Sujet Précédent Sujet Suivant

Infection par TR/Crypt.XDR.Gen

voudet -  
 Utilisateur anonyme -
Bonjour,
J'ai un souci avec un virus depuis quelques jours. Les alertes n'apparaissent que lorsque je suis connectée à Internet et c'est une page de mon antivirus (avira antivir) qui s'ouvre en disant qu'un virus (TR/Crypt.XDR.Gen) a été détecté sur mon ordinateur. J'ai essayé de le mettre en quarantaine ou de le supprimer mais rien ne fonctionne. Je ne suis pas très douée là dedans donc si vous pouviez me filer un petit coup de main ce serait sympa.

9 réponses

Réponse 1 / 9
Utilisateur anonyme
 
bonsoir :

Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

Télécharges :
Malwarebytes ou :
Malwarebytes

* Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

* Potasses le Tuto pour te familiariser avec le prg :

( cela dis, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

* Lance Malwarebyte's .

Fais un examen dit "Complet" .

--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "résultat" .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

0
voudet
 
Bonjour,
J'ai fait le scan ce matin et voilà le rapport:

Malwarebytes' Anti-Malware 1.35
Version de la base de données: 1938
Windows 5.1.2600 Service Pack 3

04/04/2009 11:09:20
mbam-log-2009-04-04 (11-09-20).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 137201
Temps écoulé: 29 minute(s), 51 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 8
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcr1cj0er1q (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Je n'ai pas eu d'avertissement ce matin. Est ce que ça signifie que je suis débarassée du virus complètement?

Merci pour ton aide
0
Réponse 2 / 9
Utilisateur anonyme
 
salut non on va encore en trouver avec ca :

Télécharge Superantispyware (SAS)

Choisis "enregistrer" et enregistre-le sur ton bureau.

Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

Créé une icône sur le bureau.

Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

- Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
- Sous Configuration and Preferences, clique sur le bouton "Preferences"
- Clique sur l'onglet "Scanning Control "
- Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining
- Laisse les autres lignes décochées.

- Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

- Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

Dans la colonne de gauche, coche C:\Fixed Drive.

Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

Pour recopier les informations sur le forum, fais ceci :

- après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
- Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
- Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

- Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

- Copie son contenu dans ta réponse.

Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
0
voudet
 
Ca y est le scan SAS est enfin terminé, voilà le rapport:

SUPERAntiSpyware Scan Log
https://www.superantispyware.com/

Generated 04/04/2009 at 02:54 PM

Application Version : 4.26.1000

Core Rules Database Version : 3829
Trace Rules Database Version: 1785

Scan type : Complete Scan
Total Scan Time : 01:01:38

Memory items scanned : 607
Memory threats detected : 0
Registry items scanned : 6219
Registry threats detected : 36
File items scanned : 63447
File threats detected : 7

Adware.IWantSearchBar
HKLM\Software\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib
HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID
HKCR\ToolBand.ToolBandObj.1
HKCR\ToolBand.ToolBandObj.1\CLSID
HKCR\ToolBand.ToolBandObj
HKCR\ToolBand.ToolBandObj\CLSID
HKCR\ToolBand.ToolBandObj\CurVer
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS
HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR
C:\WINDOWS\SYSTEM32\TOOLBAND.DLL
HKU\S-1-5-21-2655035948-2815736752-3059105838-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKU\S-1-5-21-2655035948-2815736752-3059105838-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid32
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib
HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib#Version

Adware.HotBar/ShopperReports (Low Risk)
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

Adware.Zango/ShoppingReport
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}

Adware.Tracking Cookie
C:\Documents and Settings\Virginie\Cookies\virginie@bluestreak[1].txt
C:\Documents and Settings\Virginie\Cookies\virginie@serving-sys[2].txt
C:\Documents and Settings\Virginie\Cookies\virginie@bs.serving-sys[2].txt
C:\Documents and Settings\Virginie\Cookies\virginie@doubleclick[1].txt
C:\Documents and Settings\Virginie\Cookies\virginie@atdmt[2].txt
C:\Documents and Settings\Virginie\Cookies\virginie@revsci[2].txt

Rootkit.TDSServ
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys

Cette fois ce sera bon?
Merci pour ton aide en tout cas, je sais pas comment j'aurais fait sans toi
0
Réponse 3 / 9
Utilisateur anonyme
 
ton pc etait tres infecté je préfère que nous continuions une procedure normale afin de le rendre sain :)

Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

! Déconnecte toi et ferme toutes tes applications en cours !

Double-clique sur " RSIT.exe " pour le lancer .

-> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

* Devant l'option "List files/folders created ..." , tu choisis : 2 months

* clique ensuite sur " Continue " pour lancer l'analyse ...

-> laisse faire le scan et ne touche pas au PC ...

Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

Important : poste un rapport, puis l'autre dans la réponse suivante
Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
0
Réponse 4 / 9
julien
 
bonjour, alors voilà moi aussi j'ai un problème avec TR/Crypt.XDR.Gen - Trojan .
je n'arrive pas à m'en débarrasser. e-ce possible sans formater svp ?
0
julien
 
voici le rapport:


Avira AntiVir Personal
Report file date: samedi 11 avril 2009 19:22

Scanning for 1347111 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MINSAT-4250FA9F

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 17:41:22
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 08:58:44
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 08:58:45
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 08:58:45
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:45:34
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:15:18
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 07:58:21
ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 11/04/2009 17:02:35
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 20:01:34
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 11:17:01
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 11:17:00
AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 17:44:25
AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 11:16:59
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 18:23:13
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 11:16:59
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 18:23:08
AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 11:16:57
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:59:35
AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 11:16:55
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:59:33
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 08:58:44
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 08:58:44
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 09:00:13
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 08:58:44
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 08:58:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 08:58:45
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 08:58:39
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 08:58:39

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 11 avril 2009 19:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'phil et pat.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
68 processes with 68 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\phil et pat\Local Settings\Temporary Internet Files\Content.IE5\P9D9SWSF\sdsetup[1].exe
[WARNING] The file could not be opened!
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
[0] Archive type: CAB (Microsoft)
--> JSByteCodeWin.bin
[WARNING] The file could not be written!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114978.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd44.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114979.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd46.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114980.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd48.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114981.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd4b.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114982.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd4e.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114983.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd50.qua'!


End of the scan: samedi 11 avril 2009 20:37
Used time: 1:15:02 Hour(s)

The scan has been done completely.

9453 Scanning directories
360653 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
360645 Files not concerned
2686 Archives were scanned
7 Warnings
6 Notes
0
julien
 
voici le rapport:


Avira AntiVir Personal
Report file date: samedi 11 avril 2009 19:22

Scanning for 1347111 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MINSAT-4250FA9F

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 17:41:22
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 08:58:44
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 08:58:45
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 08:58:45
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:45:34
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:15:18
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 07:58:21
ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 11/04/2009 17:02:35
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 20:01:34
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 11:17:01
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 11:17:00
AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 17:44:25
AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 11:16:59
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 18:23:13
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 11:16:59
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 18:23:08
AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 11:16:57
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:59:35
AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 11:16:55
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:59:33
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 08:58:44
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 08:58:44
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 09:00:13
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 08:58:44
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 08:58:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 08:58:45
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 08:58:39
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 08:58:39

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 11 avril 2009 19:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'phil et pat.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
68 processes with 68 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\phil et pat\Local Settings\Temporary Internet Files\Content.IE5\P9D9SWSF\sdsetup[1].exe
[WARNING] The file could not be opened!
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
[0] Archive type: CAB (Microsoft)
--> JSByteCodeWin.bin
[WARNING] The file could not be written!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114978.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd44.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114979.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd46.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114980.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd48.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114981.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd4b.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114982.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd4e.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114983.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd50.qua'!


End of the scan: samedi 11 avril 2009 20:37
Used time: 1:15:02 Hour(s)

The scan has been done completely.

9453 Scanning directories
360653 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
360645 Files not concerned
2686 Archives were scanned
7 Warnings
6 Notes
0
julien
 
voici le rapport:


Avira AntiVir Personal
Report file date: samedi 11 avril 2009 19:22

Scanning for 1347111 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MINSAT-4250FA9F

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 17:41:22
AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 08:58:44
LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 08:58:45
LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 08:58:45
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:45:34
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:15:18
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 07:58:21
ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 11/04/2009 17:02:35
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 20:01:34
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 11:17:01
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 11:17:00
AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 17:44:25
AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 11:16:59
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 18:23:13
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 11:16:59
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 18:23:08
AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 11:16:57
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:59:35
AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 11:16:55
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:59:33
AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 08:58:44
AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 08:58:44
AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 09:00:13
AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 08:58:44
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 08:58:44
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 08:58:45
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 08:58:39
RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 08:58:39

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 11 avril 2009 19:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'phil et pat.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
68 processes with 68 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\phil et pat\Local Settings\Temporary Internet Files\Content.IE5\P9D9SWSF\sdsetup[1].exe
[WARNING] The file could not be opened!
C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
[0] Archive type: CAB (Microsoft)
--> JSByteCodeWin.bin
[WARNING] The file could not be written!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114978.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd44.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114979.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd46.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114980.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd48.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114981.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd4b.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114982.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd4e.qua'!
C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114983.sys
[DETECTION] Is the TR/Crypt.XDR.Gen Trojan
[NOTE] The file was moved to '4a11dd50.qua'!


End of the scan: samedi 11 avril 2009 20:37
Used time: 1:15:02 Hour(s)

The scan has been done completely.

9453 Scanning directories
360653 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
6 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
360645 Files not concerned
2686 Archives were scanned
7 Warnings
6 Notes
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 9
Utilisateur anonyme
 
Julien pose ton probleme ICI
0
Réponse 6 / 9
Utilisateur anonyme
 
Télécharge SDFix sur ton bureau :
ici :SDFix
ou ici SDFix
ou ici SDFix

--> Double-clique sur SDFix.exe et choisis "Install" .

Tuto

Puis une fois l'installe faite ,

Impératif : Démarrer en mode sans echec .

/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Comment aller en Mode sans échec :
1) Redémarre ton ordi .
2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
5) Choisis ton compte habituel ( et pas Administrateur ).
attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
-->Tapes Y pour lancer le script ...
Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
presses une touche pour redémarrer quand il te le sera demandé .

Le PC va mettre du temps avant de démarrer ( c'est normal ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
C:\SDFix sous le nom "Report.txt".

Poste ce dernier dans ta prochaine réponse

Si SDfix ne se lance pas (ça arrive!)

* Démarrer->Exécuter

* Copie/colle ceci :

%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

* Clique sur ok, et valide.

* Redémarre et essaye de nouveau de lancer SDfix.
0
julien
 
ok merci, je vais test demain mais j'ai peur que ca agrave le pc
0
Réponse 7 / 9
Utilisateur anonyme
 
non je ne pense pas :)
0
Réponse 8 / 9
julien
 
bon, mon père veut pas il préfère attendre 1 spécialiste.
0
Réponse 9 / 9
Utilisateur anonyme
 
Salut

le specialiste (soi disant) il va dire faut reformater lol

enfin montre lui un peu ce qu'on a deja fait j ai peut etre rate un truc :)
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses
casque sans fil Sennheiser TR 4200 ne fonctionne plus
jcb83400 -
DIY -

3 réponses
Problème casque sennheiser 4200
barbie35 -
Beenaxa -

1 réponse