[resolu]Problèmes de vers et trojans

[POURKOI!!!!]

Bonjour à tous,

Voilà je travail dans l'humanitaire et j'ai un parc informatique de 5 laptops et 2 desk à gérer.

Les ordi sont neufs mais il y eu des transferts de virus par clés USB. Il faut que vous m'aidiez avant que je ne soit débordé, merci d'avance.

J'ai fais une analyse Highjack:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:52:29, on 17/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [system12] C:\WINDOWS\system32\ne0kS.exe

O4 - HKLM\..\Run: [system64] C:\WINDOWS\system32\ne0kS.dll.wsf

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 5830 bytes

[POURKOI!!!!]

Ah oui pardon, j'ai oublié de dire, j'ai un problème pour afficher mes fichiers cachés, je ne sais pas quoi faire, merci d'avance!!!

[POURKOI!!!!]

Bonjour à tous, je suis désolé de revenir si vite mais le problème persiste et grandi, si quelqu'un peut m'aider

Merci d'avance!!!

[angelique]

tu as quelques infections localisées là::

 

*relance HJT "do a system scan only", coche uniquement et clic fixchecked les lignes ci dessous::

 

O4 - HKLM\..\Run: [system12] C:\WINDOWS\system32\ne0kS.exe

O4 - HKLM\..\Run: [system64] C:\WINDOWS\system32\ne0kS.dll.wsf

O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe

 

*-Télécharge OTMoveIt (par OldTimer). Sauvegarde-le sur ton Bureau.

 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe

 

* Copie le texte ci-bas ET RIEN D'AUTRE!!!(sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :

 

C:\WINDOWS\system32\ne0kS.exe
C:\WINDOWS\system32\ne0kS.dll.wsf
C:\WINDOWS\system32\amvo.exe

 

 

* Double-clique sur OTMoveIt.exe afin de lancer le programme.

* Assure toi que la case "Unregister Dll's and Ocx's" soit bien cochée

* Fais un Clique-droit sur le cadre de gauche puis choisis Coller.

* Clique à présent sur le bouton "MoveIt!".

 

Un rapport va être créé, il se trouve dans C:\_OTMoveIt\MovedFiles\

Le nom du rapport est la date de sa création.Poste le

 

*telecharge sur ton bureau::

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

@ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

----Poste un nouveau rapport HJT avec le rapport OTMoveit

[POURKOI!!!!]

Bonjour, merci pour la réponse,

j'ai un problème pour OTMoveit, il est impossible de créer le fichier de destination alors je te poste quand même le rapport Hijack.

J'ai aussi fais un scan en ligna avec Bitdefender, il a trouvé deux trojan qu'il n'a pas réussi à désinfecter.

Merci encore!!

 

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:17:37, on 22/01/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\Program Files\Symantec AntiVirus\SavRoam.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

C:\Program Files\Nero\Nero 7\InCD\InCD.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

C:\PROGRA~1\MOZILL~1\FIREFOX.EXE

C:\Program Files\hijackthis\HijackThis.exe

 

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe

O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe

O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

--

End of file - 6129 bytes

[angelique]

j'ai un problème pour OTMoveit, il est impossible de créer le fichier de destination

 

c'est à dire??? il se trouve dans C:\_OTMoveIt\MovedFiles\ le rapport , ne l'as tu pas??

 

sinon, affiche dossiers et fichiers cachés via poste de travail ,outils, option des dossiers, affichage, cocher afficher dossiers et fichiers cachés, appliquer\et vas y de mano supprimer ::

 

C:\WINDOWS\system32\ne0kS.exe

C:\WINDOWS\system32\ne0kS.dll.wsf

C:\WINDOWS\system32\amvo.exe

 

**ou bien ::

 

Télécharge Killbox et decompresse le sur ton bureau

 

http://www.downloads.subratam.org/KillBox.zip

 

 

 

 

* Copie le texte ci-bas (sélectionne-le en entier avec ta souris, puis fais un clic-droit dessus et choisis "Copier") :

 

C:\WINDOWS\system32\ne0kS.exe
C:\WINDOWS\system32\ne0kS.dll.wsf
C:\WINDOWS\system32\amvo.exe

 

Ouvre Killbox:

 

Clique sur le menu "File" de KillBox (en haut à gauche) et choisis l'option => Paste from clipboard

 

Sous "Full Path Of File To Delete" les fichiers viennent de s'inscrire: il faut t'en assurer en cliquant sur la petite flèche à droite!

 

Coche les cases : "Delete on Reboot" & "Unregister Dll Before Deleting" .

 

Une fois le bouton radio "Delete on Reboot" coché, la case "Single File" va clignoter: clique sur la case "All Files"

 

Clique sur la croix blanche sur fond rouge , au message suivant qui va s'afficher:

 

 

« File will be Removed on Reboot, Do you want to reboot now ? » : répondre YES

Le PC va redémarrer et supprimer le fichier de la liste.Sinon redémarre manuellement.

 

**le rapport à poster se situera en c:\!killbox

 

----------------------------

J'ai aussi fais un scan en ligna avec Bitdefender, il a trouvé deux trojan qu'il n'a pas réussi à désinfecter.

 

Si tu ne donnes aucune localisation|directory et type de fichier que bitdefender te trouve , ça va etre difficile de t'aider ;o)

 

** * Fais un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

*tuto> http://www.pcinfo-web.com/tutoriaux/37-1-1...ine-Scanner.php

*poste le rapport généré.

[POURKOI!!!!]

Salut,

désolé je me suis mal exprimé tout a l'heure, en fait c le logiciel qui n'a pas voulu créer le dossier de destination, j'ai suivi tes commandes pourtant.

 

2ème pb: je n'arrive pas à copier/coller les trois fichier que tu me donnes pour killbox , il ne m'en copie qu'un seul. J'ai tout essayé, mais sous "Full Path of File to Delete" il n'y qu'un fichier.

 

J'ai quand meme effectué la manip, voici le rapport plus bas.

 

 

Ensuite, j'ai essayé une analyse en ligne mais il s'est bloqué sur 13min pendand une heure donc je réessayerais demain et je te remet ca.

 

Je te met le rapport kan même, désolé!!!

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:38 PM

 

Killbox Closed(Exit) @ 6:38:40 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:39 PM

 

Killbox Closed(Exit) @ 6:41:38 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:41 PM

 

Killbox Closed(Exit) @ 6:42:14 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:42 PM

 

Killbox Closed(Exit) @ 6:43:29 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:43 PM

 

Killbox Closed(Exit) @ 6:44:03 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:44 PM

 

Killbox Closed(Exit) @ 6:44:25 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:44 PM

 

Killbox Closed(Exit) @ 6:46:10 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:46 PM

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:46 PM

 

Killbox Closed(Exit) @ 6:46:20 PM

__________________________________________________

 

Killbox Closed(Exit) @ 6:48:15 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:48 PM

 

Killbox Closed(Exit) @ 6:48:44 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:48 PM

 

Killbox Closed(Exit) @ 6:53:35 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:53 PM

 

Killbox Closed(Exit) @ 6:54:09 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:54 PM

 

Killbox Closed(Exit) @ 6:56:58 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 6:57 PM

 

Killbox Closed(Exit) @ 6:59:29 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 7:00 PM

 

Killbox Closed(Exit) @ 7:01:11 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 7:01 PM

 

# 1 [Delete on Reboot]

Path = C:\WINDOWS\system32\amvo.exe

 

 

I Rebooted @ 7:02:14 PM

Killbox Closed(Exit) @ 7:02:15 PM

__________________________________________________

 

Pocket Killbox version 2.0.0.648

Running on Windows XP as HP COMPAQ(Administrator)

was started @ mardi, janvier 22, 2008, 7:08 PM

 

# 1 [Delete on Reboot]

Path = C:\WINDOWS\system32\ne0kS.exe

 

 

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 7:09:11 PM

Killbox Closed(Exit) @ 7:09:15 PM

__________________________________________________

 

 

KASPERSKY ONLINE SCANNER REPORT

Tuesday, January 22, 2008 9:58:44 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 22/01/2008

Kaspersky Anti-Virus database records: 527121

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

C:\

D:\

E:\

 

Scan Statistics

Total number of scanned objects 3792

Number of viruses found 6

Number of infected objects 9

Number of suspicious objects 0

Duration of the scan process 00:27:14

 

Infected Object Name Virus Name Last Action

C:\!KillBox\amvo.exe Infected: Worm.Win32.AutoRun.cas skipped

 

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineC080000\4F98CB10.VBN Infected: Email-Worm.Win32.VB.cb skipped

 

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineC100000\4F9DAC78.VBN Infected: Email-Worm.Win32.VB.cb skipped

 

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineC100001\4F9DAC7F.VBN Infected: Trojan.Win32.StartPage.ajh skipped

 

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD300000\4FB5A93B.VBN Infected: Email-Worm.Win32.VB.cb skipped

 

C:\Documents and Settings\HP COMPAQ\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\History\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\History\History.IE5\MSHist012008012220080123\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temp\h4j.dll Infected: Worm.Win32.AutoRun.cbi skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temp\p.dll Infected: Rootkit.Win32.Vanti.hq skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temp\pku5kehx.dll Infected: Rootkit.Win32.Vanti.hl skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temporary Internet Files\Content.IE5\HF55P47J\help[1].exe Infected: Worm.Win32.AutoRun.cbi skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

Scan was interrupted by user!

[angelique]

Pourquoi as tu interrompu le scan??

 

1/supprime c:\!killbox

 

2/vide ta quarantaine de symantec

 

3/telecharge sur ton bureau::

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner::

----------------

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

4/ouvre une invite de commande [executer---CMD] et vide lecontenu de[temp] (Local settings\temp)comme ci dessous en respectant les espaces les lignes ci dessous::

 

==> la touche "tab" te permet une fois la 1ere lettre tapé d'afficher le bon repertoire apres cd.... !

 

Microsoft Windows XP [version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\phreak>cd "Local Settings"

C:\Documents and Settings\phreak\Local Settings>cd temp

C:\Documents and Settings\phreak\Local Settings\Temp>del *.*
C:\Documents and Settings\phreak\Local Settings\Temp\*.*, êtes-vous sûr (O/N) ?
o

C:\Documents and Settings\phreak\Local Settings\Temp>exit

 

phreak est le nom d'user sur ce PC pour toi c'est "HP COMPAQ"::

 

donc à l'invite tape::

 

cd local settings [ou cd lettre L+touche tab]

cd temp

del /q /f *.*

del *.*

exit

 

 

 

http://img144.imageshack.us/img144/6963/plopja6.jpg

 

**refais un scan kaspersky online COMPLET!! et poste le rapport suite à ces manips.

[POURKOI!!!!]

Salut Angelique;

Pardon mais en plus g oublié de préciser, je suis en RDCongo et la connection n'est pas très bonne surtout que l'on fonctionne à l'aide d'un générateur!! En fait je n'ai pas pu empêcher l'arrêt du scan.

Je l'ai fais en plein ce matin, voici le rapport; merci

 

KASPERSKY ONLINE SCANNER REPORT

Wednesday, January 23, 2008 3:42:02 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 23/01/2008

Kaspersky Anti-Virus database records: 528041

 

 

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

 

Scan Target My Computer

C:\

D:\

E:\

 

Scan Statistics

Total number of scanned objects 45085

Number of viruses found 8

Number of infected objects 50

Number of suspicious objects 0

Duration of the scan process 01:32:12

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

 

C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineC100001\4F9DAC7F.VBN Infected: Trojan.Win32.StartPage.ajh skipped

 

C:\Documents and Settings\HP COMPAQ\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\History\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\History\History.IE5\MSHist012008012320080124\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temp\pku5kehx.dll Infected: Rootkit.Win32.Vanti.hl skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temporary Internet Files\Content.IE5\HF55P47J\bind[1].htm Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\HP COMPAQ\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

 

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

 

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

 

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

 

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\eengine\EPERSIST.DAT Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

 

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

 

C:\Program Files\Symantec AntiVirus\SAVRT73NAV~.TMP Object is locked skipped

 

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP32\A0010637.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP33\A0010674.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010736.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010754.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010779.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010810.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP35\A0010823.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP35\A0011838.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011848.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011864.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011881.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011898.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP37\A0011906.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP37\A0011974.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0011981.com Infected: Worm.Win32.AutoRun.cas skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0012001.bat Infected: Worm.Win32.AutoRun.bnw skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0012123.exe Infected: Worm.Win32.AutoRun.cas skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0012131.dll Infected: Trojan-PSW.Win32.OnLineGames.pcf skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0012132.com Infected: Worm.Win32.AutoRun.cas skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012140.com Infected: Worm.Win32.AutoRun.cbi skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012160.dll Infected: Trojan-PSW.Win32.OnLineGames.pcf skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012163.com Infected: Worm.Win32.AutoRun.cbi skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012167.exe Infected: Worm.Win32.AutoRun.cbi skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012168.dll Infected: Worm.Win32.AutoRun.cbi skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012175.exe Infected: Worm.Win32.AutoRun.cas skipped

 

C:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\change.log Object is locked skipped

 

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

 

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

 

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

 

C:\WINDOWS\Internet Logs\HP-E46196DC0CC0.ldb Object is locked skipped

 

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

 

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

 

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

 

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

 

C:\WINDOWS\system32\amvo.exe Infected: Trojan-PSW.Win32.OnLineGames.pfm skipped

 

C:\WINDOWS\system32\amvo1.dll Infected: Trojan-PSW.Win32.OnLineGames.pfm skipped

 

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\default Object is locked skipped

 

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

 

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

 

C:\WINDOWS\system32\config\SAM Object is locked skipped

 

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

 

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\software Object is locked skipped

 

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

 

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

 

C:\WINDOWS\system32\config\system Object is locked skipped

 

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

 

C:\WINDOWS\system32\h323log.txt Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

 

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

 

C:\WINDOWS\Temp\ZLT075f8.TMP Object is locked skipped

 

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

 

C:\xn1i9x.com Infected: Trojan-PSW.Win32.OnLineGames.pfm skipped

 

D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP32\A0010639.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP33\A0010676.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010738.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010756.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010781.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP34\A0010812.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP35\A0010825.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP35\A0011840.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011850.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011866.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011883.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP36\A0011900.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP37\A0011908.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP37\A0011976.inf Infected: Worm.Win32.AutoRun.bnq skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0011983.com Infected: Worm.Win32.AutoRun.cas skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0012002.bat Infected: Worm.Win32.AutoRun.bnw skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP38\A0012134.com Infected: Worm.Win32.AutoRun.cas skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012142.com Infected: Worm.Win32.AutoRun.cbi skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\A0012165.com Infected: Worm.Win32.AutoRun.cbi skipped

 

D:\System Volume Information\_restore{11442793-0DC6-4421-A2E8-C835561768B0}\RP39\change.log Object is locked skipped

 

D:\xn1i9x.com Infected: Trojan-PSW.Win32.OnLineGames.pfm skipped

 

Scan process completed.

[angelique]

1/supprime::

 

C:\xn1i9x.com

C:\WINDOWS\system32\amvo.exe

C:\WINDOWS\system32\amvo1.dll

 

2/refait ce que j'ai dis dans mon message precedent car ça n'a pas été fait ;o)

 

3/les points de restaurations infectés se resolvent de cette maniere,desactive et reactive la restau systeme::

 

http://service1.symantec.com/SUPPORT/INTER...020830101856924