[resolu]Eradication Vundo

[psykopat67]

ok ;o)

 

**supprime c:\SDFix

 

**desinstalle ComboFix de cette maniere, copie\colle dans executer la ligne ci dessous et tape "enter"

 

Combo-Fix /u

 

**c'est le rapport de 07:51:55 qu'il faut que tu m'heberges STP ;o)

 

**supprime cette valeur registre en gras:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04188b12

 

Je n'ai pas ce fichier dans les rep c:\Qoobox

[psykopat67]

ok ;o)

 

**supprime c:\SDFix

 

**c'est le rapport de 07:51:55 qu'il faut que tu m'heberges STP ;o)

 

**desinstalle ComboFix de cette maniere, copie\colle dans executer la ligne ci dessous et tape "enter"

 

Combo-Fix /u

**supprime cette valeur registre en gras:

 

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\04188b12

 

Désinstallation ComboFix = OK

Clé de registre = OK

[angelique]

bon tu as desinstallé ComboFix c'est parfait ^^; devait y avoir en c:\ un rapport ComboFix1.txt , mais il a du etre viré.

 

**derniere etape:

 

* Fais un scan en ligne Kaspersky avec IE

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Clique sur Accept

* Une barre jaune va te demander si tu acceptes d'installer le Kavwebscan_Unicode.cab, installe l'Active X.

* clique une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patiente un moment

* Clique sur Next.

* Clique sur My Computer, le scan se met en route; attends la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

 

===poste le rapport

 

===tuto >> http://bibou0007.com/tutos-et-lexique-f45/...online-t394.htm

[psykopat67]

Rapport Kasperky

Pas de problème pour les virus trouvé sur F: - une fois C: réglé et ghosté , je le formate

 

Pat

 

 

Thursday, February 21, 2008 3:57:11 PM

Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 21/02/2008

Kaspersky Anti-Virus database records: 574259

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

A:\

C:\

D:\

E:\

F:\

G:\

H:\

Scan Statistics

Total number of scanned objects 84454

Number of viruses found 6

Number of infected objects 34

Number of suspicious objects 0

Duration of the scan process 01:02:34

 

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2008-02-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\CSDB\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\CSDB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\CSDB\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\CSDB\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\CSDB\Local Settings\Historique\History.IE5\MSHist012008022120080222\index.dat Object is locked skipped

C:\Documents and Settings\CSDB\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\CSDB\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\CSDB\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Canon\iW DM\Program\Resource\Userdic.dic Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$CANONIWDM\LOG\ERRORLOG Object is locked skipped

C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe/data0015/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped

C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe/data0015 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped

C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe NSIS: infected - 2 skipped

C:\Program Files\Rippackv3\Logiciels\codec\DivX5.02\DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped

C:\Program Files\Rippackv3\Logiciels\codec\DivX5.02\DivXPro502GAINBundle.exe Vise: infected - 1 skipped

C:\Program Files\themexp\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\l5p4tm99.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_358.dat Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\insta_iw\iR C3380_C2880Series\g794frx.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\IndexSys\IndexSysInterface\Setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\IndexSys\Setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\instmsia.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\instmsiw.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Gateway V4.0.0\setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\instmsia.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\instmsiw.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MDAC26\mdac_typ_fr.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\INSTMSI.EXE Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\InstMsi20.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\INSTMSIW.EXE Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\MSI\InstMsiW20.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\MSDE2000\FRENCH\SETUP.EXE Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Document Manager Workgroup V4.0.3\Setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Web Document Server V4.0.3\instmsia.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Web Document Server V4.0.3\instmsiw.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\iW DM Workgroup V4.0\iW Web Document Server V4.0.3\Setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\Patch et Service Pack\iW Document Manager\iWDM4SP2FR\Setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\Patch et Service Pack\iW Gateway\iWGW4_SP1\iW Gateway 4 SP1.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\Patch et Service Pack\iW Scan Manager\iWSM4_SP2\setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\insta_iw\Patch et Service Pack\iW Scan Manager\iWSM4_SP3\setup.exe Infected: Virus.Win32.Tenga.a skipped

F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar/Outil pour avoir windows original/outils/2Changer de clef XP.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

F:\sauve\jean 2007\Nouveau dossier\Outil pour avoir windows original.rar RAR: infected - 4 skipped

Scan process completed.

[angelique]

bon OK , tu formateras F: via executer---diskmgmt.msc un simple clic droit formater sur la barre representant F: le permettra par contre tu as bien repéré les infections restantes sur c:\

 

*desinstalle Rippackv3 via ajout\suppression de programmes ainsi que themexp et MultiMedia France Toolbar s'ils y sont

 

supprime ces dossier en gras ci dessous::

 

C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe/data0015/data0005 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped

C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe/data0015 Infected: not-a-virus:AdWare.Win32.Shopper.l skipped

C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe NSIS: infected - 2 skipped

C:\Program Files\Rippackv3\Logiciels\codec\DivX5.02\DivXPro502GAINBundle.exe/Gain_Trickler.exe Infected: not-a-virus:AdWare.Win32.Gator.3202 skipped

C:\Program Files\Rippackv3\Logiciels\codec\DivX5.02\DivXPro502GAINBundle.exe Vise: infected - 1 skipped

C:\Program Files\themexp\Themexp.org File\Ezthemes_WhenUSaveNow_InstallerInst.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

[psykopat67]

Bien noté, je te remercie pour tout

 

 

Patrick

[angelique]

desinstalle kaspersky online via ajout|supp. e programmes

 

Poste un dernier rapport HJT pour verification ;o)

[psykopat67]

Formatage de f: - passage de 2 anti virus et 2 en ligne (kaspersy et secuser)

+ anti spyware + un ghost pour sécuriser

 

Le pC est nickel et tourne comme un avion

 

Un grand merci - chapeau bas

 

Pat

[angelique]

bon ok!! , j'edite ton sujet comme [resolu] de ce pas alors ;o)