Infection par TR/Crypt.XDR.Gen

voudet -  
 gen-hackman -
Bonjour,
J'ai un souci avec un virus depuis quelques jours. Les alertes n'apparaissent que lorsque je suis connectée à Internet et c'est une page de mon antivirus (avira antivir) qui s'ouvre en disant qu'un virus (TR/Crypt.XDR.Gen) a été détecté sur mon ordinateur. J'ai essayé de le mettre en quarantaine ou de le supprimer mais rien ne fonctionne. Je ne suis pas très douée là dedans donc si vous pouviez me filer un petit coup de main ce serait sympa.
Configuration: Windows XP
Firefox 3.0.8

9 réponses

  1. gen-hackman
     
    bonsoir :

    Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.

    Télécharges :
    Malwarebytes ou :
    Malwarebytes

    * Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

    (NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

    * Potasses le Tuto pour te familiariser avec le prg :

    ( cela dis, il est très simple d'utilisation ).

    relance malwarebytes en suivant scrupuleusement ces consignes :

    ! Déconnecte toi et ferme toutes applications en cours !

    * Lance Malwarebyte's .

    Fais un examen dit "Complet" .

    --> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
    --> à la fin tu cliques sur "résultat" .
    --> Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

    Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !

    Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

    0
    1. voudet
       
      Bonjour,
      J'ai fait le scan ce matin et voilà le rapport:

      Malwarebytes' Anti-Malware 1.35
      Version de la base de données: 1938
      Windows 5.1.2600 Service Pack 3

      04/04/2009 11:09:20
      mbam-log-2009-04-04 (11-09-20).txt

      Type de recherche: Examen complet (C:\|D:\|)
      Eléments examinés: 137201
      Temps écoulé: 29 minute(s), 51 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 8
      Valeur(s) du Registre infectée(s): 1
      Elément(s) de données du Registre infecté(s): 2
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\acpi32 (Rootkit.Spamtool) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i386si (Rootkit.Spamtool) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\systemntmi (Rootkit.Spamtool) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2_32sik (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nicsk32 (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsik (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fips32cup (Rootkit.Agent) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ksi32sk (Rootkit.Agent) -> Quarantined and deleted successfully.

      Valeur(s) du Registre infectée(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhcr1cj0er1q (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

      Elément(s) de données du Registre infecté(s):
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Je n'ai pas eu d'avertissement ce matin. Est ce que ça signifie que je suis débarassée du virus complètement?

      Merci pour ton aide
      0
  2. gen-hackman
     
    salut non on va encore en trouver avec ca :

    Télécharge Superantispyware (SAS)

    Choisis "enregistrer" et enregistre-le sur ton bureau.

    Double-clique sur l'icône d'installation qui vient de se créer et suis les instructions.

    Créé une icône sur le bureau.

    Double-clique sur l'icône de SAS (une tête dans un cercle rouge barré) pour le lancer.

    - Si l'outil te demande de mettre à jour le programme ("update the program definitions", clique sur yes.
    - Sous Configuration and Preferences, clique sur le bouton "Preferences"
    - Clique sur l'onglet "Scanning Control "
    - Dans "Scanner Options ", assure toi que la case devant lles lignes suivantes est cochée :

    Close browsers before scanning
    Scan for tracking cookies
    Terminate memory threats before quarantining
    - Laisse les autres lignes décochées.

    - Clique sur le bouton "Close" pour quitter l'écran du centre de contrôle.

    - Dans la fenêtre principale, clique, dans "Scan for Harmful Software", sur "Scan your computer".

    Dans la colonne de gauche, coche C:\Fixed Drive.

    Dans la colonne de droite, sous "Complete scan", clique sur "Perform Complete Scan"

    Clique sur "next" pour lancer le scan. Patiente pendant la durée du scan.

    A la fin du scan, une fenêtre de résultats s'ouvre . Clique sur OK.

    Assure toi que toutes les lignes de la fenêtre blanche sont cochées et clique sur "Next".

    Tout ce qui a été trouvé sera mis en quarantaine. S'il t'es demandé de redémarrer l'ordi ("reboot"), clique sur Yes.

    Pour recopier les informations sur le forum, fais ceci :

    - après le redémarrage de l'ordi, double-clique sur l'icône pour lancer SAS.
    - Clique sur "Preferences" puis sur l'onglet "Statistics/Logs ".
    - Dans "scanners logs", double-clique sur SUPERAntiSpyware Scan Log.

    - Le rapport va s'ouvrir dans ton éditeur de texte par défaut.

    - Copie son contenu dans ta réponse.

    Regarde bien le tuto SUPERAntiSpyware il est très bien expliqué.
    0
    1. voudet
       
      Ca y est le scan SAS est enfin terminé, voilà le rapport:

      SUPERAntiSpyware Scan Log
      https://www.superantispyware.com/

      Generated 04/04/2009 at 02:54 PM

      Application Version : 4.26.1000

      Core Rules Database Version : 3829
      Trace Rules Database Version: 1785

      Scan type : Complete Scan
      Total Scan Time : 01:01:38

      Memory items scanned : 607
      Memory threats detected : 0
      Registry items scanned : 6219
      Registry threats detected : 36
      File items scanned : 63447
      File threats detected : 7

      Adware.IWantSearchBar
      HKLM\Software\Classes\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\InprocServer32#ThreadingModel
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\ProgID
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\Programmable
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\TypeLib
      HKCR\CLSID\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}\VersionIndependentProgID
      HKCR\ToolBand.ToolBandObj.1
      HKCR\ToolBand.ToolBandObj.1\CLSID
      HKCR\ToolBand.ToolBandObj
      HKCR\ToolBand.ToolBandObj\CLSID
      HKCR\ToolBand.ToolBandObj\CurVer
      HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}
      HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0
      HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0
      HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\0\win32
      HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\FLAGS
      HKCR\TypeLib\{5297E905-1DFB-4A9C-9871-A4F95FD58945}\1.0\HELPDIR
      C:\WINDOWS\SYSTEM32\TOOLBAND.DLL
      HKU\S-1-5-21-2655035948-2815736752-3059105838-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
      HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
      HKU\S-1-5-21-2655035948-2815736752-3059105838-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser#{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
      HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}
      HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid
      HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\ProxyStubClsid32
      HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib
      HKCR\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF}\TypeLib#Version

      Adware.HotBar/ShopperReports (Low Risk)
      HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}
      HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{100EB1FD-D03E-47FD-81F3-EE91287F9465}

      Adware.Zango/ShoppingReport
      HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
      HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}
      HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B2}
      HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5428486-50A0-4A02-9D20-520B59A9F9B3}

      Adware.Tracking Cookie
      C:\Documents and Settings\Virginie\Cookies\virginie@bluestreak[1].txt
      C:\Documents and Settings\Virginie\Cookies\virginie@serving-sys[2].txt
      C:\Documents and Settings\Virginie\Cookies\virginie@bs.serving-sys[2].txt
      C:\Documents and Settings\Virginie\Cookies\virginie@doubleclick[1].txt
      C:\Documents and Settings\Virginie\Cookies\virginie@atdmt[2].txt
      C:\Documents and Settings\Virginie\Cookies\virginie@revsci[2].txt

      Rootkit.TDSServ
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TDSSserv.sys
      HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TDSSserv.sys

      Cette fois ce sera bon?
      Merci pour ton aide en tout cas, je sais pas comment j'aurais fait sans toi
      0
  3. gen-hackman
     
    ton pc etait tres infecté je préfère que nous continuions une procedure normale afin de le rendre sain :)

    Télécharge Random's System Information Tool (RSIT) de random/random et enregistre l'exécutable sur ton Bureau.

    ! Déconnecte toi et ferme toutes tes applications en cours !

    Double-clique sur " RSIT.exe " pour le lancer .

    -> Une première fenêtre s'ouvre avec en titre : " Disclaimer of warranty " .

    * Devant l'option "List files/folders created ..." , tu choisis : 2 months

    * clique ensuite sur " Continue " pour lancer l'analyse ...

    -> laisse faire le scan et ne touche pas au PC ...

    Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront (probablement avec le bloc-note).

    Poste le contenu de " log.txt " (c'est celui qui apparait à l'écran), ainsi que de " info.txt " (que tu verras dans la barre des tâches), pour analyse et attends la suite ...

    Important : poste un rapport, puis l'autre dans la réponse suivante
    Si tu essaies de poster les deux en même temps, cela risque d'être trop long pour le forum

    ( Note : les rapports seront en outre sauvegardés dans ce dossier -> C:\rsit )
    0
  4. julien
     
    bonjour, alors voilà moi aussi j'ai un problème avec TR/Crypt.XDR.Gen - Trojan .
    je n'arrive pas à m'en débarrasser. e-ce possible sans formater svp ?
    0
    1. julien
       
      voici le rapport:


      Avira AntiVir Personal
      Report file date: samedi 11 avril 2009 19:22

      Scanning for 1347111 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: MINSAT-4250FA9F

      Version information:
      BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 17:41:22
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 08:58:44
      LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 08:58:45
      LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 08:58:45
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:45:34
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:15:18
      ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 07:58:21
      ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 11/04/2009 17:02:35
      Engineversion : 8.2.0.138
      AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 20:01:34
      AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 11:17:01
      AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 11:17:00
      AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 17:44:25
      AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 11:16:59
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 18:23:13
      AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 11:16:59
      AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 18:23:08
      AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 11:16:57
      AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:59:35
      AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 11:16:55
      AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:59:33
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 08:58:44
      AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 08:58:44
      AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 09:00:13
      AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 08:58:44
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 08:58:44
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 08:58:45
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 08:58:39
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 08:58:39

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: samedi 11 avril 2009 19:22

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
      Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
      Scan process 'phil et pat.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'realsched.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      68 processes with 68 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD2
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD3
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD4
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '56' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\phil et pat\Local Settings\Temporary Internet Files\Content.IE5\P9D9SWSF\sdsetup[1].exe
      [WARNING] The file could not be opened!
      C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
      [0] Archive type: CAB (Microsoft)
      --> JSByteCodeWin.bin
      [WARNING] The file could not be written!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114978.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd44.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114979.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd46.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114980.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd48.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114981.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd4b.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114982.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd4e.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114983.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd50.qua'!


      End of the scan: samedi 11 avril 2009 20:37
      Used time: 1:15:02 Hour(s)

      The scan has been done completely.

      9453 Scanning directories
      360653 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      6 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      360645 Files not concerned
      2686 Archives were scanned
      7 Warnings
      6 Notes
      0
    2. julien
       
      voici le rapport:


      Avira AntiVir Personal
      Report file date: samedi 11 avril 2009 19:22

      Scanning for 1347111 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: MINSAT-4250FA9F

      Version information:
      BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 17:41:22
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 08:58:44
      LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 08:58:45
      LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 08:58:45
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:45:34
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:15:18
      ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 07:58:21
      ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 11/04/2009 17:02:35
      Engineversion : 8.2.0.138
      AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 20:01:34
      AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 11:17:01
      AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 11:17:00
      AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 17:44:25
      AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 11:16:59
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 18:23:13
      AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 11:16:59
      AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 18:23:08
      AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 11:16:57
      AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:59:35
      AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 11:16:55
      AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:59:33
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 08:58:44
      AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 08:58:44
      AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 09:00:13
      AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 08:58:44
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 08:58:44
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 08:58:45
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 08:58:39
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 08:58:39

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: samedi 11 avril 2009 19:22

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
      Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
      Scan process 'phil et pat.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'realsched.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      68 processes with 68 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD2
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD3
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD4
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '56' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\phil et pat\Local Settings\Temporary Internet Files\Content.IE5\P9D9SWSF\sdsetup[1].exe
      [WARNING] The file could not be opened!
      C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
      [0] Archive type: CAB (Microsoft)
      --> JSByteCodeWin.bin
      [WARNING] The file could not be written!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114978.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd44.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114979.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd46.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114980.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd48.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114981.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd4b.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114982.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd4e.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114983.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd50.qua'!


      End of the scan: samedi 11 avril 2009 20:37
      Used time: 1:15:02 Hour(s)

      The scan has been done completely.

      9453 Scanning directories
      360653 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      6 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      360645 Files not concerned
      2686 Archives were scanned
      7 Warnings
      6 Notes
      0
    3. julien
       
      voici le rapport:


      Avira AntiVir Personal
      Report file date: samedi 11 avril 2009 19:22

      Scanning for 1347111 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows XP
      Windows version: (Service Pack 2) [5.1.2600]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: MINSAT-4250FA9F

      Version information:
      BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 17:41:22
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 18/07/2008 08:58:44
      LUKE.DLL : 8.1.4.5 164097 Bytes 18/07/2008 08:58:45
      LUKERES.DLL : 8.1.4.0 12033 Bytes 18/07/2008 08:58:45
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 17:45:34
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 12:15:18
      ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 07:58:21
      ANTIVIR3.VDF : 7.1.3.42 169984 Bytes 11/04/2009 17:02:35
      Engineversion : 8.2.0.138
      AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 20:01:34
      AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 11:17:01
      AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 11:17:00
      AERDL.DLL : 8.1.1.3 438645 Bytes 18/11/2008 17:44:25
      AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 11:16:59
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 18:23:13
      AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 11:16:59
      AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 18:23:08
      AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 11:16:57
      AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 16:59:35
      AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 11:16:55
      AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 16:59:33
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 18/07/2008 08:58:44
      AVPREF.DLL : 8.0.2.0 38657 Bytes 18/07/2008 08:58:44
      AVREP.DLL : 8.0.0.2 98344 Bytes 01/08/2008 09:00:13
      AVREG.DLL : 8.0.0.1 33537 Bytes 18/07/2008 08:58:44
      AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 18/07/2008 08:58:44
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 18/07/2008 08:58:45
      NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 18/07/2008 08:58:39
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 18/07/2008 08:58:39

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: off
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: medium

      Start of the scan: samedi 11 avril 2009 19:22

      The scan of running processes will be started
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
      Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
      Scan process 'phil et pat.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'alg.exe' - '1' Module(s) have been scanned
      Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
      Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
      Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
      Scan process 'realsched.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
      Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'aawservice.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      68 processes with 68 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD2
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD3
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.
      Master boot sector HD4
      [INFO] No virus was found!
      [WARNING] System error [21]: Le périphérique n'est pas prêt.

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '56' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\Documents and Settings\phil et pat\Local Settings\Temporary Internet Files\Content.IE5\P9D9SWSF\sdsetup[1].exe
      [WARNING] The file could not be opened!
      C:\Program Files\Adobe\Reader 8.0\Setup Files\{AC76BA86-7AD7-1036-7B44-A81200000003}\Data1.cab
      [0] Archive type: CAB (Microsoft)
      --> JSByteCodeWin.bin
      [WARNING] The file could not be written!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114978.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd44.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114979.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd46.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114980.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd48.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114981.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd4b.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114982.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd4e.qua'!
      C:\System Volume Information\_restore{0FFF77A3-18B1-4778-867A-28F2CF34490F}\RP505\A0114983.sys
      [DETECTION] Is the TR/Crypt.XDR.Gen Trojan
      [NOTE] The file was moved to '4a11dd50.qua'!


      End of the scan: samedi 11 avril 2009 20:37
      Used time: 1:15:02 Hour(s)

      The scan has been done completely.

      9453 Scanning directories
      360653 Files were scanned
      6 viruses and/or unwanted programs were found
      0 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      6 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      360645 Files not concerned
      2686 Archives were scanned
      7 Warnings
      6 Notes
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. gen-hackman
     
    Télécharge SDFix sur ton bureau :
    ici :SDFix
    ou ici SDFix
    ou ici SDFix

    --> Double-clique sur SDFix.exe et choisis "Install" .

    Tuto

    Puis une fois l'installe faite ,

    Impératif : Démarrer en mode sans echec .

    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

    Comment aller en Mode sans échec :
    1) Redémarre ton ordi .
    2) Tapote la touche F8 immédiatement, (F5 sur certains PC) juste après le "Bip" .
    3) Tu tapotes jusqu' à l'apparition de l'écran avec les options de démarrage .
    4) Choisis la première option : Sans Échec , et valide en tapant sur [Entrée] .
    5) Choisis ton compte habituel ( et pas Administrateur ).
    attention : pas de connexion possible en mode sans échec , donc copie ou imprime bien la manipe pour éviter les erreurs ...

    Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double-clique sur RunThis.bat pour lancer l'outil .
    -->Tapes Y pour lancer le script ...
    Le Fix supprime les services du virus et nettoie le registre, de ce fait un redémarrage est nécessaire , donc :
    presses une touche pour redémarrer quand il te le sera demandé .

    Le PC va mettre du temps avant de démarrer ( c'est normal ), après le chargement du Bureau presses une touche lorsque "Finished" s'affiche .

    Le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier
    C:\SDFix sous le nom "Report.txt".

    Poste ce dernier dans ta prochaine réponse

    Si SDfix ne se lance pas (ça arrive!)

    * Démarrer->Exécuter

    * Copie/colle ceci :

    %systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

    * Clique sur ok, et valide.

    * Redémarre et essaye de nouveau de lancer SDfix.
    0
    1. julien
       
      ok merci, je vais test demain mais j'ai peur que ca agrave le pc
      0
  7. julien
     
    bon, mon père veut pas il préfère attendre 1 spécialiste.
    0
  8. gen-hackman
     
    Salut

    le specialiste (soi disant) il va dire faut reformater lol

    enfin montre lui un peu ce qu'on a deja fait j ai peut etre rate un truc :)
    0