infecté par win32:small-JMH - Page 2 - Le Forum de Génération Nouvelles Technologies

rdb84 · 28/04/2008, 16h49

Voilà le rapport MSNFix 1.712 :

C:\HJT\MSNFix\MSNFix
Fix exécuté le 28/04/2008 - 16:27:50,50 By Reine
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\funnymovies.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

/!\ ... C:\WINDOWS\system32\W),WW,,),WW)W))),WW)),))W,W))) ,)WW)))WW.exe
.. OK ... WW)),))W,W))),)WW)))WW.exe
.. OK ... C:\WINDOWS\system32\funnymovies.txt

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

Aucun Fichier trouvé
.. OK ... C:\WINDOWS\system32\W),WW,,),WW)W))),WW)),))W,W))) ,)WW)))WW.exe

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28042008_16345984.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: Mode Maintenance
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

angelique · 28/04/2008, 16h51

et un nouveau rapport HijackThis stp!!

rdb84 · 28/04/2008, 16h53

Et:
Send big files the easy way. Files too large for email attachments? No problem!

angelique · 28/04/2008, 17h01

ok!

• vire avast pour antivir:

- Malekal's forum - forum d'aide informatique • Voir le sujet - Abandonner Avast! pour Antivir

tuto antivir--> Tuto antivir - libellules.ch

• Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/R...ools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire en c:\SDFix.

• telecharge: http://www.symantec.com/content/en/u...s/FixBlast.exe

Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur.

**execute fixblast.exe

** Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
* Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
* Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.(laisse le s'executer sans rien toucher!!)
* Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.(ne touche à rien!!laisse le faire)
* Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
* Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

Au reboot , poste le rapport SDFix et fait un scan antivir, tu posteras aussi son rapport

rdb84 · 28/04/2008, 20h51

Voici le rapport SDFix:

SDFix: Version 1.176
Run by Reine on 28/04/2008 at 20:01
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

Checking Files :
Trojan Files Found:
C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted
C:\WINDOWS\system32\TFTP1992 - Deleted

Removing Temp Files
ADS Check :

Final Check :
catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 20:19:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS \\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*

isabled:Windows© NetMeeting©"
"C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe:*:Enabled:Age of Mythology"
"C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\ \system32\\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:*

isabled:R ealPlayer"
"C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"="C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat:*:Enabled:La Bataille pour la Terre du Milieu(tm)"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe:*:Enabled:Ex‚cuter une DLL en tant qu'application"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe:*:Enabled:pandora"
"C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection. exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection. exe:*:Enabled:pandora_detection"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Documents and Settings\\Reine\\Local Settings\\Temporary Internet Files\\Content.IE5\\PR7FXHSE\\eMulePlus-1.2a.Binary[1]\\eMule.exe"="C:\\Documents and Settings\\Reine\\Local Settings\\Temporary Internet Files\\Content.IE5\\PR7FXHSE\\eMulePlus-1.2a.Binary[1]\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Documents and Settings\\Reine\\Mes documents\\eMulePlus-1.2a.Binary\\eMule.exe"="C:\\Documents and Settings\\Reine\\Mes documents\\eMulePlus-1.2a.Binary\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd:*:Enabled:Age of Empires II Expansion"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Documents and Settings\\Louis\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball .exe"="C:\\Documents and Settings\\Louis\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball .exe:*:Enabled:PowerFootball"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :

File Backups: - C:\SDFix\SDFix\backups\backups.zip
Files with Hidden Attributes :
Tue 12 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Sat 5 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Victor\Mes documents\Cornouailles_fichiers\~WRL0494.tmp"
Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c 90c17af214c8eeab40b9fcf4\BIT3F.tmp"
Thu 25 May 2006 19,456 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL0003.tmp"
Thu 25 May 2006 20,992 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL1718.tmp"
Thu 25 May 2006 20,480 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL2754.tmp"
Thu 25 May 2006 19,968 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL2947.tmp"
Sat 5 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL0653.tmp"
Mon 4 Feb 2008 208,896 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL1116.tmp"
Mon 4 Feb 2008 178,176 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL2476.tmp"
Sat 5 Jan 2008 36,864 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL2583.tmp"
Sat 5 Jan 2008 45,056 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL3501.tmp"
Sat 5 Jan 2008 26,624 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL3802.tmp"
Mon 4 Feb 2008 46,080 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL4008.tmp"
Finished!

rdb84 · 28/04/2008, 22h53

Et voilà le report d'Antivir... il semblerait que tout ne soit pas encore éradiqué...

Mais en tout cas merci de m'aider!

Avira AntiVir Personal
Report file date: lundi 28 avril 2008 20:52
Scanning for 1243285 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BERNIS
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 16:35:25
ANTIVIR3.VDF : 7.0.3.224 212992 Bytes 28/04/2008 16:35:26
Engineversion : 8.1.0.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.27 233851 Bytes 28/04/2008 16:35:33
AESCN.DLL : 8.1.0.14 119156 Bytes 28/04/2008 16:35:32
AERDL.DLL : 8.1.0.20 418165 Bytes 28/04/2008 16:35:32
AEPACK.DLL : 8.1.1.2 364917 Bytes 28/04/2008 16:35:31
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 28/04/2008 16:35:30
AEHEUR.DLL : 8.1.0.20 1196406 Bytes 28/04/2008 16:35:29
AEHELP.DLL : 8.1.0.14 115063 Bytes 28/04/2008 16:35:28
AEGEN.DLL : 8.1.0.18 299381 Bytes 28/04/2008 16:35:27
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 28/04/2008 16:35:27
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: lundi 28 avril 2008 20:52
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'hposts08.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned
Scan process 'TrayMin200.exe' - '1' Module(s) have been scanned
Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned
Scan process 'hpobnz08.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'wcescomm.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'DevDetect.exe' - '1' Module(s) have been scanned
Scan process 'VM_STI.EXE' - '1' Module(s) have been scanned
Scan process 'qttask.exe' - '1' Module(s) have been scanned
Scan process 'mmtask.exe' - '1' Module(s) have been scanned
Scan process 'WpsC3Psw.EXE' - '1' Module(s) have been scanned
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'sointgr.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'fxssvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '41' files ).

Starting the file scan:
Begin scan in 'C:\' <BOOT>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Louis\Mes documents\Mes fichiers reçus\photo album.zip
[0] Archive type: ZIP
--> photo album2007.pif
[DETECTION] Is the Trojan horse TR/Agent.24772
[NOTE] The file was moved to '48852bf5.qua'!
C:\Documents and Settings\Reine\Bureau\catchme.zip
[0] Archive type: ZIP
--> W),WW,,),WW)W))),WW)),))W,W))),)WW)))WW.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> W),WW,,),WW)W))),WW)),))W,W))),)WW)))WW.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '488a2c4e.qua'!
C:\RECYCLER\S-1-5-21-618608351-3168192334-1982873589-1005\Dc26.IE5\KPMR4TIV\trace[1].htm
[DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen
[NOTE] The file was moved to '4877325d.qua'!
C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1126\A0291283.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48483333.qua'!
C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1131\A0293410.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '4848334b.qua'!
C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1131\A0293411.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '4848334e.qua'!
C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1131\A0293429.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48483352.qua'!
Begin scan in 'D:\' <BACKUP>
Begin scan in 'E:\' <RECOVER>

End of the scan: lundi 28 avril 2008 22:48
Used time: 1:55:49 min
The scan has been done completely.
9540 Scanning directories
354282 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
354274 Files not concerned
8304 Archives were scanned
3 Warnings
7 Notes

angelique · 29/04/2008, 06h41

si c'est ok desormais ;o)

• vide la quarantaine d'antivir

• supprime C:\SDFix ainsi que MSNFix

• clic droit propriétés et met en lecture seule\appliquer le fichier en gras:

C:\WINDOWS\system32\drivers\etc\hosts

et c'est fini ^^

rdb84 · 29/04/2008, 10h36

Ok j'ai tout fait.
Juste une précision au sujet de:
" • clic droit propriétés et met en lecture seule\appliquer le fichier en gras:
C:\WINDOWS\system32\drivers\etc\hosts"

Je suis allée dans C: puis system32...etc jusqu'à Hosts, là j'ai cliqué droit sur propriétés, et j'ai mis en lecture seule. Il y avait d'autres fichiers hosts avec, mais lorsque je vérifie les propriétés du fichier C:\WINDOWS\system32\drivers\etc, il est en lecture seule en totalité.
Est-ce que c'est ok?
(Désolée, j'applique, mais je ne comprends pas tout! loin de là!)

Dernière question, est-ce que les fichiers envoyés via MSN sont dangereux, et est-ce qu'il vaut mieux demander plutot des envois par mail?

angelique · 29/04/2008, 18h47

hosts en lecture seule pour eviter toute modifs!! soucis de securité car SDFix ne le attrib +r pas

SDFix: Version 1.176
Run by Reine on 28/04/2008 at 20:01
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix\SDFix
Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting

rdb84 · 30/04/2008, 22h30

Euh... là je n'ai pas tout compris!
Mais si vous jugez que je suis hors de danger... alors tout va bien!
En tous cas je vous remercie vraiment fort pour votre aide.
Vous et vos collègues "les anges gardiens du web" êtes de vrais pros toujours prêts à épauler des plus abattus... Merci! et j'espère à pas trop bientôt!

28/04/2008, 16h51	#12 (permalink)
angelique Angel¤Helper Date d'inscription: juin 2005 Localisation: bzh 22 Messages: 1 797 Pouvoir de réputation: 113	et un nouveau rapport HijackThis stp!! __________________ ATFCleaner Navilog1 SmitfraudFix sysclean.com lptXXX.zip alcanshorty.bfu egdaccess.bfu BFU toolbar.bfu

28/04/2008, 17h01	#14 (permalink)
angelique Angel¤Helper Date d'inscription: juin 2005 Localisation: bzh 22 Messages: 1 797 Pouvoir de réputation: 113	ok! • vire avast pour antivir: - Malekal's forum - forum d'aide informatique • Voir le sujet - Abandonner Avast! pour Antivir tuto antivir--> Tuto antivir - libellules.ch • Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. http://downloads.andymanchesta.com/R...ools/SDFix.exe Double clique sur SDFix.exe et choisis Install pour l'extraire en c:\SDFix. • telecharge: http://www.symantec.com/content/en/u...s/FixBlast.exe Redémarre en mode Sans Échec : au redémarrage, tapote immédiatement la touche F8 ; tu verras un écran avec choix de démarrages apparaître. Utilisant les flèches du clavier, choisis "Mode Sans Échec" et valide avec "Entrée". Choisis ton compte usuel, et non Administrateur. execute fixblast.exe Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.cmd pour lancer le script. * Appuie sur Y pour commencer le processus de nettoyage. * Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer. * Appuie sur une touche pour redémarrer le PC. * Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.(laisse le s'executer sans rien toucher!!) * Après le chargement du Bureau, l'outil terminera son travail et affichera Finished. * Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.(ne touche à rien!!laisse le faire) * Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt. * Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum Au reboot , poste le rapport SDFix et fait un scan antivir, tu posteras aussi son rapport __________________ ATFCleaner Navilog1 SmitfraudFix sysclean.com lptXXX.zip alcanshorty.bfu egdaccess.bfu BFU toolbar.bfu

28/04/2008, 20h51	#15 (permalink)
rdb84 Novice Date d'inscription: avril 2008 Messages: 15 Pouvoir de réputation: 0	Voici le rapport SDFix: SDFix: Version 1.176 Run by Reine on 28/04/2008 at 20:01 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\SYSTEM32\RNAPH.DLL - Deleted C:\WINDOWS\system32\TFTP1992 - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1353.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-28 20:19:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\standard profile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe::Enabled:Internet Explorer" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe::Enabled:ActiveSync Connection Manager" "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS \\system32\\rtcshare.exe::Enabled:Partage de l'application RTC" "C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:isabled:Windows© NetMeeting©" "C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe"="C:\\Program Files\\Microsoft Games\\Age of Mythology\\aom.exe::Enabled:Age of Mythology" "C:\\WINDOWS\\system32\\fxsclnt.exe"="C:\\WINDOWS\ \system32\\fxsclnt.exe::Enabled:Microsoft Fax Console" "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Progra m Files\\Real\\RealPlayer\\realplay.exe:isabled:R ealPlayer" "C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat"="C:\\Program Files\\EA GAMES\\La Bataille pour la Terre du Milieu(tm)\\game.dat::Enabled:La Bataille pour la Terre du Milieu(tm)" "C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS \\system32\\dpvsetup.exe::Enabled:Microsoft DirectPlay Voice Test" "C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS \\system32\\rundll32.exe::Enabled:Ex‚cuter une DLL en tant qu'application" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\pandora.exe::Enabled:pandora" "C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection. exe"="C:\\Program Files\\Ubisoft\\Splinter Cell Pandora Tomorrow\\Support\\Check_Appli\\pandora_detection. exe::Enabled:pandora_detection" "C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe::Enabled:eMule Plus" "C:\\Documents and Settings\\Reine\\Local Settings\\Temporary Internet Files\\Content.IE5\\PR7FXHSE\\eMulePlus-1.2a.Binary[1]\\eMule.exe"="C:\\Documents and Settings\\Reine\\Local Settings\\Temporary Internet Files\\Content.IE5\\PR7FXHSE\\eMulePlus-1.2a.Binary[1]\\eMule.exe::Enabled:eMule Plus" "C:\\Documents and Settings\\Reine\\Mes documents\\eMulePlus-1.2a.Binary\\eMule.exe"="C:\\Documents and Settings\\Reine\\Mes documents\\eMulePlus-1.2a.Binary\\eMule.exe::Enabled:eMule Plus" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" "C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd::Enabled:Age of Empires II Expansion" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe::Enabled:Skype" "C:\\Documents and Settings\\Louis\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball .exe"="C:\\Documents and Settings\\Louis\\Application Data\\PowerChallenge\\PowerFootball\\PowerFootball .exe::Enabled:PowerFootball" [HKEY_LOCAL_MACHINE\system\currentcontrolset\servic es\sharedaccess\parameters\firewallpolicy\domainpr ofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\syste m32\\sessmgr.exe::enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe::Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe::Enabled:Windows Live Messenger 8.1" "C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe::Enabled:Windows Live Messenger 8.1 (Phone)" Remaining Files : File Backups: - C:\SDFix\SDFix\backups\backups.zip Files with Hidden Attributes : Tue 12 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp" Sat 5 Jan 2008 30,208 ...H. --- "C:\Documents and Settings\Victor\Mes documents\Cornouailles_fichiers\~WRL0494.tmp" Thu 13 Dec 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c 90c17af214c8eeab40b9fcf4\BIT3F.tmp" Thu 25 May 2006 19,456 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL0003.tmp" Thu 25 May 2006 20,992 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL1718.tmp" Thu 25 May 2006 20,480 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL2754.tmp" Thu 25 May 2006 19,968 ...H. --- "C:\Documents and Settings\Louis\Application Data\Microsoft\Word\~WRL2947.tmp" Sat 5 Jan 2008 28,160 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL0653.tmp" Mon 4 Feb 2008 208,896 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL1116.tmp" Mon 4 Feb 2008 178,176 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL2476.tmp" Sat 5 Jan 2008 36,864 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL2583.tmp" Sat 5 Jan 2008 45,056 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL3501.tmp" Sat 5 Jan 2008 26,624 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL3802.tmp" Mon 4 Feb 2008 46,080 ...H. --- "C:\Documents and Settings\Victor\Application Data\Microsoft\Word\~WRL4008.tmp" Finished!

29/04/2008, 06h41	#17 (permalink)
angelique Angel¤Helper Date d'inscription: juin 2005 Localisation: bzh 22 Messages: 1 797 Pouvoir de réputation: 113	si c'est ok desormais ;o) • vide la quarantaine d'antivir • supprime C:\SDFix ainsi que MSNFix • clic droit propriétés et met en lecture seule\appliquer le fichier en gras: C:\WINDOWS\system32\drivers\etc\hosts et c'est fini ^^ __________________ ATFCleaner Navilog1 SmitfraudFix sysclean.com lptXXX.zip alcanshorty.bfu egdaccess.bfu BFU toolbar.bfu

29/04/2008, 18h47	#19 (permalink)
angelique Angel¤Helper Date d'inscription: juin 2005 Localisation: bzh 22 Messages: 1 797 Pouvoir de réputation: 113	hosts en lecture seule pour eviter toute modifs!! soucis de securité car SDFix ne le attrib +r pas SDFix: Version 1.176 Run by Reine on 28/04/2008 at 20:01 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix\SDFix Checking Services : Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting __________________ ATFCleaner Navilog1 SmitfraudFix sysclean.com lptXXX.zip alcanshorty.bfu egdaccess.bfu BFU toolbar.bfu

28/04/2008, 16h49	#11 (permalink)
rdb84 Novice Date d'inscription: avril 2008 Messages: 15 Pouvoir de réputation: 0	Voilà le rapport MSNFix 1.712 : C:\HJT\MSNFix\MSNFix Fix exécuté le 28/04/2008 - 16:27:50,50 By Reine mode normal ********************** Recherche les fichiers présents ... C:\WINDOWS\system32\funnymovies.txt ******************** Recherche les dossiers présents Aucun dossier trouvé ******************** Suppression des fichiers /!\ ... C:\WINDOWS\system32\W),WW,,),WW)W))),WW)),))W,W))) ,)WW)))WW.exe .. OK ... WW)),))W,W))),)WW)))WW.exe .. OK ... C:\WINDOWS\system32\funnymovies.txt ******************** Nettoyage du registre Les fichiers encore présents seront supprimés au prochain redémarrage Aucun Fichier trouvé .. OK ... C:\WINDOWS\system32\W),WW,,),WW)W))),WW)),))W,W))) ,)WW)))WW.exe ******************** Fichiers suspects Aucun Fichier trouvé Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 28042008_16345984.zip ********************** HKLM\...\Winlogon\Userinit Userinit = C:\WINDOWS\system32\userinit.exe, ------------------------------------------------------------------------ Auteur : !aur3n7 Contact: Mode Maintenance ------------------------------------------------------------------------ --------------------------------------------- END ---------------------------------------------

28/04/2008, 16h53	#13 (permalink)
rdb84 Novice Date d'inscription: avril 2008 Messages: 15 Pouvoir de réputation: 0	Et: Send big files the easy way. Files too large for email attachments? No problem!

28/04/2008, 22h53	#16 (permalink)
rdb84 Novice Date d'inscription: avril 2008 Messages: 15 Pouvoir de réputation: 0	Et voilà le report d'Antivir... il semblerait que tout ne soit pas encore éradiqué... Mais en tout cas merci de m'aider! Avira AntiVir Personal Report file date: lundi 28 avril 2008 20:52 Scanning for 1243285 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: BERNIS Version information: BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56 AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37 LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23 LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58 ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 16:35:25 ANTIVIR3.VDF : 7.0.3.224 212992 Bytes 28/04/2008 16:35:26 Engineversion : 8.1.0.35 AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21 AESCRIPT.DLL : 8.1.0.27 233851 Bytes 28/04/2008 16:35:33 AESCN.DLL : 8.1.0.14 119156 Bytes 28/04/2008 16:35:32 AERDL.DLL : 8.1.0.20 418165 Bytes 28/04/2008 16:35:32 AEPACK.DLL : 8.1.1.2 364917 Bytes 28/04/2008 16:35:31 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 28/04/2008 16:35:30 AEHEUR.DLL : 8.1.0.20 1196406 Bytes 28/04/2008 16:35:29 AEHELP.DLL : 8.1.0.14 115063 Bytes 28/04/2008 16:35:28 AEGEN.DLL : 8.1.0.18 299381 Bytes 28/04/2008 16:35:27 AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43 AECORE.DLL : 8.1.0.27 168310 Bytes 28/04/2008 16:35:27 AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53 AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47 AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25 RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, E:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: lundi 28 avril 2008 20:52 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'hposts08.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'hpoevm08.exe' - '1' Module(s) have been scanned Scan process 'TrayMin200.exe' - '1' Module(s) have been scanned Scan process 'hpotdd01.exe' - '1' Module(s) have been scanned Scan process 'hpobnz08.exe' - '1' Module(s) have been scanned Scan process 'BTTray.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned Scan process 'wcescomm.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'DevDetect.exe' - '1' Module(s) have been scanned Scan process 'VM_STI.EXE' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'mmtask.exe' - '1' Module(s) have been scanned Scan process 'WpsC3Psw.EXE' - '1' Module(s) have been scanned Scan process 'realplay.exe' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'sointgr.exe' - '1' Module(s) have been scanned Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'fxssvc.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'btwdins.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 46 processes with 46 modules were scanned Starting master boot sector scan: Master boot sector HD0 [INFO] No virus was found! Master boot sector HD1 [INFO] No virus was found! [WARNING] Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [INFO] No virus was found! Boot sector 'D:\' [INFO] No virus was found! Boot sector 'E:\' [INFO] No virus was found! Starting to scan the registry. The registry was scanned ( '41' files ). Starting the file scan: Begin scan in 'C:\' <BOOT> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Louis\Mes documents\Mes fichiers reçus\photo album.zip [0] Archive type: ZIP --> photo album2007.pif [DETECTION] Is the Trojan horse TR/Agent.24772 [NOTE] The file was moved to '48852bf5.qua'! C:\Documents and Settings\Reine\Bureau\catchme.zip [0] Archive type: ZIP --> W),WW,,),WW)W))),WW)),))W,W))),)WW)))WW.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> W),WW,,),WW)W))),WW)),))W,W))),)WW)))WW.exe.1 [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '488a2c4e.qua'! C:\RECYCLER\S-1-5-21-618608351-3168192334-1982873589-1005\Dc26.IE5\KPMR4TIV\trace[1].htm [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '4877325d.qua'! C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1126\A0291283.com [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '48483333.qua'! C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1131\A0293410.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '4848334b.qua'! C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1131\A0293411.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '4848334e.qua'! C:\System Volume Information\_restore{516609DC-C6E7-4F60-8AED-682A1CD6D5AA}\RP1131\A0293429.exe [DETECTION] Is the Trojan horse TR/Trash.Gen [NOTE] The file was moved to '48483352.qua'! Begin scan in 'D:\' <BACKUP> Begin scan in 'E:\' <RECOVER> End of the scan: lundi 28 avril 2008 22:48 Used time: 1:55:49 min The scan has been done completely. 9540 Scanning directories 354282 Files were scanned 8 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 7 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 354274 Files not concerned 8304 Archives were scanned 3 Warnings 7 Notes

29/04/2008, 10h36	#18 (permalink)
rdb84 Novice Date d'inscription: avril 2008 Messages: 15 Pouvoir de réputation: 0	Ok j'ai tout fait. Juste une précision au sujet de: " • clic droit propriétés et met en lecture seule\appliquer le fichier en gras: C:\WINDOWS\system32\drivers\etc\hosts" Je suis allée dans C: puis system32...etc jusqu'à Hosts, là j'ai cliqué droit sur propriétés, et j'ai mis en lecture seule. Il y avait d'autres fichiers hosts avec, mais lorsque je vérifie les propriétés du fichier C:\WINDOWS\system32\drivers\etc, il est en lecture seule en totalité. Est-ce que c'est ok? (Désolée, j'applique, mais je ne comprends pas tout! loin de là!) Dernière question, est-ce que les fichiers envoyés via MSN sont dangereux, et est-ce qu'il vaut mieux demander plutot des envois par mail?

30/04/2008, 22h30	#20 (permalink)
rdb84 Novice Date d'inscription: avril 2008 Messages: 15 Pouvoir de réputation: 0	Euh... là je n'ai pas tout compris! Mais si vous jugez que je suis hors de danger... alors tout va bien! En tous cas je vous remercie vraiment fort pour votre aide. Vous et vos collègues "les anges gardiens du web" êtes de vrais pros toujours prêts à épauler des plus abattus... Merci! et j'espère à pas trop bientôt!

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email
Modes d'affichage
Mode linéaire Choisir le mode hybride Choisir le mode arborescent

Discussions similaires
Discussion	Auteur	Forum	Réponses	Dernier message
infecté par Bagle	kalliste	Sécurité & virus	14	31/03/2008 11h01
Infesté par Win32:TratBHO	JLM33	Sécurité & virus	1	27/03/2008 09h35
infecté par winantiviruspro	naomy	Sécurité & virus	5	23/03/2007 17h14
Infecté Par Un Cheval De Troyes ?	c.ladire	Windows XP	8	01/12/2004 08h54
Infecté Par Un Ver?	pluton	Sécurité & virus	17	06/08/2003 16h34