Sujet Précédent Sujet Suivant

Tr/Dropper Gen. Comment le supprimer?

Jawa -  
 Jawa -
Bonjour,
Un scan antivir m'indique que mon pc est infecté par Tr/Dropper Gen, mais je n'arrive ni a le supprimé, ni a le mettre en quarantaine, antivir stop le scan et me dis de redemarrer le pc.
Quand je redemarre, et relance l'antivirus, pareill.
j'ai cherché sur internet, mais pas moyen de trouver un moyen simple de supprimer ce virus., comme un logiciel special, par exemple.
Je suis novice...

Deplus, apres scanne avec malewarebyte's rapide, suppression des fichiers et redemarrage, j'ai des messages comme quoi des fichier de msnmgr et skype sont endommagé,et de lancer chkdsk, mais quand je lance celui ci, il se bloque a 0% de la 2e étape...
Merci d'avance pour vos réponses (j'espere les plus claires, et plus simples possibles, encore une fois, je susi novice...)
A voir également:

8 réponses

Réponse 1 / 8
toto666 Messages postés 331 Statut Membre 14
 
salut jawa,

On va voir ce qu'il se passe sur ton pc.

I)Telecharger random's system information tool: (RSIT)

http://images.malwareremoval.com/random/RSIT.exe

1)Double clique sur l’icône RSIT.exe
2)Clique sur continue.
3)L’analyse terminée, deux fichiers s’ouvriront, poste moi les 2 rapports stp.
Si les 2 fichiers ne s’ouvrent pas va dans C:\rsit , tu y trouvera les 2 fichiers info.txt et log.txt
0
Jawa
 
Salut! merci de repondre.
Voila les rapports, j'ai mis continue direct, sans rien changer, du coup c'est sur le dernier mois. (jsais pas si ça a qqchose a voir, mais jpense que le virus j'lai depuis bien plus longtemps...'fin j'en sais rien, jte laisse faire ton boulot lol, merci encore)

Logfile of random's system information tool 1.06 (written by random/random)
Run by Ugo at 2009-05-02 17:12:38
Microsoft Windows XP Édition familiale Service Pack 2
System drive C: has 6 GB (2%) free of 279 GB
Total RAM: 1023 MB (16% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:12:55, on 02/05/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
c:\program files\avira\antivir desktop\avcenter.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ugo\Bureau\RSIT.exe
C:\Program Files\trend micro\Ugo.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ChkDisk.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106167868515
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\moyajamu.dll c:\windows\system32\ c:\windows\system32\rurisugo.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
0
Réponse 2 / 8
toto666 Messages postés 331 Statut Membre 14
 
Peut etre du vundo , on va voir ça.

1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
5)fermer toutes les autres applications.
6)Vérifier si tout est coché et clic « Supprimer la sélection ».

7)Un rapport s'ouvre copier-coller dans ta prochaine réponse
0
Jawa
 
Dsl, mais j'ai rien compris a ton dernier post :s
c'est quoi vundo?
j'le trouve ou? mbam setup?
0
Jawa
 
J'viens de re tenter un scan antivir, et pareil, ça a bloqué au meme endroit, avec impossibilité de suppr ou de mettre en quarantaine, voila le rapport:



Avira AntiVir Personal
Report file date: samedi 2 mai 2009 20:16

Scanning for 1373642 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : UGO-TAI

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 02/05/2009 11:09:16
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/04/2009 11:09:15
ANTIVIR3.VDF : 7.1.3.140 17920 Bytes 02/05/2009 11:09:15
Engineversion : 8.2.0.160
AEVDF.DLL : 8.1.1.1 106868 Bytes 02/05/2009 11:09:16
AESCRIPT.DLL : 8.1.1.79 385403 Bytes 02/05/2009 11:09:16
AESCN.DLL : 8.1.1.10 127348 Bytes 02/05/2009 11:09:16
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 02/05/2009 11:09:16
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 02/05/2009 11:09:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 02/05/2009 11:09:15
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 02/05/2009 11:09:15
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 02/05/2009 11:09:16
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 02/05/2009 11:09:15

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: samedi 2 mai 2009 20:16

Starting search for hidden objects.
The repair notes were written to the file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\AVSCAN-20090502-202222-1C00ABF2.avp'.
c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkpuibohn.sys
[INFO] The file is not visible.
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[INFO] No SpecVir entry was found!
c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.dat
[INFO] The file is not visible.
c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.dat
[INFO] The file is not visible.
c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[INFO] No SpecVir entry was found!
c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[INFO] No SpecVir entry was found!
c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp
[INFO] The file is not visible.
c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp
[INFO] The file is not visible.
c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp
[INFO] The file is not visible.


End of the scan: samedi 2 mai 2009 20:22
Used time: 05:30 Minute(s)

The scan has been done completely.

0 Scanned directories
9 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
1 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
5 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
80414 Objects were scanned with rootkit scan
16 Hidden objects were found
0
Réponse 3 / 8
toto666 Messages postés 331 Statut Membre 14
 
Désolé mais je pensais que tu avais installé malwarebyte's anti-malware comme tu l'a dit dans ton premier poste ^^
Puis vundo est une infection.

Voila la procédure complète:

I)Télécharger sur ton bureau Malwarebyte's Anti-Malware :

telecharge malware's bytes a cette adresse:

http://www.malwarebytes.org/mbam/program/mbam-setup.exe

1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
5)fermer toutes les autres applications.
6)Vérifier si tout est coché et clic « Supprimer la sélection ».

7)Un rapport s'ouvre copier-coller dans ta prochaine réponse
0
Réponse 4 / 8
Jawa
 
AH ok dsl, sisi j'ai bien malarebyte, j'avais pas compris l'abreviation lol.
j'ai deja fais un scan rapide comme jt'ai dit dans mon premeir post.
ok je fais lance un scanne complet la.

et pour vundo, je sais pas, tout ce que je sais c'est que j'arrive pa a supprimer ou a mettre en quarataine "tr/Dropper.Gen" avec antivir... jte poste le resultat du scanne des qu'il arrive
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
toto666 Messages postés 331 Statut Membre 14
 
tu me postera la rapport d'antivir qu'à faire stp :)
0
Jawa
 
voila le rapport de malware, ça en a pris du temps!
Malwarebytes' Anti-Malware 1.36
Version de la base de données: 2067
Windows 5.1.2600 Service Pack 2

02/05/2009 18:50:59
mbam-log-2009-05-02 (18-50-59).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Eléments examinés: 243677
Temps écoulé: 53 minute(s), 5 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.


qu'est ce que tu propose?
0
Réponse 6 / 8
toto666 Messages postés 331 Statut Membre 14
 
ree,

Suit bien la procédure dans l'ordre stp.

[b][u]I)Telecharge et enregistre sur ton bureau Hijackthis : [/u][/b]

[url=http://www.trendsecure.com/portal/fr/_download/HiJackThis.exe]telecharger hijackthis[/url]

Lance le logiciel hijackthis.
Au menu, « clique sur do a system scan only ».
Coche moi ces lignes en gras :

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\moyajamu.dll c:\windows\system32\ c:\windows\system32\rurisugo.dll

Clique sur « fix checked ».

1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
http://oldtimer.geekstogo.com/OTMoveIt3.exe

Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:processes
explorer.exe

:Files
c:\windows\system32\rurisugo.dll
C:\Program Files\BitLord\BitLord.exe

:reg

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\BitLord\BitLord.exe"=-

:commands
[emptytemp]
[start explorer]
[reboot]

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.

Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.

Domme moi des nouvelles si tu vois un changement après ces procédures??
0
Jawa
 
voila le rapport

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\system32\rurisugo.dll not found.
C:\Program Files\BitLord\BitLord.exe moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_jpgJWaBqrmD2sKCsHACh scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Ugo\LOCALS~1\Temp\~DFB10.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YZ0SB3MN\sha1auth[3].srf scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YPCGNMUY\MsgrConfig[1].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\8RA2UD5O\ADSAdClient31[3].txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_598.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT03ddf.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04760.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05022009_193653

Files moved on Reboot...
File C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_jpgJWaBqrmD2sKCsHACh not found!
C:\DOCUME~1\Ugo\LOCALS~1\Temp\~DFB10.tmp moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YZ0SB3MN\sha1auth[3].srf moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YPCGNMUY\MsgrConfig[1].asmx moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\8RA2UD5O\ADSAdClient31[3].txt moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_598.dat not found!
File C:\WINDOWS\temp\ZLT03ddf.TMP not found!
File C:\WINDOWS\temp\ZLT04760.TMP not found!
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl moved successfully.



t'en dis quoi?

Mon trojan est parti?
0
Réponse 7 / 8
toto666 Messages postés 331 Statut Membre 14
 
Double-clique sur OTMoveIt.exe pour le lancer.
Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

:processes
explorer.exe

:Files
c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkp­uibohn.sys
c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.d­ll
c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.d­at
c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.d­at
c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.d­ll
c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.d­ll
c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp
c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp
c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp

:commands
[emptytemp]
[start explorer]
[reboot]

clique sur MoveIt! pour lancer la suppression.
Le résultat apparaitra dans le cadre "Results".
Clique sur Exit pour fermer.

Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.

Puis retente le scan avec antivir stp.il marche?
0
Jawa
 
voila le scanne

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
File/Folder c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkp­­uibohn.sys not found.
File/Folder c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.d­­ll not found.
File/Folder c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.d­­at not found.
File/Folder c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.d­­at not found.
File/Folder c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.d­­ll not found.
File/Folder c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.d­­ll not found.
File/Folder c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp not found.
File/Folder c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp not found.
File/Folder c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_0kUK1R6GNuGSvUkq90Kj scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YQZTB5FX\MsgrConfig[1].asmx scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\QOQ298YO\sha1auth[1].srf scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\L034MVT9\ADSAdClient31[1].txt scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT0467f.TMP scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT04682.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05032009_003518

Files moved on Reboot...
File C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_0kUK1R6GNuGSvUkq90Kj not found!
C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YQZTB5FX\MsgrConfig[1].asmx moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\QOQ298YO\sha1auth[1].srf moved successfully.
File C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\L034MVT9\ADSAdClient31[1].txt not found!
File C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat not found!
File C:\WINDOWS\temp\ZLT0467f.TMP not found!
File C:\WINDOWS\temp\ZLT04682.TMP not found!
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl moved successfully.


je tente antivir tout de suite jte tiens au courrant.
0
Jawa > Jawa
 
Toujours pareil pour antivir, il bloque au bout de 5 min
voila le rapport:



Avira AntiVir Personal
Report file date: dimanche 3 mai 2009 00:42

Scanning for 1373642 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : UGO-TAI

Version information:
BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
AVSCAN.EXE : 9.0.3.5 466689 Bytes 02/05/2009 11:09:16
AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/04/2009 11:09:15
ANTIVIR3.VDF : 7.1.3.140 17920 Bytes 02/05/2009 11:09:15
Engineversion : 8.2.0.160
AEVDF.DLL : 8.1.1.1 106868 Bytes 02/05/2009 11:09:16
AESCRIPT.DLL : 8.1.1.79 385403 Bytes 02/05/2009 11:09:16
AESCN.DLL : 8.1.1.10 127348 Bytes 02/05/2009 11:09:16
AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
AEPACK.DLL : 8.1.3.14 397685 Bytes 02/05/2009 11:09:16
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
AEHEUR.DLL : 8.1.0.122 1737080 Bytes 02/05/2009 11:09:16
AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
AEGEN.DLL : 8.1.1.39 348532 Bytes 02/05/2009 11:09:15
AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
AECORE.DLL : 8.1.6.9 176500 Bytes 02/05/2009 11:09:15
AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
AVARKT.DLL : 9.0.0.3 292609 Bytes 02/05/2009 11:09:16
AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
RCTEXT.DLL : 9.0.37.0 86785 Bytes 02/05/2009 11:09:15

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: dimanche 3 mai 2009 00:42

Starting search for hidden objects.
The repair notes were written to the file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\AVSCAN-20090503-004736-8EBE5766.avp'.
c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkpuibohn.sys
[INFO] The file is not visible.
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '4a62cdfe.qua'!
c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[INFO] No SpecVir entry was found!
c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.dat
[INFO] The file is not visible.
c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.dat
[INFO] The file is not visible.
c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[INFO] No SpecVir entry was found!
c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.dll
[INFO] The file is not visible.
[DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
[INFO] No SpecVir entry was found!
c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp
[INFO] The file is not visible.
c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp
[INFO] The file is not visible.
c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp
[INFO] The file is not visible.


End of the scan: dimanche 3 mai 2009 00:47
Used time: 05:23 Minute(s)

The scan has been done completely.

0 Scanned directories
9 Files were scanned
4 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
5 Files not concerned
0 Archives were scanned
0 Warnings
1 Notes
80177 Objects were scanned with rootkit scan
16 Hidden objects were found
0
Jawa
 
Alors?
0
Réponse 8 / 8
Jawa
 
Help? Personne peut m'aider? Je sais vraiment pas quoi faire...
0
Utilisateur anonyme
 
pas de doublon SVP
0
Jawa > Utilisateur anonyme
 
Quelqu'un pourrait il me repondre?
0

Discussions similaires

Signification "TR"
andromeid -
matrix4422 -

3 réponses
Signification des abréviations RE: et TR:
La Salamandre -
Iolose -

19 réponses
Sa veux dire koi??Subject: FW: Tr :FW: TR: TR
france22 -
ghano0666545160 -

12 réponses