nombreux virus dans dossier incoming emule

yobuly · le 16 mars 2008

salut tout le monde c'est la 1ere fois que je m'inscris sur votre forum et je suis pas trop doué donc voila ce qui m'arrive :

j'ai téléchargé un fichier adobe audition mais quand je l'ai ouvert ça m'a installé de nombreux fichiers winrar et quand je les supprime ils reviennent tous le temps c'est toute une liste de virus, malware,cheval de troie et autres, aidez moi svp parce que je m'en sors pas j'ai vu sur votre forum que c'etait arrivé a un menbre donc j'ai suivi le debut de la procedure en telechargeant hijackthist, je vous envoie mon rapport. merci d'avance

Logfile of HijackThis v1.99.1

Scan saved at 15:40:35, on 16/03/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe

C:\Program Files\Fichiers communs\AOL\1182891333\ee\AOLSoftware.exe

C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\AOL 9.0 VR\waol.exe

C:\PROGRA~2\FICHIE~1\AOL\ACS\AOLacsd.exe

C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\wanmpsvc.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\iPod\bin\iPodService.exe

c:\program files\fichiers communs\aol\1182891333\ee\services\antiSpywareApp\ver2_0_28_1\AOLSP Scheduler.exe

c:\program files\fichiers communs\aol\1182891333\ee\aolsoftware.exe

C:\Program Files\AOL 9.0 VR\shellmon.exe

C:\Program Files\Fichiers communs\AOL\Topspeed\3.0\aoltpsd3.exe

C:\Program Files\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll

O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O4 - HKLM\..\Run: [AOLSAV] C:\PROGRA~2\TECHCI~1\AOLSAV\AOLAgent.exe

O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe

O4 - HKLM\..\Run: [speedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Fichiers communs\AOL\1182891333\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [avast!] C:\PROGRA~2\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VR\AOL.EXE" -b

O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O8 - Extra context menu item: &Recherche AOL Toolbar - c:\program files\aol\aol toolbar 4.0\resources\fr-FR\local\search.html

O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm

O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx

O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/229?ad2c6ac256c740c2a470c30799271a6d

O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan - res://C:\Program Files\Windows Live Toolbar\Components\fr-fr\msntabres.dll.mui/230?ad2c6ac256c740c2a470c30799271a6d

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1183289442359

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://express.foto.com/NewUploader/ImageUploader4.cab

O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://www.touslesdrivers.com/fichiers/har...on.cab?version=

O17 - HKLM\System\CCS\Services\Tcpip\..\{B4C28BCC-72B9-45FC-B592-DE4B86D5307A}: NameServer = 86.64.145.143 84.103.237.143

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\PROGRA~2\FICHIE~1\AOL\ACS\AOLacsd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Gothic_Ted · le 16 mars 2008

Salut,

Je ne sais pas si quelqu'un va t'aider, tout ce qui touche au téléchargement P2P est strictement interdit ici...

Amicalement.

pear · le 16 mars 2008

Bonjour,

Il n'y rien de particulier dans ce rapport.

Vider la corbeille.

* Faire un scan en ligne Kaspersky

http://www.kaspersky.com/kos/eng/partner/d...kavwebscan.html

* Cliquer sur Accept

* Une barre jaune va demander d'accepter l'installation de Kavwebscan_Unicode.cab, installer l'Active X.

* cliquer une nouvelle fois sur "Accept"

* Les bases de mises à jour vont s'installer, patienter un moment

* Cliquer sur Next.

* Cliquer sur My Computer, le scan se met en route;

attendre la fin du scan sans fermer la fenêtre sinon il s'arrêtera.

A la fin du scan, si des objets infectés sont découverts, cliquer sur Save report as... Choisirr bureau et nomme le rapport "rapport Kaspersky" et dans le champ d'enregistrement, choisir "fichiers texte" enregistrer le rapport.

Copier/coller l'entièreté du fichier texte ouvert, par clic droit dessus, sélectionner tout/copier.

Coller ce rapport dans la réponse sur le forum.

Aide en cas de problème :Cybersécurité

http://cybersecurite.xooit.com/t100-Scan-e...spersky.htm#768

NOTE: Le scan est à faire avec Internet Explorer.

yobuly · le 16 mars 2008

merci de m'avoir repondu je tous transmets le rapport kaspersky,merci d'avance.

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Sunday, March 16, 2008 8:10:38 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 16/03/2008

Kaspersky Anti-Virus database records: 633666

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

Scan Statistics:

Total number of scanned objects: 51533

Number of viruses found: 2

Number of infected objects: 8

Number of suspicious objects: 0

Duration of the scan process: 01:52:47

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\ph Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\ACS\1.0\variable Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\idb\SNMaster.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\idb\VaTeFairFout\mydb.idx Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\idb\VaTeFairFout\style.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\idb\VaTeFairFout\toolbar.lst Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\organize\CACHE\vatefairfo01 Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\organize\vatefairfout Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\organize\vatefairfout.abi Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\C_AOL 9.0 VR\organize\vatefairfout.aby Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstderr.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\aolstdout.txt Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\cache.db Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\ncoc Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\3.0\server.lock Object is locked skipped

C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\AOL\C_AOL 9.0 VR\IDB\Apps.Lst Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\AOL\C_AOL 9.0 VR\IDB\art.idx Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\AOL\C_AOL 9.0 VR\IDB\sap.dat Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\AOL\C_AOL 9.0 VR\IDB\spool.lst Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\AOL\C_AOL 9.0 VR\IDB\sysnews.lst Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\cert8.db Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\history.dat Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\key3.db Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\parent.lock Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\search.sqlite Object is locked skipped

C:\Documents and Settings\JR EWING\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\JR EWING\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Application Data\AOL\UserProfiles\All Users\cls\common.cls Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Application Data\Mozilla\Firefox\Profiles\in29kqb2.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Temp\hsperfdata_JR EWING\3268 Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Temp\Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\Documents and Settings\JR EWING\Local Settings\Temp\TEMP1.ZIP/Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\Documents and Settings\JR EWING\Local Settings\Temp\TEMP1.ZIP CAB: infected - 1 skipped

C:\Documents and Settings\JR EWING\Local Settings\Temp\temp_01.exe Infected: Trojan.Win32.Agent.ftz skipped

C:\Documents and Settings\JR EWING\Local Settings\Temp\~DF849.tmp Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\JR EWING\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\JR EWING\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\JR EWING\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{8E43679D-D683-44E0-9C40-421ED4E266F5}\RP144\A0027189.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\System Volume Information\_restore{8E43679D-D683-44E0-9C40-421ED4E266F5}\RP150\A0028552.exe Infected: Trojan.Win32.Agent.ftz skipped

C:\System Volume Information\_restore{8E43679D-D683-44E0-9C40-421ED4E266F5}\RP150\A0028555.exe Infected: Trojan.Win32.Agent.ftz skipped

C:\System Volume Information\_restore{8E43679D-D683-44E0-9C40-421ED4E266F5}\RP152\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{48658E4A-0074-488E-92FD-DCA788F545BD}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\WinSecure.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\WINDOWS\Temp\Perflib_Perfdata_584.dat Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Gothic_Ted · le 17 mars 2008

Salut,

reboot en mode sans echec,

effaces:

C:\Documents and Settings\JR EWING\Local Settings\Temp\Installer-Crack-Keygen.exe

C:\Documents and Settings\JR EWING\Local Settings\Temp\TEMP1.ZIP

C:\Documents and Settings\JR EWING\Local Settings\Temp\TEMP1.ZIP CAB

C:\Documents and Settings\JR EWING\Local Settings\Temp\temp_01.exe

C:\WINDOWS\system32\WinSecure.exe

Désactives la restauration systeme.

et normalement ça devrai etre bon.

Amicalement.

yobuly · le 17 mars 2008

merci de m'avoir aider, apparemment ça a l'air bon j'ai suivi vos instructions et ça fonctionne.

merci.

midnighter · le 19 mars 2008

Bonjour

Installe antivir et configure le bien ( en activant notamment la recherche de rootkit). tu peux aller sur le site de malekal:

http://www.malekal.com/tutorial_antivir.php

Installe AVG (antispyware) en version 7.5 (gratuite) ou 8.0 (plus complète mais payante).

Pour ma part j'utilise uniquement le pare feu de windows XP et ca va. Mais il en existe d'autre comme zone alarm, jetico ou encore sunbelt kerio firewall (que je conseille car il est plutot simple d'utilisation)

pour plus d'information sur les virus voir ici:

http://forum.zebulon.fr/index.php?showtopic=133909

Enfin pour supprimer les fenetres intempestives, tu peux utiliser smitfraud fix:

http://www.zebulon.fr/dossiers/66-smitfraudfix.html

alexlec · le 26 mars 2008

Moi aussi j'ai le meme probleme dans Incoming plein d'archive chaque jour ( 1.2go)

Voila mon rapport mais par contre je sait pas comment les effacer en mode sans échec :

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Wednesday, March 26, 2008 7:30:51 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 26/03/2008

Kaspersky Anti-Virus database records: 664400

-------------------------------------------------------------------------------

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

Scan Target - My Computer:

A:\

C:\

D:\

E:\

F:\

G:\

H:\

I:\

Scan Statistics:

Total number of scanned objects: 193941

Number of viruses found: 5

Number of infected objects: 13

Number of suspicious objects: 0

Duration of the scan process: 02:27:43

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\cert8.db Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\history.dat Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\key3.db Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\parent.lock Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\search.sqlite Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Application Data\Mozilla\Firefox\Profiles\7laoaorr.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Historique\History.IE5\MSHist012008032620080327\index.dat Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Temp\hpodvd09.log Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Temp\Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Temp\TEMP1.ZIP/Installer-Crack-Keygen.exe Infected: P2P-Worm.Win32.Archivarius.a skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Temp\TEMP1.ZIP CAB: infected - 1 skipped

C:\Documents and Settings\Lecomte Alexis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Lecomte Alexis\ntuser.dat.LOG Object is locked skipped