Se connecter / S'enregistrer
Votre question
Fermé

Virus à répétition - besoin d'aides

Tags :
  • Virus
  • Sécurité
Dernière réponse : dans Sécurité et virus
6 Février 2008 12:21:03

Bonjour, depuis quelques jours mon ordi est infesté.
Avast m'a détecté des premiers virus (system.exe etc.)... puis j'ai tenté de viré avast et de mettre norton mais norton ne fonctionne plus, donc retour à avast... là, je viens de faire tourner kapersky, nouveaux virus... bref galère, qqn peut-il m'aider svp, je ne sais plus quoi faire. Je précise qu'à la lecture de post j'ai décoché l'option "restauration de windows"
Merci bcp

Rapport kapersky :

Wednesday, February 06, 2008 12:07:01 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/02/2008
Kaspersky Anti-Virus database records: 550622


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 83292
Number of viruses found 1
Number of infected objects 6
Number of suspicious objects 0
Duration of the scan process 01:33:48

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Magali\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped

C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\pop.gmail.com\Inbox.msf Object is locked skipped

C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\pop.gmail.com\Sent.msf Object is locked skipped

C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\pop.orange.fr\Inbox.msf Object is locked skipped

C:\Documents and Settings\Magali\Bureau\Navilog1.exe/file09 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Magali\Bureau\Navilog1.exe Inno: infected - 1 skipped

C:\Documents and Settings\Magali\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Magali\Bureau\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\Documents and Settings\Magali\Bureau\SmitfraudFix.zip ZIP: infected - 1 skipped

C:\Documents and Settings\Magali\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Magali\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Magali\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Magali\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Magali\Local Settings\Historique\History.IE5\MSHist012008020620080207\index.dat Object is locked skipped

C:\Documents and Settings\Magali\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Magali\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Magali\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Magali\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\SONYSZ3XP.ldb Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\JETD86E.tmp Object is locked skipped

C:\WINDOWS\Temp\JETDC85.tmp Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_638.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT0070f.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT00718.TMP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

D:\THESE2007\MRsynthese.doc Object is locked skipped

D:\THESE2007\thesetalandier.doc Object is locked skipped

D:\VAIO Entertainment\database\MtData.ldb Object is locked skipped

D:\VAIO Entertainment\database\MtData.mdb Object is locked skipped

Scan process completed.

Autres pages sur : virus repetition besoin aides

6 Février 2008 13:03:10

pas de réponse, mais je patiente - en attendant je copie mon rapport hijack pour avoir votre avis. Merci

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:56:27, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Protector Suite QL\menusw.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\PROGRA~1\FICHIE~1\fluxDVD\DOWNLO~1\XEBDLH~1.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [VAIOCameraUtility] "C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
O4 - HKLM\..\Run: [SonyPowerCfg] "C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
O4 - HKLM\..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe
O4 - HKLM\..\Run: [Switcher.exe] C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
O4 - HKLM\..\Run: [Biomenu] "C:\Program Files\Protector Suite QL\menusw.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: Ajouter un site de support RSS à VAIO Information FLOW - C:\Program Files\Sony\VAIO Information FLOW\aiesc.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.com/fr/
O15 - Trusted Zone: *.canalplay.com
O15 - Trusted Zone: *.canalplusactive.com
O15 - Trusted Zone: *.canalplay.com (HKLM)
O15 - Trusted Zone: *.canalplusactive.com (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavweb...
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scan...
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Image Converter video recording monitor for VAIO Entertainment - Sony Corporation - C:\Program Files\Sony\Image Converter 2\IcVzMon.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Service CANALPLAY - Canal+ Active - C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\Avlib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Cooporated Initialisation (VCI) - Sony Corporation - C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe

--
End of file - 13859 bytes
a b 8 Sécurité
6 Février 2008 13:43:44

Apparemment ok.

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

  • Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.
  • Double clique sur combofix.exe afin de le lancer.
  • Tape sur la touche 1 (Yes) pour démarrer le scan.
  • Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.
    Contenus similaires
    6 Février 2008 13:59:05

    Voici le rapport - désolée pour le double topics, je comprends si tt le monde fait ça... mais, je croyais que le 1er avait été rélégué aux oubliettes.

    Merci

    ComboFix 08-02.05.3 - Magali 2008-02-06 13:47:51.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1437 [GMT 1:00]
    Endroit: C:\Documents and Settings\Magali\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration

    AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
    .

    ((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-06 to 2008-02-06 ))))))))))))))))))))))))))))))))))))
    .

    2008-02-06 13:50 . 2008-02-06 13:50 244 --ah----- C:\sqmnoopt06.sqm
    2008-02-06 13:50 . 2008-02-06 13:50 232 --ah----- C:\sqmdata06.sqm
    2008-02-06 12:56 . 2008-02-06 12:56 <REP> d-------- C:\Program Files\Trend Micro
    2008-02-06 12:36 . 2008-02-06 12:36 244 --ah----- C:\sqmnoopt05.sqm
    2008-02-06 12:36 . 2008-02-06 12:36 232 --ah----- C:\sqmdata05.sqm
    2008-02-06 10:23 . 2008-02-06 10:23 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
    2008-02-06 10:23 . 2008-02-06 10:23 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2008-02-06 10:16 . 2008-02-06 13:32 <REP> d-------- C:\Program Files\Navilog1
    2008-02-05 21:37 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
    2008-02-05 21:37 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
    2008-02-05 21:37 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
    2008-02-05 21:37 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2008-02-05 21:37 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2008-02-05 21:37 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2008-02-05 21:37 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2008-02-05 21:37 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2008-02-05 19:03 . 2008-02-05 19:15 507,062 --a------ C:\WINDOWS\system32\perfh040.dat
    2008-02-05 19:03 . 2008-02-05 19:15 84,060 --a------ C:\WINDOWS\system32\perfc040.dat
    2008-02-05 17:35 . 2008-02-05 17:35 0 --a------ C:\WINDOWS\vpc32.INI
    2008-02-05 17:33 . 2008-02-05 23:35 <REP> d-------- C:\Program Files\Symantec
    2008-02-05 17:32 . 2008-02-05 23:35 <REP> d-------- C:\Program Files\Symantec AntiVirus
    2008-01-29 14:45 . 2008-01-29 15:22 <REP> d-------- C:\Documents and Settings\Magali\Application Data\U3
    2008-01-22 21:06 . 2008-01-22 21:06 268 --ah----- C:\sqmdata04.sqm
    2008-01-22 21:06 . 2008-01-22 21:06 244 --ah----- C:\sqmnoopt04.sqm
    2008-01-22 16:25 . 2008-01-22 16:25 268 --ah----- C:\sqmdata03.sqm
    2008-01-22 16:25 . 2008-01-22 16:25 244 --ah----- C:\sqmnoopt03.sqm
    2008-01-22 14:27 . 2008-01-22 14:27 268 --ah----- C:\sqmdata02.sqm
    2008-01-22 14:27 . 2008-01-22 14:27 244 --ah----- C:\sqmnoopt02.sqm
    2008-01-22 12:38 . 2008-01-22 12:38 268 --ah----- C:\sqmdata01.sqm
    2008-01-22 12:38 . 2008-01-22 12:38 244 --ah----- C:\sqmnoopt01.sqm

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-02-06 12:53 --------- d-----w C:\Program Files\Wanadoo
    2008-02-06 12:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-02-06 11:28 --------- d-----w C:\Program Files\Mozilla Thunderbird
    2008-02-05 22:35 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
    2008-02-05 22:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
    2008-02-05 20:14 --------- d-----w C:\Program Files\7-Zip
    2008-02-05 17:25 --------- d-----w C:\Program Files\Windows Live Safety Center
    2008-01-30 14:38 --------- d-----w C:\Documents and Settings\Magali\Application Data\AdobeUM
    2007-12-11 17:10 --------- d-----w C:\Program Files\SecureW2
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
    "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 11:55 5674352]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-14 08:09 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-11-17 12:47 118784]
    "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-17 03:08 98304]
    "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-17 03:08 77824]
    "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-17 03:08 118784]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-20 09:45 7561216]
    "Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-02-28 13:25 667718]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-02-28 13:25 602182]
    "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-02-28 13:29 569413]
    "VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe" [2005-12-27 12:58 69632]
    "SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe" [2006-06-27 17:24 217088]
    "ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 13:12 32768]
    "Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2006-02-14 11:11 176128]
    "Biomenu"="C:\Program Files\Protector Suite QL\menusw.exe" [2006-02-22 20:46 1094656]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-08 23:02 919280]
    "Samsung PanelMgr"="C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe" [2006-06-07 12:25 507904]
    "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480]
    "WOOTASKBARICON"="C:\PROGRA~1\Wanadoo\GestMaj.exe" [2004-10-14 15:55 32768]
    "WrtMon.exe"="C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 07:35 20480]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    fusstub.dll 2006-02-22 20:47 39936 C:\WINDOWS\system32\fusstub.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Lancement rapide d'Adobe Reader.lnk]
    path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    backup=C:\WINDOWS\pss\Lancement rapide d'Adobe Reader.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
    --a------ 2006-10-11 11:45 75304 C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
    --a------ 2006-09-28 12:16 185896 C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    --a------ 2007-06-14 08:09 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    --a------ 2007-11-29 14:22 185896 C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

    R0 shpf;Sony HDD Protection Filter Driver;C:\WINDOWS\system32\DRIVERS\shpf.sys [2005-11-21 06:06]
    R2 FdRedir;FdRedir;C:\Program Files\Fichiers communs\Protector Suite QL\Drivers\FdRedir.sys [2006-02-22 20:49]
    R2 FileDisk2;FileDisk Protector Kernel Driver;C:\Program Files\Fichiers communs\Protector Suite QL\Drivers\filedisk.sys [2006-02-22 20:49]
    R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2005-10-21 03:19]
    R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 10:39]
    R3 SPI;Sony Programmable I/O Control Device;C:\WINDOWS\system32\DRIVERS\SonyPI.sys [2002-08-20 03:59]
    R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2006-02-22 20:41]
    R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2006-02-21 10:32]
    S3 fbxusb;FreeBox USB Network Adapter;C:\WINDOWS\system32\DRIVERS\fbxusb.sys [2003-12-31 11:35]
    S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 19:10]
    S3 Service CANALPLAY;Service CANALPLAY;"C:\Program Files\Lecteur CANALPLAY\CanalPlayService.exe" [2007-07-16 16:15]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3819a544-23b4-11dc-a7d4-0013a98c3d7d}]
    \Shell\Auto\command - bittorrent.exe e
    \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3b5a85a0-d3d0-11dc-a932-0013a98c3d7d}]
    \Shell\AutoRun\command - G:\
    \Shell\explore\Command - RECYCLED\INFO.exe
    \Shell\open\Command - RECYCLED\INFO.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
    "2007-05-09 07:46:56 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
    - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe%Scan -RestrictPrivileges -ScanType 1
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-06 13:52:14
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cach‚s ...

    Balayage cach‚ autostart entries ...

    Balayage des fichiers cach‚s ...

    Scan termin‚ avec succŠs
    Les fichiers cach‚s: 0

    **************************************************************************
    .
    ------------------------ Other Running Processes ------------------------
    .
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\WINDOWS\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Temps d'accomplissement: 2008-02-06 13:55:00 - machine was rebooted
    .
    2008-01-09 17:02:06 --- E O F ---
    a b 8 Sécurité
    6 Février 2008 14:14:24

    Apparemment ok.
    6 Février 2008 14:36:52

    holala, je ne crois pas que ce soit ok... je suis en train de faire un scan avec bitdefender... et il trouve encore des fichiers infectés cette fois par Win32.Netsky.AA@mm et ce serait dans thunderbird...- chq antivirus me trouve d'autres fichiers - je peux mettre le rapport de bitdefender à la suite quand je l'aurais pour avoir un avis et des conseils ? Je n'ouvre pas d'autre post, promis ;-)
    a b 8 Sécurité
    6 Février 2008 14:42:07

    Oui ;) 
    6 Février 2008 16:33:02

    donc voici les résultats de bitdefender et d'avg spyware, merci de me donner votre avis. C'est qd même bizarre qu'à chq nvu scan je trrouve encore des virus différents, non? Merci

    Bitdefender

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Inbox=>(message 945)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip=>Details.txt .exe
    Infecté par: Win32.Netsky.AA@mm

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Inbox=>(message 945)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip=>Details.txt .exe
    Echec de la désinfection

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Inbox=>(message 945)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip=>Details.txt .exe
    Supprimé

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Inbox=>(message 945)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip
    Mis à jour

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Inbox=>(message 945)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)
    Mis à jour

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Inbox=>(message 945)
    Mis à jour

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Inbox
    Mis à jour

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Trash=>(message 367)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip=>Details.txt .exe
    Infecté par: Win32.Netsky.AA@mm

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Trash=>(message 367)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip=>Details.txt .exe
    Echec de la désinfection

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Trash=>(message 367)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip=>Details.txt .exe
    Supprimé

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Trash=>(message 367)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)=>Details.zip
    Mis à jour

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Trash=>(message 367)=>[Subject: Document][Date: Fri, 10 Aug 2007 14:24:15 +0200]=>(MIME part)
    Mis à jour

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Trash=>(message 367)
    Mis à jour

    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\Trash
    Mis à jour




    AVG - S

    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 16:10:07 06/02/2008

    + Résultat de l'analyse:



    C:\Documents and Settings\Magali\Cookies\magali@adrevolver[1].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@media.adrevolver[2].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@media.adrevolver[4].txt -> TrackingCookie.Adrevolver : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@advertising[3].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@smartadserver[3].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
    C:\Documents and Settings\Magali\Cookies\magali@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Nettoyé.


    Fin du rapport

    a b 8 Sécurité
    6 Février 2008 16:50:10

    Fais le ménage dans tes mails Thunderbird.
    6 Février 2008 17:08:58

    j'y ai pensé mais il n'y en a aucun qui date du jour de l'infection repéré par bitdefender... ni qui porte ce nom de sujet... je ne vois pas trop comment faire.
    a b 8 Sécurité
    6 Février 2008 17:15:37

    Vide le dossier suivant alors :
    C:\Documents and Settings\Magali\Application Data\Thunderbird\Profiles\yvkoepxs.default\Mail\localhost-2\
    6 Février 2008 17:28:10

    j'ai fait un peu de ménage mais je vois pas. J'ai suivi tes conseils et supprimé ces fichiers, merci. Ca suffit tu crois?
    6 Février 2008 17:30:40

    Galère... j'ai suivi les conseils de ton post antivirus et j'ai donc viré avast et mis antivir... je fais un scan actuellement et il a déjà trouvé 10 fichiers infectés!!! data.cab pour le premier... je peux mettre le rapport quand il aura fini et demandé conseil, tjs sans ouvrir de nvu post? Merci
    a b 8 Sécurité
    6 Février 2008 17:34:02

    Oui.
    6 Février 2008 18:41:46

    voila, le rapport de Antivir... alors? encore des vilains trucs dans mon pc!! merci de vos conseils.




    AntiVir PersonalEdition Classic
    Report file date: mercredi 6 février 2008 17:28

    Scanning for 1094707 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Username: SYSTEM
    Computer name: SONYSZ3XP

    Version information:
    BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
    AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
    AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
    LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
    LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
    ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 15:53:02
    ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 15:53:02
    ANTIVIR3.VDF : 7.0.2.100 330752 Bytes 06/02/2008 15:53:02
    AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 06/02/2008 15:53:03
    AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
    AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
    AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/02/2008 15:53:03
    AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
    AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
    AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
    NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
    RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
    RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 6 février 2008 17:28

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'iexplore.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtProc.exe' - '1' Module(s) have been scanned
    Scan process 'TosOBEX.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHSP.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtHid.exe' - '1' Module(s) have been scanned
    Scan process 'TosA2dp.exe' - '1' Module(s) have been scanned
    Scan process 'TosBtMng.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
    Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'avgas.exe' - '1' Module(s) have been scanned
    Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
    Scan process 'WrtProc.exe' - '1' Module(s) have been scanned
    Scan process 'WrtMon.exe' - '1' Module(s) have been scanned
    Scan process 'SSMMgr.exe' - '1' Module(s) have been scanned
    Scan process 'zlclient.exe' - '0' Module(s) have been scanned
    Scan process 'jusched.exe' - '1' Module(s) have been scanned
    Scan process 'menusw.exe' - '1' Module(s) have been scanned
    Scan process 'Switcher.exe' - '1' Module(s) have been scanned
    Scan process 'Dot1XCfg.exe' - '1' Module(s) have been scanned
    Scan process 'ISBMgr.exe' - '1' Module(s) have been scanned
    Scan process 'SPMgr.exe' - '1' Module(s) have been scanned
    Scan process 'VCUServe.exe' - '1' Module(s) have been scanned
    Scan process 'EOUWiz.exe' - '1' Module(s) have been scanned
    Scan process 'iFrmewrk.exe' - '1' Module(s) have been scanned
    Scan process 'ZCfgSvc.exe' - '1' Module(s) have been scanned
    Scan process 'ApntEx.exe' - '1' Module(s) have been scanned
    Scan process 'ico.exe' - '1' Module(s) have been scanned
    Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
    Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
    Scan process 'Apoint.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
    Scan process 'igfxext.exe' - '1' Module(s) have been scanned
    Scan process 'VzFw.exe' - '1' Module(s) have been scanned
    Scan process 'VzCdbSvc.exe' - '1' Module(s) have been scanned
    Scan process 'VCSW.exe' - '1' Module(s) have been scanned
    Scan process 'VESMgr.exe' - '1' Module(s) have been scanned
    Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
    Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '0' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'vsmon.exe' - '0' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
    Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    61 processes with 61 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '40' files ).


    Starting the file scan:

    Begin scan in 'C:\' <VAIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80015AFF-0000-0000-25AE-612E6BDE8F45}\DATA.CAB
    [0] Archive type: CAB (Microsoft)
    --> RESOURCE1
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.YL
    --> RESOURCE2
    [DETECTION] Is the Trojan horse TR/Zlob.431
    --> RESOURCE3
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
    --> RESOURCE4
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
    --> RESOURCE5
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
    [INFO] The file was moved to '47fde097.qua'!
    C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80015B00-0000-0000-29BD-0F481B5001B9}\DATA.CAB
    [0] Archive type: CAB (Microsoft)
    --> RESOURCE1
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.Gen
    [INFO] The file was moved to '47fde09e.qua'!
    C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80015B00-0000-0000-4707-BA504669EF20}\DATA.CAB
    [0] Archive type: CAB (Microsoft)
    --> RESOURCE1
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.YL
    --> RESOURCE2
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.YL
    --> RESOURCE3
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.YL
    --> RESOURCE4
    [DETECTION] Is the Trojan horse TR/Dldr.Zlob.YL
    [INFO] The file was moved to '47fde09f.qua'!
    C:\Documents and Settings\All Users\Application Data\Microsoft\OneCare Protection\Quarantine\{80016553-0000-0000-4995-94D833983AE7}\DATA.CAB
    [0] Archive type: CAB (Microsoft)
    --> RESOURCE9
    [DETECTION] Is the Trojan horse TR/Zlobie.A.2
    [INFO] The file was moved to '467c74b0.qua'!
    C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <VAIO>


    End of the scan: mercredi 6 février 2008 18:39
    Used time: 1:10:47 min

    The scan has been done completely.

    7240 Scanning directories
    437487 Files were scanned
    11 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    4 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    437476 Files not concerned
    7955 Archives were scanned
    3 Warnings
    10 Notes

    a b 8 Sécurité
    6 Février 2008 18:43:28

    Encore des soucis ?
    6 Février 2008 18:47:39

    ben oui... enfin mon pc fonctionne mais comment est-ce possible que chq antivirus détecte deps hier un virus ou cheval de troie différent à chaque scan... tu crois que cette fois je suis nickel? Merci pour ton suivi!
    6 Février 2008 18:54:21

    zut et zut!!! là, il me fait des trucs bizarres dans thunderbird, il avait supprimé tous mes messages de ma boite de réception de mon adresse hotmail et il est en train de me télécharger 104 messages qui étaient je pense restés dans hotmail... Il y a qqs tps j'ai été piraté par une boite chinoise qui vendait des ordi sur cette adresse, j'ai changé mes mots de passe mais tu crois qu'ils ont aussi mis des espions dans mon pc? Merci!!!
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS