Tr/Dropper Gen. Comment le supprimer?

Jawa -  
 Jawa -
Bonjour,
Un scan antivir m'indique que mon pc est infecté par Tr/Dropper Gen, mais je n'arrive ni a le supprimé, ni a le mettre en quarantaine, antivir stop le scan et me dis de redemarrer le pc.
Quand je redemarre, et relance l'antivirus, pareill.
j'ai cherché sur internet, mais pas moyen de trouver un moyen simple de supprimer ce virus., comme un logiciel special, par exemple.
Je suis novice...

Deplus, apres scanne avec malewarebyte's rapide, suppression des fichiers et redemarrage, j'ai des messages comme quoi des fichier de msnmgr et skype sont endommagé,et de lancer chkdsk, mais quand je lance celui ci, il se bloque a 0% de la 2e étape...
Merci d'avance pour vos réponses (j'espere les plus claires, et plus simples possibles, encore une fois, je susi novice...)
Configuration: Windows XP
Firefox 3.0.10

8 réponses

  1. toto666 Messages postés 331 Statut Membre 14
     
    salut jawa,

    On va voir ce qu'il se passe sur ton pc.

    I)Telecharger random's system information tool: (RSIT)

    http://images.malwareremoval.com/random/RSIT.exe

    1)Double clique sur l’icône RSIT.exe
    2)Clique sur continue.
    3)L’analyse terminée, deux fichiers s’ouvriront, poste moi les 2 rapports stp.
    Si les 2 fichiers ne s’ouvrent pas va dans C:\rsit , tu y trouvera les 2 fichiers info.txt et log.txt
    0
    1. Jawa
       
      Salut! merci de repondre.
      Voila les rapports, j'ai mis continue direct, sans rien changer, du coup c'est sur le dernier mois. (jsais pas si ça a qqchose a voir, mais jpense que le virus j'lai depuis bien plus longtemps...'fin j'en sais rien, jte laisse faire ton boulot lol, merci encore)

      Logfile of random's system information tool 1.06 (written by random/random)
      Run by Ugo at 2009-05-02 17:12:38
      Microsoft Windows XP Édition familiale Service Pack 2
      System drive C: has 6 GB (2%) free of 279 GB
      Total RAM: 1023 MB (16% free)

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:12:55, on 02/05/2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir Desktop\sched.exe
      C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\UAService7.exe
      C:\WINDOWS\system32\nvraidservice.exe
      C:\WINDOWS\system32\carpserv.exe
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\D-Tools\daemon.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Windows Media Player\WMPNSCFG.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\Skype\Plugin Manager\skypePM.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      c:\program files\avira\antivir desktop\avcenter.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Ugo\Bureau\RSIT.exe
      C:\Program Files\trend micro\Ugo.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [CARPService] carpserv.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: ChkDisk.lnk = ?
      O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
      O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
      O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
      O14 - IERESET.INF: START_PAGE_URL=https://www.targa.gmbh/eng/targa/
      O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
      O16 - DPF: {45E83043-1F6F-4D22-A5E7-0138EA171B49} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fr/filesharingctrl.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106167868515
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
      O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
      O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O20 - AppInit_DLLs: C:\WINDOWS\system32\moyajamu.dll c:\windows\system32\ c:\windows\system32\rurisugo.dll
      O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
      O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
      O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
      0
  2. toto666 Messages postés 331 Statut Membre 14
     
    Peut etre du vundo , on va voir ça.

    1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
    2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
    3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
    4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
    5)fermer toutes les autres applications.
    6)Vérifier si tout est coché et clic « Supprimer la sélection ».

    7)Un rapport s'ouvre copier-coller dans ta prochaine réponse
    0
    1. Jawa
       
      Dsl, mais j'ai rien compris a ton dernier post :s
      c'est quoi vundo?
      j'le trouve ou? mbam setup?
      0
    2. Jawa
       
      J'viens de re tenter un scan antivir, et pareil, ça a bloqué au meme endroit, avec impossibilité de suppr ou de mettre en quarantaine, voila le rapport:



      Avira AntiVir Personal
      Report file date: samedi 2 mai 2009 20:16

      Scanning for 1373642 virus strains and unwanted programs.

      Licensee : Avira AntiVir Personal - FREE Antivirus
      Serial number : 0000149996-ADJIE-0000001
      Platform : Windows XP
      Windows version : (Service Pack 2) [5.1.2600]
      Boot mode : Normally booted
      Username : SYSTEM
      Computer name : UGO-TAI

      Version information:
      BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
      AVSCAN.EXE : 9.0.3.5 466689 Bytes 02/05/2009 11:09:16
      AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
      LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
      LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
      ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
      ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/04/2009 11:09:15
      ANTIVIR3.VDF : 7.1.3.140 17920 Bytes 02/05/2009 11:09:15
      Engineversion : 8.2.0.160
      AEVDF.DLL : 8.1.1.1 106868 Bytes 02/05/2009 11:09:16
      AESCRIPT.DLL : 8.1.1.79 385403 Bytes 02/05/2009 11:09:16
      AESCN.DLL : 8.1.1.10 127348 Bytes 02/05/2009 11:09:16
      AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
      AEPACK.DLL : 8.1.3.14 397685 Bytes 02/05/2009 11:09:16
      AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
      AEHEUR.DLL : 8.1.0.122 1737080 Bytes 02/05/2009 11:09:16
      AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
      AEGEN.DLL : 8.1.1.39 348532 Bytes 02/05/2009 11:09:15
      AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
      AECORE.DLL : 8.1.6.9 176500 Bytes 02/05/2009 11:09:15
      AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
      AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
      AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
      AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
      AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
      AVARKT.DLL : 9.0.0.3 292609 Bytes 02/05/2009 11:09:16
      AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
      SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
      SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
      NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
      RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
      RCTEXT.DLL : 9.0.37.0 86785 Bytes 02/05/2009 11:09:15

      Configuration settings for the scan:
      Jobname.............................: Complete system scan
      Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
      Logging.............................: low
      Primary action......................: interactive
      Secondary action....................: ignore
      Scan master boot sector.............: on
      Scan boot sector....................: on
      Boot sectors........................: C:, D:,
      Process scan........................: on
      Scan registry.......................: on
      Search for rootkits.................: on
      Integrity checking of system files..: off
      Scan all files......................: All files
      Scan archives.......................: on
      Recursion depth.....................: 20
      Smart extensions....................: on
      Macro heuristic.....................: on
      File heuristic......................: medium

      Start of the scan: samedi 2 mai 2009 20:16

      Starting search for hidden objects.
      The repair notes were written to the file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\AVSCAN-20090502-202222-1C00ABF2.avp'.
      c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkpuibohn.sys
      [INFO] The file is not visible.
      [DETECTION] Is the TR/Dropper.Gen Trojan
      [NOTE] The file was deleted!
      c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.dll
      [INFO] The file is not visible.
      [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
      [INFO] No SpecVir entry was found!
      c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.dat
      [INFO] The file is not visible.
      c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.dat
      [INFO] The file is not visible.
      c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.dll
      [INFO] The file is not visible.
      [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
      [INFO] No SpecVir entry was found!
      c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.dll
      [INFO] The file is not visible.
      [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
      [INFO] No SpecVir entry was found!
      c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp
      [INFO] The file is not visible.
      c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp
      [INFO] The file is not visible.
      c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp
      [INFO] The file is not visible.


      End of the scan: samedi 2 mai 2009 20:22
      Used time: 05:30 Minute(s)

      The scan has been done completely.

      0 Scanned directories
      9 Files were scanned
      4 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      1 files were deleted
      0 Viruses and unwanted programs were repaired
      0 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
      5 Files not concerned
      0 Archives were scanned
      0 Warnings
      1 Notes
      80414 Objects were scanned with rootkit scan
      16 Hidden objects were found
      0
  3. toto666 Messages postés 331 Statut Membre 14
     
    Désolé mais je pensais que tu avais installé malwarebyte's anti-malware comme tu l'a dit dans ton premier poste ^^
    Puis vundo est une infection.

    Voila la procédure complète:

    I)Télécharger sur ton bureau Malwarebyte's Anti-Malware :

    telecharge malware's bytes a cette adresse:

    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    1)Double-clic « mbam-setup »,l'installation se lance (installer sans rien changer).
    2)Lance le programme,va dans l'onlet « mise à jour » puis clique « recherche de mise à jour ».
    3)Va dans l'onglet « recherche » puis cocher « Exécuter un exament complet » >>clique « rechercher » puis lancer l'examen.
    4)A la fin du scan ,si il y a des infections clique « afficher résultat ».
    5)fermer toutes les autres applications.
    6)Vérifier si tout est coché et clic « Supprimer la sélection ».

    7)Un rapport s'ouvre copier-coller dans ta prochaine réponse
    0
  4. Jawa
     
    AH ok dsl, sisi j'ai bien malarebyte, j'avais pas compris l'abreviation lol.
    j'ai deja fais un scan rapide comme jt'ai dit dans mon premeir post.
    ok je fais lance un scanne complet la.

    et pour vundo, je sais pas, tout ce que je sais c'est que j'arrive pa a supprimer ou a mettre en quarataine "tr/Dropper.Gen" avec antivir... jte poste le resultat du scanne des qu'il arrive
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. toto666 Messages postés 331 Statut Membre 14
     
    tu me postera la rapport d'antivir qu'à faire stp :)
    0
    1. Jawa
       
      voila le rapport de malware, ça en a pris du temps!
      Malwarebytes' Anti-Malware 1.36
      Version de la base de données: 2067
      Windows 5.1.2600 Service Pack 2

      02/05/2009 18:50:59
      mbam-log-2009-05-02 (18-50-59).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
      Eléments examinés: 243677
      Temps écoulé: 53 minute(s), 5 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 1

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      C:\WINDOWS\system32\config\systemprofile\Menu Démarrer\Programmes\Démarrage\ChkDisk.dll (Worm.Autorun) -> Quarantined and deleted successfully.


      qu'est ce que tu propose?
      0
  7. toto666 Messages postés 331 Statut Membre 14
     
    ree,

    Suit bien la procédure dans l'ordre stp.

    [b][u]I)Telecharge et enregistre sur ton bureau Hijackthis : [/u][/b]

    [url=http://www.trendsecure.com/portal/fr/_download/HiJackThis.exe]telecharger hijackthis[/url]

    Lance le logiciel hijackthis.
    Au menu, « clique sur do a system scan only ».
    Coche moi ces lignes en gras :

    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O20 - AppInit_DLLs: C:\WINDOWS\system32\moyajamu.dll c:\windows\system32\ c:\windows\system32\rurisugo.dll

    Clique sur « fix checked ».

    1) Télécharge OTMoveIt3 (de Old_Timer) sur ton Bureau.
    http://oldtimer.geekstogo.com/OTMoveIt3.exe

    Double-clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

    :processes
    explorer.exe

    :Files
    c:\windows\system32\rurisugo.dll
    C:\Program Files\BitLord\BitLord.exe

    :reg

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "C:\Program Files\BitLord\BitLord.exe"=-

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    Clique sur Exit pour fermer.

    Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.

    Domme moi des nouvelles si tu vois un changement après ces procédures??
    0
    1. Jawa
       
      voila le rapport

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File/Folder c:\windows\system32\rurisugo.dll not found.
      C:\Program Files\BitLord\BitLord.exe moved successfully.
      ========== REGISTRY ==========
      Registry key HKEY_LOCAL_MACHINE\system\currentcontrolset\services\shared­access\parameters\firewallpolicy\standardprofile\authorizeda­pplications\list not found.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_jpgJWaBqrmD2sKCsHACh scheduled to be deleted on reboot.
      File delete failed. C:\DOCUME~1\Ugo\LOCALS~1\Temp\~DFB10.tmp scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YZ0SB3MN\sha1auth[3].srf scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YPCGNMUY\MsgrConfig[1].asmx scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\8RA2UD5O\ADSAdClient31[3].txt scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_598.dat scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\ZLT03ddf.TMP scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\ZLT04760.TMP scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05022009_193653

      Files moved on Reboot...
      File C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_jpgJWaBqrmD2sKCsHACh not found!
      C:\DOCUME~1\Ugo\LOCALS~1\Temp\~DFB10.tmp moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YZ0SB3MN\sha1auth[3].srf moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YPCGNMUY\MsgrConfig[1].asmx moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\8RA2UD5O\ADSAdClient31[3].txt moved successfully.
      File C:\WINDOWS\temp\Perflib_Perfdata_598.dat not found!
      File C:\WINDOWS\temp\ZLT03ddf.TMP not found!
      File C:\WINDOWS\temp\ZLT04760.TMP not found!
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl moved successfully.



      t'en dis quoi?

      Mon trojan est parti?
      0
  8. toto666 Messages postés 331 Statut Membre 14
     
    Double-clique sur OTMoveIt.exe pour le lancer.
    Copie la liste qui se trouve en citation ci-dessous et colle-la dans le cadre de gauche de OTMoveIt sous Paste Instructions for Items to be Moved.

    :processes
    explorer.exe

    :Files
    c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkp­uibohn.sys
    c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.d­ll
    c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.d­at
    c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.d­at
    c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.d­ll
    c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.d­ll
    c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp
    c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp
    c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp

    :commands
    [emptytemp]
    [start explorer]
    [reboot]


    clique sur MoveIt! pour lancer la suppression.
    Le résultat apparaitra dans le cadre "Results".
    Clique sur Exit pour fermer.

    Poste le rapport ( fichier .log ) situé dans C:\_OTMoveIt\MovedFiles.

    Puis retente le scan avec antivir stp.il marche?
    0
    1. Jawa
       
      voila le scanne

      ========== PROCESSES ==========
      Process explorer.exe killed successfully.
      ========== FILES ==========
      File/Folder c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkp­­uibohn.sys not found.
      File/Folder c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.d­­ll not found.
      File/Folder c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.d­­at not found.
      File/Folder c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.d­­at not found.
      File/Folder c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.d­­ll not found.
      File/Folder c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.d­­ll not found.
      File/Folder c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp not found.
      File/Folder c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp not found.
      File/Folder c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp not found.
      ========== COMMANDS ==========
      File delete failed. C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_0kUK1R6GNuGSvUkq90Kj scheduled to be deleted on reboot.
      User's Temp folder emptied.
      User's Internet Explorer cache folder emptied.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YQZTB5FX\MsgrConfig[1].asmx scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\QOQ298YO\sha1auth[1].srf scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\L034MVT9\ADSAdClient31[1].txt scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      User's Temporary Internet Files folder emptied.
      Local Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Local Service Temporary Internet Files folder emptied.
      Network Service Temp folder emptied.
      File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
      Network Service Temporary Internet Files folder emptied.
      File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\ZLT0467f.TMP scheduled to be deleted on reboot.
      File delete failed. C:\WINDOWS\temp\ZLT04682.TMP scheduled to be deleted on reboot.
      Windows Temp folder emptied.
      Java cache emptied.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
      File delete failed. C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl scheduled to be deleted on reboot.
      FireFox cache emptied.
      Temp folders emptied.
      Explorer started successfully

      OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05032009_003518

      Files moved on Reboot...
      File C:\DOCUME~1\Ugo\LOCALS~1\Temp\etilqs_0kUK1R6GNuGSvUkq90Kj not found!
      C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\YQZTB5FX\MsgrConfig[1].asmx moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\QOQ298YO\sha1auth[1].srf moved successfully.
      File C:\Documents and Settings\Ugo\Local Settings\Temporary Internet Files\Content.IE5\L034MVT9\ADSAdClient31[1].txt not found!
      File C:\WINDOWS\temp\Perflib_Perfdata_2d0.dat not found!
      File C:\WINDOWS\temp\ZLT0467f.TMP not found!
      File C:\WINDOWS\temp\ZLT04682.TMP not found!
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_001_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_002_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_003_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\Cache\_CACHE_MAP_ moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\urlclassifier3.sqlite moved successfully.
      C:\Documents and Settings\Ugo\Local Settings\Application Data\Mozilla\Firefox\Profiles\wcxc9ybb.default\XUL.mfl moved successfully.


      je tente antivir tout de suite jte tiens au courrant.
      0
      1. Jawa > Jawa
         
        Toujours pareil pour antivir, il bloque au bout de 5 min
        voila le rapport:



        Avira AntiVir Personal
        Report file date: dimanche 3 mai 2009 00:42

        Scanning for 1373642 virus strains and unwanted programs.

        Licensee : Avira AntiVir Personal - FREE Antivirus
        Serial number : 0000149996-ADJIE-0000001
        Platform : Windows XP
        Windows version : (Service Pack 2) [5.1.2600]
        Boot mode : Normally booted
        Username : SYSTEM
        Computer name : UGO-TAI

        Version information:
        BUILD.DAT : 9.0.0.394 17962 Bytes 17/04/2009 11:20:00
        AVSCAN.EXE : 9.0.3.5 466689 Bytes 02/05/2009 11:09:16
        AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 08:58:24
        LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 09:35:49
        LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 08:58:52
        ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:30:36
        ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:33:26
        ANTIVIR2.VDF : 7.1.3.137 1810944 Bytes 30/04/2009 11:09:15
        ANTIVIR3.VDF : 7.1.3.140 17920 Bytes 02/05/2009 11:09:15
        Engineversion : 8.2.0.160
        AEVDF.DLL : 8.1.1.1 106868 Bytes 02/05/2009 11:09:16
        AESCRIPT.DLL : 8.1.1.79 385403 Bytes 02/05/2009 11:09:16
        AESCN.DLL : 8.1.1.10 127348 Bytes 02/05/2009 11:09:16
        AERDL.DLL : 8.1.1.3 438645 Bytes 29/10/2008 16:24:41
        AEPACK.DLL : 8.1.3.14 397685 Bytes 02/05/2009 11:09:16
        AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/02/2009 18:01:56
        AEHEUR.DLL : 8.1.0.122 1737080 Bytes 02/05/2009 11:09:16
        AEHELP.DLL : 8.1.2.2 119158 Bytes 26/02/2009 18:01:56
        AEGEN.DLL : 8.1.1.39 348532 Bytes 02/05/2009 11:09:15
        AEEMU.DLL : 8.1.0.9 393588 Bytes 09/10/2008 12:32:40
        AECORE.DLL : 8.1.6.9 176500 Bytes 02/05/2009 11:09:15
        AEBB.DLL : 8.1.0.3 53618 Bytes 09/10/2008 12:32:40
        AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 06:47:59
        AVPREF.DLL : 9.0.0.1 43777 Bytes 05/12/2008 08:32:15
        AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 12:34:28
        AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 08:32:09
        AVARKT.DLL : 9.0.0.3 292609 Bytes 02/05/2009 11:09:16
        AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 08:37:08
        SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 13:03:49
        SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 06:21:33
        NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 08:32:10
        RCIMAGE.DLL : 9.0.0.21 2438401 Bytes 09/02/2009 09:45:45
        RCTEXT.DLL : 9.0.37.0 86785 Bytes 02/05/2009 11:09:15

        Configuration settings for the scan:
        Jobname.............................: Complete system scan
        Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp
        Logging.............................: low
        Primary action......................: interactive
        Secondary action....................: ignore
        Scan master boot sector.............: on
        Scan boot sector....................: on
        Boot sectors........................: C:, D:,
        Process scan........................: on
        Scan registry.......................: on
        Search for rootkits.................: on
        Integrity checking of system files..: off
        Scan all files......................: All files
        Scan archives.......................: on
        Recursion depth.....................: 20
        Smart extensions....................: on
        Macro heuristic.....................: on
        File heuristic......................: medium

        Start of the scan: dimanche 3 mai 2009 00:42

        Starting search for hidden objects.
        The repair notes were written to the file 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\PROFILES\AVSCAN-20090503-004736-8EBE5766.avp'.
        c:\windows\system32\drivers\ovfsthtxnmihpxfbehkhsrcwvcphnjkpuibohn.sys
        [INFO] The file is not visible.
        [DETECTION] Is the TR/Dropper.Gen Trojan
        [NOTE] The file was moved to '4a62cdfe.qua'!
        c:\windows\system32\ovfsthamoujtwoxbsjfmoehpaqxcyicqlnyswc.dll
        [INFO] The file is not visible.
        [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
        [INFO] No SpecVir entry was found!
        c:\windows\system32\ovfsthgdvvbosqogqfhkofmkadbbantuyinwes.dat
        [INFO] The file is not visible.
        c:\windows\system32\ovfsthkmrwaotmgvekcitsnynqafxyiigetyuy.dat
        [INFO] The file is not visible.
        c:\windows\system32\ovfsthmamqqvrduhvuxxtonebpktovaacvyfss.dll
        [INFO] The file is not visible.
        [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
        [INFO] No SpecVir entry was found!
        c:\windows\system32\ovfsthtvdqujfkaqkicodpatbdkxbcfablxops.dll
        [INFO] The file is not visible.
        [DETECTION] Is the TR/Crypt.ZPACK.Gen Trojan
        [INFO] No SpecVir entry was found!
        c:\documents and settings\ugo\local settings\temp\ovfsthcxaxyeyive.tmp
        [INFO] The file is not visible.
        c:\documents and settings\ugo\local settings\temp\ovfsthpufnmkscjq.tmp
        [INFO] The file is not visible.
        c:\documents and settings\ugo\local settings\temp\ovfsthvoqhpftowc.tmp
        [INFO] The file is not visible.


        End of the scan: dimanche 3 mai 2009 00:47
        Used time: 05:23 Minute(s)

        The scan has been done completely.

        0 Scanned directories
        9 Files were scanned
        4 Viruses and/or unwanted programs were found
        0 Files were classified as suspicious
        0 files were deleted
        0 Viruses and unwanted programs were repaired
        1 Files were moved to quarantine
        0 Files were renamed
        0 Files cannot be scanned
        5 Files not concerned
        0 Archives were scanned
        0 Warnings
        1 Notes
        80177 Objects were scanned with rootkit scan
        16 Hidden objects were found
        0
    2. Jawa
       
      Alors?
      0
  9. Jawa
     
    Help? Personne peut m'aider? Je sais vraiment pas quoi faire...
    0
    1. Utilisateur anonyme
       
      pas de doublon SVP
      0
      1. Jawa > Utilisateur anonyme
         
        Quelqu'un pourrait il me repondre?
        0