Infection Antivir xp 2008 & Trojans + rapport HijackThis

[sylvain1479]

Bonsoir,

 

J'ai également eu droit à ce fake grossier, mais ne parviens pas à m'en débarrasser...aussi des trojans sont venus dans la foulée

Grâce aux conseils très utiles du forum, j'ai remplacé Avast! par Antivir qui semble avoir stoppé l'infection. Ci dessous les malwares mis en quarantaine avec scan en mode sans échec :

Tr/Dldr.FraudLoa.NC Trojan; Tr/Peed.A.661 Trojan

 

Fini le message "1359 viruses found" à côté de l'horloge, mais toujours le fond d'écran bleu, la présence du-dit "logiciel" Antivirus xp...et des ralentissements excessifs.

Sur vos recommandations, j'ai aussi mis Zone Alarm en remplacement du firewall windows.

 

Ensuite, redémarrge normal et installation de HijackThis qui a généré ce rapport:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:56:19, on 18/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S370.tmp" /EF "HKCU"

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll

O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 9203 bytes

 

 

Pouvez vous m'indiquer comment me débarrasser de ces malwares pour de bon S.V.P. ?

Merci d'avance

[Falkra]

Bonjour,

 

tu as bien fait, et Antivir et bien travaillé.

 

Voici de quoi compléter le boulot;

 

Télécharge Malwarebytes' Anti-Malware (MBAM)

 

• Double clique sur le fichier téléchargé pour lancer le processus d'installation.
  
• Dans l'onglet "Mise à jour", clique sur le bouton "Recherche de mise à jour": si le pare-feu demande l'autorisation à MBAM de se connecter, accepte.
  
• Une fois la mise à jour terminée, rends-toi dans l'onglet "Recherche".
  
• Sélectionne "Exécuter un examen rapide"
  
• Clique sur "Rechercher"
  
• L'analyse démarre, le scan est relativement long, c'est normal.
  
• A la fin de l'analyse, un message s'affiche :

  L'examen s'est terminé normalement. Clique sur 'Afficher les résultats' pour afficher tous les objets trouvés.

  Clique sur "Ok" pour poursuivre. Si MBAM n'a rien trouvé, il te le dira aussi.
  
• Ferme tes navigateurs.
  
• Si des malwares ont été détectés, clique sur Afficher les résultats.
  Sélectionne tout (ou laisse coché) et clique sur Supprimer la sélection, MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
  
• MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Copie-colle ce rapport et poste-le dans ta prochaine réponse.
  

 

NB : si MBAM te demande à redémarrer, fais-le après avoir posté ton rapport.

Après le redémarrage, poste un nouveau rapport hijackThis stp, qui suivra le rapport de MBAM.

[sylvain1479]

Bonjour Falkra,

 

 

MBAM a réveillé 3 Trojans qu'à en suite décelé Avira Antivir. Je les ai mis en quarantaine. Je peux effacer ces 3 et les 2 trojans d'hier de la quarantaine d'antivir ?

 

Ci dessous le rapport MBAM - qui a fait du bon boulot! ; le rapport HijackThis va suivre dans un instant :

 

Malwarebytes' Anti-Malware 1.25

Version de la base de données: 1070

Windows 5.1.2600 Service Pack 2

 

10:17:17 19/08/2008

mbam-log-08-19-2008 (10-17-16).txt

 

Type de recherche: Examen rapide

Eléments examinés: 44129

Temps écoulé: 14 minute(s), 19 second(s)

 

Processus mémoire infecté(s): 0

Module(s) mémoire infecté(s): 0

Clé(s) du Registre infectée(s): 2

Valeur(s) du Registre infectée(s): 0

Elément(s) de données du Registre infecté(s): 0

Dossier(s) infecté(s): 12

Fichier(s) infecté(s): 12

 

Processus mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Module(s) mémoire infecté(s):

(Aucun élément nuisible détecté)

 

Clé(s) du Registre infectée(s):

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhccnuj0e30l (Rogue.Multiple) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Valeur(s) du Registre infectée(s):

(Aucun élément nuisible détecté)

 

Elément(s) de données du Registre infecté(s):

(Aucun élément nuisible détecté)

 

Dossier(s) infecté(s):

C:\Program Files\rhccnuj0e30l (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Autorun (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Autorun\HKCU (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Autorun\HKLM (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\BrowserObjects (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\rhccnuj0e30l\Quarantine\Packages (Rogue.Multiple) -> Quarantined and deleted successfully.

 

Fichier(s) infecté(s):

C:\Program Files\rhccnuj0e30l\database.dat (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\license.txt (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\MFC71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\MFC71ENU.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\msvcp71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\msvcr71.dll (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\rhccnuj0e30l.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\rhccnuj0e30l.exe.local (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Program Files\rhccnuj0e30l\Uninstall.exe (Rogue.Multiple) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> Quarantined and deleted successfully.

C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> Quarantined and deleted successfully.

C:\Documents and Settings\ibm\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> Quarantined and deleted successfully.

[Falkra]

On fera ça après, pour la quarantaine, ils sont au chaud et n'en sortiront pas.

 

Poste un nouveau rapport HijackThis, ça doit aller mieux. Tu peux remettre ton fond d'écran.

[sylvain1479]

Au fait, le "tiercé" de ce matin:

TR/Dldr.small.abcz Trojan - TR/Fakealert.YN1 Trojan - Tr/Dldr.small.euf Trojan ...

 

Le Hijack suit.

[sylvain1479]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:57:06, on 19/08/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16705)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\System32\ibmpmsvc.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\S24EvMon.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\System32\QCONSVC.EXE

C:\WINDOWS\system32\RegSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\TpKmpSVC.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe

C:\IBMTOOLS\UTILS\ibmprc.exe

C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

C:\WINDOWS\system32\RunDll32.exe

C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Winamp\winampa.exe

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll

O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll

O4 - HKLM\..\Run: [s3TRAY2] S3Tray2.exe

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper

O4 - HKLM\..\Run: [TpShocks] TpShocks.exe

O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe

O4 - HKLM\..\Run: [TP4EX] tp4ex.exe

O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [uC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe

O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r

O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe

O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe

O4 - HKLM\..\Run: [iBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe

O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE

O4 - HKLM\..\Run: [bMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor

O4 - HKLM\..\Run: [bMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE

O4 - HKLM\..\Run: [bMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor

O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S370.tmp" /EF "HKCU"

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll

O9 - Extra 'Tools' menuitem: IBM Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\IBM\Java141\jre\bin\NPJPI141.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [JAVA_IBM] Java (IBM)

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe

O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe

O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)

O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE

O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe

O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe

O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 9236 bytes

[Falkra]

Au fait, le "tiercé" de ce matin:

TR/Dldr.small.abcz Trojan - TR/Fakealert.YN1 Trojan - Tr/Dldr.small.euf Trojan ...

Dans l'ordre ça rapport combien ?

 

Le rapport est clean et ne montre plus d'infection active. Il peut y avoir des fichiers résiduels (certainement), donc je te recommande un scan complet avec Antivir. (mets-le à jour avant, surtout)

 

Double-clique sur son icône près de l'horloge, cela ouvre l'interface principale, puis clique sur "Scan system now" à droite de "Last complete system scan".

/!\ Cela peut être long.

Tu peux sauvegarder le rapport en fin de parcours (bouton "Report").

 

Si Antivir détecte des fichiers infectés, mets en quarantaine (choisis "Move to quarantine" dans la liste des actions. Tu peux automatiser ce type d'action en cochant une case), comme ci dessous :

 

Cela permet de ne pas rester à la surveiller.

[sylvain1479]

Dans l'ordre ça rapport combien ?

Il faut voir ça avec ceux qui lancent des saletés de trojans et malwares comme antivir xp08 ! Avast! m'a fait rater la course et Avira me l'a montré en différé

 

En effet le scan Avira antivir fut un peu long...En plus mon PC n'est pas des plus rapides (15mins pour démarrer, ça donne une idée).

 

Un ver se trouvait sur ma clé usb, et 9 infections détectées - voir le rapport ci dessous- ...dont les Trojan déjà cités! Est-ce normal

 

 

Avira AntiVir Personal

Report file date: Tuesday, August 19, 2008 11:42

 

Scanning for 1562934 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: IBM-5FE39F06C97

 

Version information:

BUILD.DAT : 8.1.0.331 16934 Bytes 8/12/2008 11:46:00

AVSCAN.EXE : 8.1.4.7 315649 Bytes 6/26/2008 08:57:53

AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/26/2008 07:56:40

LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 12:44:19

LUKERES.DLL : 8.1.4.0 12033 Bytes 5/26/2008 07:58:52

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 10:33:34

ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 6/24/2008 13:54:15

ANTIVIR2.VDF : 7.0.6.10 2587136 Bytes 8/14/2008 16:04:03

ANTIVIR3.VDF : 7.0.6.32 159232 Bytes 8/19/2008 09:30:42

Engineversion : 8.1.1.23

AEVDF.DLL : 8.1.0.5 102772 Bytes 7/9/2008 08:46:50

AESCRIPT.DLL : 8.1.0.68 315770 Bytes 8/19/2008 07:23:58

AESCN.DLL : 8.1.0.23 119156 Bytes 8/18/2008 16:04:24

AERDL.DLL : 8.1.0.20 418165 Bytes 7/9/2008 08:46:50

AEPACK.DLL : 8.1.2.1 364917 Bytes 8/18/2008 16:04:23

AEOFFICE.DLL : 8.1.0.22 192890 Bytes 8/19/2008 07:23:57

AEHEUR.DLL : 8.1.0.50 1388918 Bytes 8/19/2008 07:23:55

AEHELP.DLL : 8.1.0.15 115063 Bytes 7/9/2008 08:46:50

AEGEN.DLL : 8.1.0.36 315764 Bytes 8/19/2008 07:23:52

AEEMU.DLL : 8.1.0.7 430452 Bytes 8/18/2008 16:04:11

AECORE.DLL : 8.1.1.8 172406 Bytes 8/18/2008 16:04:10

AEBB.DLL : 8.1.0.1 53617 Bytes 4/24/2008 08:50:42

AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/9/2008 08:40:05

AVPREF.DLL : 8.0.2.0 38657 Bytes 5/16/2008 09:28:01

AVREP.DLL : 8.0.0.2 98344 Bytes 8/18/2008 16:04:05

AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 11:26:40

AVARKT.DLL : 1.0.0.23 307457 Bytes 2/12/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 12:27:49

SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 17:28:02

SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 12:49:40

NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 12:05:10

RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 13:48:07

RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 13:34:37

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:,

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: Tuesday, August 19, 2008 11:42

 

The scan of running processes will be started

Scan process 'avwsc.exe' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned

Scan process 'DLG.exe' - '1' Module(s) have been scanned

Scan process 'E_FATICEE.EXE' - '1' Module(s) have been scanned

Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'zlclient.exe' - '0' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'winampa.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'UNavTray.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'QCWLICON.EXE' - '1' Module(s) have been scanned

Scan process 'ibmprc.exe' - '1' Module(s) have been scanned

Scan process 'TpScrex.exe' - '1' Module(s) have been scanned

Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned

Scan process 'ibmmessages.exe' - '1' Module(s) have been scanned

Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned

Scan process 'EzEjMnAp.Exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned

Scan process 'TpShocks.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'TpKmpSvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned

Scan process 'QCONSVC.EXE' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'rrpcsb.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'vsmon.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

54 processes with 54 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '78' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <IBM_PRELOAD>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048706.scr

[DETECTION] Is the TR/Peed.A.661 Trojan

[NOTE] The file was moved to '48daa8dd.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048707.exe

[DETECTION] Is the TR/Dldr.FraudLoa.NC Trojan

[NOTE] The file was moved to '48daa8de.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048753.exe

[DETECTION] Is the TR/Dldr.Small.euf Trojan

[NOTE] The file was moved to '48daa8e4.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048754.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '48daa8e6.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048755.DLL

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49df7f1f.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048756.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '48daa8e7.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048757.dll

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49df7f10.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048758.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '48daa8e8.qua'!

C:\System Volume Information\_restore{DAAD8284-5896-4B40-A753-8454BDC2E5A5}\RP179\A0048759.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '49df7f11.qua'!

 

 

End of the scan: Tuesday, August 19, 2008 13:33

Used time: 1:51:07 Hour(s)

 

The scan has been done completely.

 

7423 Scanning directories

323206 Files were scanned

9 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

9 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

323195 Files not concerned

10750 Archives were scanned

2 Warnings

9 Notes

 

 

Aussi, Antivir xp2008 est toujours présent dans le menu démarrer.

Je supprime les raccourcis manuellement (shift sup)?

[Falkra]

Il faut nettoyer tes clés USB. Essaie Antivir dans un premier temps.

 

 

Aussi, Antivir xp2008 est toujours présent dans le menu démarrer.

Je supprime les raccourcis manuellement (shift sup)?

Oui, ce ne sont que des restes inoffensifs (pas de fichier en face de ces raccourcis), mais à virer.

[sylvain1479]

Bonsoir Falkra,

 

Le ver était sur la clé, mais les

9 infections détectées - voir le rapport ci dessous- ...dont les Trojan déjà cités! Est-ce normal icon_confused.gif

étaient bel et bien sur le répertoire C:/ déjà scanné, d'où mon étonnement !

 

Du coup j'ai reconfiguré Antivir comme indiqué à la page: http://speedweb1.free.fr/frames2.php?page=tuto5 ,

et vais lancer un scan complet en mode sans échec...car il se pourrait bien que mes points de restauration soient eux aussi infectés !

 

Ensuite je ferai un Hijack en mode normal et te transmets les 2 rapports demain matin.

 

En tout cas, merci pour ton aide et ton suivi - tu m'as déjà permis de bien avancer