infections virus

[Invité oceanie]

bonjour à tous,

 

après un scan en ligne avec kaspersky, 1 virus et autres sont dans mon ordinateur... je joint la copie du scan de kaspersky :

 

-------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER REPORT

Monday, May 05, 2008 7:33:04 PM

Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 5/05/2008

Kaspersky Anti-Virus database records: 740943

-------------------------------------------------------------------------------

 

Scan Settings:

Scan using the following antivirus database: extended

Scan Archives: true

Scan Mail Bases: true

 

Scan Target - My Computer:

A:\

C:\

D:\

E:\

 

Scan Statistics:

Total number of scanned objects: 111596

Number of viruses found: 1

Number of infected objects: 4

Number of suspicious objects: 0

Duration of the scan process: 01:41:17

 

Infected Object Name / Virus Name / Last Action

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Sohany S\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Temp\BCG1F.tmp Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Temp\BCG20.tmp Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Temp\BCG2F.tmp Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Documents and Settings\Sohany S\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Sohany S\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Sohany S\ntuser.dat.LOG Object is locked skipped

C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{5DB2306D-54AF-47EF-83EC-D729703A8840}\RP87\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\S4A70CBFE.tmp Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\Incoming2\logiciels\Paint.Shop.Pro.9.Fr.POU64.par.www.emule-mania.com.rar/Jasc_Paint_Shop_Pro_v9 FR/PSP900frTR.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped

E:\Incoming2\logiciels\Paint.Shop.Pro.9.Fr.POU64.par.www.emule-mania.com.rar RAR: infected - 1 skipped

E:\save ancien ordi\music\Incoming3\Paint.Shop.Pro.9.Fr.POU64.par.www.emule-mania.com.rar/Jasc_Paint_Shop_Pro_v9 FR/PSP900frTR.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped

E:\save ancien ordi\music\Incoming3\Paint.Shop.Pro.9.Fr.POU64.par.www.emule-mania.com.rar RAR: infected - 1 skipped

 

Scan process completed.

 

quelqu'un peut m'aider pour nettoyer mon ordinateur correctement et m'expliquer comment je dois faire pour le décontaminer ?

 

merci pour les réponses à venir

 

oceanie

[angelique]

ouaip facile !!

 

• desinstalle emule via ajout\supp de programmes

 

http://forum.zebulon.fr/prevention-le-p2p-...ces-t85544.html

 

• Télécharger OTMoveIt2 par OldTimer.

 

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

 

* Enregistrer ce fichier sur le Bureau.

* Faire un double clic sur OTMoveIt2.exe pour lancer l'exécution de l'outil. (Note: Si vous utilisez Vista, faire un clic droit sur le fichier puis choisir Exécuter en tant qu'administrateur).

* Copier les lignes de la zone "Code" ci-dessous dans le Presse-papiers en les sélectionnant TOUTES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier):

E:\Incoming2\logiciels
EmptyTemp

* Retourner dans la fenêtre de OTMoveIt2, faire un clic droit dans la zone "Paste List of Files/Folders to Move" ) puis choisir Coller.

* Cliquer sur le bouton rouge Moveit!.

* Copier tout ce qui se trouve dans la zone Results (sous la barre verte) dans le Presse-papiers en sélectionnant TOUTES LES LIGNES puis en appuyant simultanément sur les touches CTRL et C (ou, après les avoir sélectionnées, en faisant un clic droit puis en choisissant Copier), et coller ces résulats en réponse sur le forum.

* Fermer OTMoveIt2

 

Note: Si un fichier ou un dossier ne peut pas être déplacé immédiatement, un redémarrage sera peut-être nécessaire afin de terminer le processus de déplacement. Si le redémarrage de la machine vous est demandé, choisir Oui/Yes. Dans ce cas, après le redémarrage, ouvrir le Bloc-notes (Démarrer->Tous les programmes->Accessoires->Bloc-notes), cliquer sur Fichier->Ouvrir, dans la zone "Nom du fichier" taper *.log et appuyer sur la touche Entrée, naviguer jusqu'au dossier C:\_OTMoveIt\MovedFiles, puis ouvrir le fichier .log le plus récent; ensuite faire un copier/coller du contenu de ce document en réponse sur le forum.

[Invité oceanie]

bonsoir,

 

merci pour l'aide apportée... excuses pour le 2ème message posté après avoir découvert votre réponse. C'est la première fois que je fais appel à zébulon et je ne sais pas encore très bien faire mes recherches et je pensai que le premier message n'était pas passé.

 

avant de lire votre message, j'avais déjà supprimé le fichier compressé non ouvert infecté... quand à emule cela fait longtemps qu'il n'est plus dans mon ordi

 

voici le résultat avec OTMoveIt2 + un message d'erreur

 

E:\Incoming2\logiciels\limewire pro moved successfully.

E:\Incoming2\logiciels moved successfully.

< EmptyTemp >

File delete failed. C:\DOCUME~1\SOHANY~1\LOCALS~1\Temp\BCG1F.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\SOHANY~1\LOCALS~1\Temp\BCG20.tmp scheduled to be deleted on reboot.

File delete failed. C:\DOCUME~1\SOHANY~1\LOCALS~1\Temp\BCG2F.tmp scheduled to be deleted on reboot.

Temp folders emptied.

IE temp folders emptied.

File/Folder C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped not found.

File/Folder C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped not found.

File/Folder C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped not found.

File/Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped not found.

File/Folder C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped not found.

File/Folder C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Cookies\index.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Local Settings\Historique\History.IE5\index.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Local Settings\Temp\BCG1F.tmp Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Local Settings\Temp\BCG20.tmp Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Local Settings\Temp\BCG2F.tmp Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\NTUSER.DAT Object is locked skipped not found.

File/Folder C:\Documents and Settings\Sohany S\ntuser.dat.LOG Object is locked skipped not found.

File/Folder C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped not found.

File/Folder C:\Program Files\ESET\logs\virlog.dat Object is locked skipped not found.

File/Folder C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped not found.

File/Folder C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped not found.

File/Folder C:\System Volume Information\_restore{5DB2306D-54AF-47EF-83EC-D729703A8840}\RP87\change.log Object is locked skipped not found.

File/Folder C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped not found.

File/Folder C:\WINDOWS\S4A70CBFE.tmp Object is locked skipped not found.

File/Folder C:\WINDOWS\SchedLgU.Txt Object is locked skipped not found.

File/Folder C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped not found.

File/Folder C:\WINDOWS\Sti_Trace.log Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\default Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\default.LOG Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\Internet.evt Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\OSession.evt Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\SAM Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\SECURITY Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\software Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\software.LOG Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\system Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\config\system.LOG Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\h323log.txt Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped not found.

File/Folder C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped not found.

File/Folder C:\WINDOWS\wiadebug.log Object is locked skipped not found.

File/Folder C:\WINDOWS\wiaservc.log Object is locked skipped not found.

File/Folder C:\WINDOWS\WindowsUpdate.log Object is locked skipped not found.

File/Folder E:\System Volume Information\_restore{5DB2306D-54AF-47EF-83EC-D729703A8840}\RP87\change.log Object is locked skipped not found.

< E:\Incoming2\logiciels\Paint.Shop.Pro.9.Fr.POU64.par.www.emule-mania.com.rar/Jasc_Paint_Shop_Pro_v9 FR/PSP900frTR.exe Infected: not-a-virus:FraudTool.Win32.SpywareDetector.d skipped >

 

 

MESSAGE D'ERREUR :

 

invalide time flag! [PSP900frTR.exe Infected : not-a-virus:FraudTool.win32.spywareDetector.d skipped] Most be numerical

 

 

dois-je faire quelque chose ?

 

encore merci pour votre aide

 

oceanie

[angelique]

heu!! je t'ai jamais dis de coller le rapport de kaspersky dans OTMoveIt

 

supprime le gras E:\Incoming2 , E:\save ancien ordi\music\Incoming3 dans ce cas là et la sauvegarde de OTMoveIt C:\_OTMoveIt et ça devrait aller.

[Invité oceanie]

excuses, je n'avais pas compris ce qu'il fallait faire alors... j'ai fait ce qui était précisé précédemment et j'ai refait un scan en ligne avec kaspersky et plus d'infection. Il semblerait que le problème soit résolu

 

encore merci

Océanie