
      Scan process 'ONETOUCH.EXE' - '1' Module(s) have been scanned
      Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SbPFSvc.exe' - '1' Module(s) have been scanned
      Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
      Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned
      Scan process 'HPConfig.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'a2service.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      35 processes with 35 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '60' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\cris\Local Settings\Application Data\Mozilla\Firefox\Profiles\sv5upwff.default\Cache\EFC6FEA3d01
      [0] Archive type: CAB SFX (self extracting)
      --> LISEZMOI.HTM
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      C:\Documents and Settings\cris\Local Settings\Temp\a2archive\xmldso4.cab
      [0] Archive type: CAB (Microsoft)
      --> temp\Microsoft XML Parser for Java.osd
      [WARNING] No further files can be extracted from this archive. The archive will be closed


      End of the scan: lundi 6 octobre 2008 14:34
      Used time: 29:55 Minute(s)

      The scan has been done completely.

      5655 Scanning directories
      243215 Files were scanned
      0 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      0 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      243213 Files not concerned
      7251 Archives were scanned
      4 Warnings
      0 Notes
      -1
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Documents and Settings\cris\Local Settings\Application Data\Mozilla\Firefox\Profiles\sv5upwff.default\Cache\EFC6FEA­3d01
    C:\Documents and Settings\cris\Local Settings\Temp\a2archive\xmldso4.cab

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
    1
    1. cris18
       
      File/Folder C:\Documents and Settings\cris\Local Settings\Application Data\Mozilla\Firefox\Profiles\sv5upwff.default\Cache\EFC6FEA­­3d01 not found.
      C:\Documents and Settings\cris\Local Settings\Temp\a2archive\xmldso4.cab moved successfully.

      OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 10072008_163129
      -1
  7. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    1/ # Télécharge RavAntivirus d'Evosla :
    http://ww25.evosla.com/compteur.php?soft=rav_antivirus

    # Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
    # Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
    # Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
    # Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
    # Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
    # Retire tes disques amovibles et redémarrez votre ordinateur.
    # Poste le rapport, si infection!

    2/ Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

    Double-clique sur l’icône.
    Les icônes vont disparaître. C’est normal.
    Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
    Redémarre ensuite le PC.

    3/ colle un rapport antivir
    -1
  8. cris18
     
    j'ai utilisé rav, il a trouvé mon ordi infecté par adobe.exe dans un premier temps puis autorun.exe (qqch comme ca) après; il a supprimé les 2 mais ne m'a pas laissé de log. j'ai attendu 10min mais la barre de scan était toujours en action. est ce normal? faut il attendre plus encore?
    je n'ai donc pas de log pour celui la.
    pour flash disinfector il n'a rien trouvé.

    voici le rapport antivir (et après un rapport hijackthis au cas où):

    Avira AntiVir Personal
    Report file date: lundi 22 septembre 2008 13:29

    Scanning for 1627546 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: CPQ20278267151

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 20/07/2008 08:44:12
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 20/07/2008 08:44:12
    LUKE.DLL : 8.1.4.5 164097 Bytes 20/07/2008 08:44:16
    LUKERES.DLL : 8.1.4.0 12033 Bytes 20/07/2008 08:44:16
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 08:00:11
    ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12/09/2008 08:45:48
    ANTIVIR3.VDF : 7.0.6.190 226816 Bytes 22/09/2008 08:45:50
    Engineversion : 8.1.1.34
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/05/2008 09:36:55
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 22/09/2008 08:46:01
    AESCN.DLL : 8.1.0.23 119156 Bytes 20/07/2008 08:44:17
    AERDL.DLL : 8.1.1.2 438644 Bytes 22/09/2008 08:46:00
    AEPACK.DLL : 8.1.2.1 364917 Bytes 20/07/2008 08:44:17
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 22/09/2008 08:45:58
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 22/09/2008 08:45:57
    AEHELP.DLL : 8.1.0.15 115063 Bytes 11/06/2008 10:20:55
    AEGEN.DLL : 8.1.0.36 315764 Bytes 25/08/2008 10:55:15
    AEEMU.DLL : 8.1.0.7 430452 Bytes 02/08/2008 17:29:32
    AECORE.DLL : 8.1.1.11 172406 Bytes 22/09/2008 08:45:51
    AEBB.DLL : 8.1.0.1 53617 Bytes 20/07/2008 08:44:17
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 20/07/2008 08:44:12
    AVPREF.DLL : 8.0.2.0 38657 Bytes 20/07/2008 08:44:12
    AVREP.DLL : 8.0.0.2 98344 Bytes 02/08/2008 17:29:29
    AVREG.DLL : 8.0.0.1 33537 Bytes 20/07/2008 08:44:12
    AVARKT.DLL : 1.0.0.23 307457 Bytes 25/05/2008 09:36:53
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 20/07/2008 08:44:11
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 25/05/2008 09:36:54
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 20/07/2008 08:44:16
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/05/2008 09:36:54
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 20/07/2008 08:44:06
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 20/07/2008 08:44:06

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, F:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 22 septembre 2008 13:29

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'notepad.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'ONETOUCH.EXE' - '1' Module(s) have been scanned
    Scan process 'carpserv.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFSvc.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
    Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned
    Scan process 'HPConfig.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    34 processes with 34 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    Master boot sector HD2
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'F:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '57' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\cris\Local Settings\Temp\a2archive\xmldso4.cab
    [0] Archive type: CAB (Microsoft)
    --> temp\Microsoft XML Parser for Java.osd
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    Begin scan in 'F:\' <WD Passport>

    End of the scan: lundi 22 septembre 2008 14:07
    Used time: 38:16 Minute(s)

    The scan has been done completely.

    5905 Scanning directories
    257501 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    257499 Files not concerned
    7394 Archives were scanned
    3 Warnings
    0 Notes

    rapport hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:23:35, on 22/09/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\SbPFCl.exe
    C:\WINDOWS\system32\carpserv.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\WINDOWS\explorer.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
    C:\Documents and Settings\admin\Bureau\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/2Q00CPT/040C/bF8.asp
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/...
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [Watch] C:\PROGRA~1\Minitel\Watch.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
    O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe
    -1
  9. cris18
     
    et la suite: un rapport antivir puisque c'est lui qui les détecte.

    Avira AntiVir Personal
    Report file date: samedi 4 octobre 2008 21:39

    Scanning for 1658825 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: CPQ20278267151

    Version information:
    BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 20/07/2008 08:44:12
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 20/07/2008 08:44:12
    LUKE.DLL : 8.1.4.5 164097 Bytes 20/07/2008 08:44:16
    LUKERES.DLL : 8.1.4.0 12033 Bytes 20/07/2008 08:44:16
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 08:00:11
    ANTIVIR2.VDF : 7.0.6.217 3773440 Bytes 26/09/2008 19:00:44
    ANTIVIR3.VDF : 7.0.6.243 186368 Bytes 04/10/2008 17:09:44
    Engineversion : 8.1.1.35
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/05/2008 09:36:55
    AESCRIPT.DLL : 8.1.0.76 319867 Bytes 22/09/2008 08:46:01
    AESCN.DLL : 8.1.0.23 119156 Bytes 20/07/2008 08:44:17
    AERDL.DLL : 8.1.1.2 438644 Bytes 22/09/2008 08:46:00
    AEPACK.DLL : 8.1.2.3 364918 Bytes 28/09/2008 19:00:59
    AEOFFICE.DLL : 8.1.0.25 196986 Bytes 22/09/2008 08:45:58
    AEHEUR.DLL : 8.1.0.59 1438071 Bytes 22/09/2008 08:45:57
    AEHELP.DLL : 8.1.0.15 115063 Bytes 11/06/2008 10:20:55
    AEGEN.DLL : 8.1.0.36 315764 Bytes 25/08/2008 10:55:15
    AEEMU.DLL : 8.1.0.7 430452 Bytes 02/08/2008 17:29:32
    AECORE.DLL : 8.1.1.11 172406 Bytes 22/09/2008 08:45:51
    AEBB.DLL : 8.1.0.1 53617 Bytes 20/07/2008 08:44:17
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 20/07/2008 08:44:12
    AVPREF.DLL : 8.0.2.0 38657 Bytes 20/07/2008 08:44:12
    AVREP.DLL : 8.0.0.2 98344 Bytes 02/08/2008 17:29:29
    AVREG.DLL : 8.0.0.1 33537 Bytes 20/07/2008 08:44:12
    AVARKT.DLL : 1.0.0.23 307457 Bytes 25/05/2008 09:36:53
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 20/07/2008 08:44:11
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 25/05/2008 09:36:54
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 20/07/2008 08:44:16
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/05/2008 09:36:54
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 20/07/2008 08:44:06
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 20/07/2008 08:44:06

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 4 octobre 2008 21:39

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'WZQKPICK.EXE' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
    Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned
    Scan process 'ONETOUCH.EXE' - '1' Module(s) have been scanned
    Scan process 'carpserv.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFCl.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFSvc.exe' - '1' Module(s) have been scanned
    Scan process 'SbPFLnch.exe' - '1' Module(s) have been scanned
    Scan process 'HPWirelessMgr.exe' - '1' Module(s) have been scanned
    Scan process 'HPConfig.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'a2service.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    36 processes with 36 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '60' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\cris\Local Settings\Application Data\Mozilla\Firefox\Profiles\sv5upwff.default\Cache\EFC6FEA3d01
    [0] Archive type: CAB SFX (self extracting)
    --> LISEZMOI.HTM
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\Documents and Settings\cris\Local Settings\Temp\a2archive\xmldso4.cab
    [0] Archive type: CAB (Microsoft)
    --> temp\Microsoft XML Parser for Java.osd
    [WARNING] No further files can be extracted from this archive. The archive will be closed
    C:\System Volume Information\_restore{58E8BEBA-26A4-45ED-9D92-ED376219F13B}\RP77\A0015633.exe
    [DETECTION] Is the TR/Killav.28714 Trojan
    [WARNING] The file was ignored!

    End of the scan: samedi 4 octobre 2008 22:13
    Used time: 33:26 Minute(s)

    The scan has been done completely.

    5652 Scanning directories
    243552 Files were scanned
    1 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    243549 Files not concerned
    7232 Archives were scanned
    5 Warnings
    0 Notes
    -1
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge ToolsCleaner sur ton bureau.
    --> http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
    # Clique sur Recherche et laisse le scan agir ...
    # Clique sur Suppression pour finaliser.
    # Tu peux, si tu le souhaites, te servir des Options facultatives.
    # Clique sur Quitter pour obtenir le rapport.
    # Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

    ps : pas besoin de m´envoyer le rapport si tout a ete supprimé

    ____________________

    si tout c'est bien passé désactive la restauration système pour purger les virus qui seraient dedans
    puis redemarre ton ordi
    puis réactive là : https://www.informatruc.com

    ____________________

    encore des soucis?
    -1
    1. cris18
       
      commen fais tu pour désactiver la restauration système?
      -1
  11. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu clique sur le lien en bleu et tu as toute la procedure

    a plus
    -1
    1. cris18
       
      Salut,
      je dois laisser l'onglet coché sur "désactiver la restauration du système" ou faut-il que je réactive la restauration après comme indiqué sur les procédures?
      merci
      0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    tu réactive par la suite
    -1
    1. cris18
       
      Merci à toi jlpjlp,
      merci pour tous ces précieux conseils et le temps que tu as pris pour m'aider à résoudre ce problème.
      salutations,
      cris
      -1