39 virus détectés : qui est chaud ? :) - Page 2

Résolu
Précédent
  • 1
  • 2
  1. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    Rapport de ZHPFix 1.12.3260 par Nicolas Coolman, Update du 11/03/2011
    Fichier d'export Registre : C:\ZHPExportRegistry-20-03-2011-21-40-26.txt
    Run by Ludovic at 20/03/2011 21:40:26
    Windows XP Home Edition Service Pack 3 (Build 2600)
    Web site : http://www.premiumorange.com/zeb-help-process/zhpfix.html
    Contact : nicolascoolman@yahoo.fr

    ========== Clé(s) du Registre ==========
    SS - | Auto 28/08/2009 0 | (aswUpdSv) . (...) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe => Clé supprimée avec succès
    O64 - Services: CurCS - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (.not file.) - avast! iAVS4 Control Service (aswUpdSv) .(...) - LEGACY_ASWUPDSV => Clé supprimée avec succès
    HKLM\Software\Panda Software => Clé supprimée avec succès

    ========== Dossier(s) ==========
    C:\Program Files\Panda Security => Supprimé et mis en quarantaine
    C:\Program Files\Emsisoft Anti-Malware => Supprimé et mis en quarantaine

    ========== Fichier(s) ==========
    c:\program files\alwil software\avast4\aswupdsv.exe => Fichier absent

    ========== Récapitulatif ==========
    3 : Clé(s) du Registre
    2 : Dossier(s)
    1 : Fichier(s)

    End of the scan
    0
  2. Utilisateur anonyme
     
    ok, comment va le pc? toujours des problèmes?
    0
  3. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    A part UninstallAV qui est detecté par antivir comme un virus, j'ai l'impression que ça va mieux.
    Je dois avoir pas mal de processus qui tournent et qui ne servent à rien.
    Aussi des programmes inutiles..

    Je vais refaire un coup de MBAM et AD-REMOVER peut être également?
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    A part UninstallAV qui est detecté par antivir comme un virus, j'ai l'impression que ça va mieux.

    tu as moyens via antivir de signaler le logiciel comme étant non infecter? c'est moi qui l'ai fait, je peux te dire qu'il est propre. lol

    Je vais refaire un coup de MBAM et AD-REMOVER peut être également?
    un zhpdiag me suffira.

    Je dois avoir pas mal de processus qui tournent et qui ne servent à rien.
    Aussi des programmes inutiles..

    t'inquiète, j'ai tout ce qu'il faut a la fin.
    ▶▶▶ CONTRIBUTEUR SÉCURITÉ ◀◀◀

    Qualification Helper sur HELPER FORMATION.
    0
  6. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    tu as moyens via antivir de signaler le logiciel comme étant non infecter? c'est moi qui l'ai fait, je peux te dire qu'il est propre. lol

    Je viens de voir ça. Merci

    zhpdiag dans 3-4 minutes. Je termine un truc que je ne peux pas mettre en pause :)
    0
  7. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    http://cjoint.com/?1dvvEwswMTW

    Aussi Antivir me signale 3 virus et MBAM (en cours) 1 virus
    0
    1. Utilisateur anonyme
       
      ok alors, j'attends ton rapport MBAM pour le reste.
      0
  8. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Version de la base de données: 6092

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    22/03/2011 00:03:30
    mbam-log-2011-03-22 (00-03-30).txt

    Type d'examen: Examen complet (C:\|)
    Elément(s) analysé(s): 275120
    Temps écoulé: 1 heure(s), 20 minute(s), 35 seconde(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 0
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 1

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    c:\system volume information\_restore{58f2378a-346c-49c9-9919-d1d804f5fda0}\RP698\A0143618.exe (Trojan.Crypt) -> Quarantined and deleted successfully.
    0
  9. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    Après analyse avec Avira:
    3 virus détectés (dont celui d'UninstallAV mais on s'en fout):

    Avira AntiVir Personal
    Report file date: mardi 22 mars 2011 08:35

    Scanning for 2519619 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows XP
    Windows version : (Service Pack 3) [5.1.2600]
    Boot mode : Normally booted
    Username : SYSTEM
    Computer name : GEPEMA_LUDOVIC

    Version information:
    BUILD.DAT : 10.0.0.635 31822 Bytes 07/03/2011 12:15:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 10/01/2011 13:23:31
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 10/01/2011 13:23:40
    LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:23:50
    VBASE002.VDF : 7.11.3.0 1950720 Bytes 09/02/2011 21:38:29
    VBASE003.VDF : 7.11.3.1 2048 Bytes 09/02/2011 21:38:29
    VBASE004.VDF : 7.11.3.2 2048 Bytes 09/02/2011 21:38:29
    VBASE005.VDF : 7.11.3.3 2048 Bytes 09/02/2011 21:38:29
    VBASE006.VDF : 7.11.3.4 2048 Bytes 09/02/2011 21:38:29
    VBASE007.VDF : 7.11.3.5 2048 Bytes 09/02/2011 21:38:29
    VBASE008.VDF : 7.11.3.6 2048 Bytes 09/02/2011 21:38:29
    VBASE009.VDF : 7.11.3.7 2048 Bytes 09/02/2011 21:38:29
    VBASE010.VDF : 7.11.3.8 2048 Bytes 09/02/2011 21:38:29
    VBASE011.VDF : 7.11.3.9 2048 Bytes 09/02/2011 21:38:29
    VBASE012.VDF : 7.11.3.10 2048 Bytes 09/02/2011 21:38:30
    VBASE013.VDF : 7.11.3.59 157184 Bytes 14/02/2011 21:38:30
    VBASE014.VDF : 7.11.3.97 120320 Bytes 16/02/2011 21:38:30
    VBASE015.VDF : 7.11.3.148 128000 Bytes 19/02/2011 21:38:31
    VBASE016.VDF : 7.11.3.183 140288 Bytes 22/02/2011 21:38:31
    VBASE017.VDF : 7.11.3.216 124416 Bytes 24/02/2011 21:38:31
    VBASE018.VDF : 7.11.3.251 159232 Bytes 28/02/2011 21:38:32
    VBASE019.VDF : 7.11.4.33 148992 Bytes 02/03/2011 21:38:32
    VBASE020.VDF : 7.11.4.73 150016 Bytes 06/03/2011 21:38:33
    VBASE021.VDF : 7.11.4.108 122880 Bytes 08/03/2011 21:38:33
    VBASE022.VDF : 7.11.4.150 133120 Bytes 10/03/2011 21:38:33
    VBASE023.VDF : 7.11.4.183 122368 Bytes 14/03/2011 21:38:34
    VBASE024.VDF : 7.11.4.228 123392 Bytes 16/03/2011 21:38:34
    VBASE025.VDF : 7.11.5.8 246272 Bytes 21/03/2011 07:28:36
    VBASE026.VDF : 7.11.5.9 2048 Bytes 21/03/2011 07:28:36
    VBASE027.VDF : 7.11.5.10 2048 Bytes 21/03/2011 07:28:36
    VBASE028.VDF : 7.11.5.11 2048 Bytes 21/03/2011 07:28:37
    VBASE029.VDF : 7.11.5.12 2048 Bytes 21/03/2011 07:28:37
    VBASE030.VDF : 7.11.5.13 2048 Bytes 21/03/2011 07:28:37
    VBASE031.VDF : 7.11.5.22 68096 Bytes 22/03/2011 07:28:37
    Engineversion : 8.2.4.188
    AEVDF.DLL : 8.1.2.1 106868 Bytes 10/01/2011 13:23:26
    AESCRIPT.DLL : 8.1.3.57 1261947 Bytes 19/03/2011 22:26:45
    AESCN.DLL : 8.1.7.2 127349 Bytes 10/01/2011 13:23:26
    AESBX.DLL : 8.1.3.2 254324 Bytes 10/01/2011 13:23:26
    AERDL.DLL : 8.1.9.8 639346 Bytes 16/03/2011 21:38:42
    AEPACK.DLL : 8.2.4.12 520567 Bytes 16/03/2011 21:38:41
    AEOFFICE.DLL : 8.1.1.17 205177 Bytes 16/03/2011 21:38:40
    AEHEUR.DLL : 8.1.2.87 3371383 Bytes 19/03/2011 22:26:44
    AEHELP.DLL : 8.1.16.1 246134 Bytes 16/03/2011 21:38:37
    AEGEN.DLL : 8.1.5.3 397684 Bytes 19/03/2011 22:26:41
    AEEMU.DLL : 8.1.3.0 393589 Bytes 10/01/2011 13:23:18
    AECORE.DLL : 8.1.19.2 196983 Bytes 16/03/2011 21:38:35
    AEBB.DLL : 8.1.1.0 53618 Bytes 10/01/2011 13:23:18
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 10/01/2011 13:23:32
    AVPREF.DLL : 10.0.0.0 44904 Bytes 10/01/2011 13:23:30
    AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 10/01/2011 13:23:31
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 10/01/2011 13:23:31
    AVARKT.DLL : 10.0.22.6 231784 Bytes 10/01/2011 13:23:27
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 10/01/2011 13:23:28
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 10/01/2011 13:23:31
    NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 10/01/2011 13:23:52

    Configuration settings for the scan:
    Jobname.............................: Complete system scan
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:,
    Process scan........................: on
    Extended process scan...............: on
    Scan registry.......................: on
    Search for rootkits.................: on
    Integrity checking of system files..: off
    Scan all files......................: All files
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: mardi 22 mars 2011 08:35

    Starting search for hidden objects.
    In the module 'AVARKT.DLL' an exception occured.
    Calling the function ARK_Scan
    Error description:UNKNOWN
    EAX = 0B53D154 EBX = 0B53D324
    ECX = 00000000 EDX = 00000003
    ESI = 0B53D1DC EDI = 0b53d340
    EIP = 7C812AFB EBP = 0B53D1A4
    ESP = 0B53D150 Flg = 00000206
    CS = 00000023 SS = 0000001B

    The scan of running processes will be started
    Scan process 'plugin-container.exe' - '59' Module(s) have been scanned
    Scan process 'msdtc.exe' - '40' Module(s) have been scanned
    Scan process 'dllhost.exe' - '59' Module(s) have been scanned
    Scan process 'dllhost.exe' - '45' Module(s) have been scanned
    Scan process 'vssvc.exe' - '48' Module(s) have been scanned
    Scan process 'avscan.exe' - '68' Module(s) have been scanned
    Scan process 'avcenter.exe' - '62' Module(s) have been scanned
    Scan process 'firefox.exe' - '81' Module(s) have been scanned
    Scan process 'alg.exe' - '33' Module(s) have been scanned
    Scan process 'wmiapsrv.exe' - '45' Module(s) have been scanned
    Scan process 'postgres.exe' - '24' Module(s) have been scanned
    Scan process 'postgres.exe' - '24' Module(s) have been scanned
    Scan process 'postgres.exe' - '24' Module(s) have been scanned
    Scan process 'postgres.exe' - '26' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'Apntex.exe' - '14' Module(s) have been scanned
    Scan process 'pg_ctl.exe' - '30' Module(s) have been scanned
    Scan process 'TPSBattM.exe' - '21' Module(s) have been scanned
    Scan process 'avshadow.exe' - '26' Module(s) have been scanned
    Scan process 'mdm.exe' - '21' Module(s) have been scanned
    Scan process 'jqs.exe' - '72' Module(s) have been scanned
    Scan process 'DVDRAMSV.exe' - '13' Module(s) have been scanned
    Scan process 'CFSvcs.exe' - '43' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '29' Module(s) have been scanned
    Scan process 'avguard.exe' - '53' Module(s) have been scanned
    Scan process 'rapimgr.exe' - '43' Module(s) have been scanned
    Scan process 'RAMASST.exe' - '18' Module(s) have been scanned
    Scan process 'Wcescomm.exe' - '43' Module(s) have been scanned
    Scan process 'avgnt.exe' - '51' Module(s) have been scanned
    Scan process 'jusched.exe' - '21' Module(s) have been scanned
    Scan process 'tfswctrl.exe' - '28' Module(s) have been scanned
    Scan process 'TFncKy.exe' - '26' Module(s) have been scanned
    Scan process 'TPSMain.exe' - '33' Module(s) have been scanned
    Scan process 'TCtrlIOHook.exe' - '20' Module(s) have been scanned
    Scan process 'ZoomingHook.exe' - '15' Module(s) have been scanned
    Scan process 'Apoint.exe' - '40' Module(s) have been scanned
    Scan process 'AGRSMMSG.exe' - '18' Module(s) have been scanned
    Scan process 'atiptaxx.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '34' Module(s) have been scanned
    Scan process 'sched.exe' - '46' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '57' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '91' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '19' Module(s) have been scanned
    Scan process 'svchost.exe' - '37' Module(s) have been scanned
    Scan process 'svchost.exe' - '32' Module(s) have been scanned
    Scan process 'svchost.exe' - '165' Module(s) have been scanned
    Scan process 'svchost.exe' - '38' Module(s) have been scanned
    Scan process 'svchost.exe' - '51' Module(s) have been scanned
    Scan process 'Ati2evxx.exe' - '15' Module(s) have been scanned
    Scan process 'lsass.exe' - '58' Module(s) have been scanned
    Scan process 'services.exe' - '27' Module(s) have been scanned
    Scan process 'winlogon.exe' - '68' Module(s) have been scanned
    Scan process 'csrss.exe' - '12' Module(s) have been scanned
    Scan process 'smss.exe' - '2' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!

    Starting to scan executable files (registry).
    The registry was scanned ( '467' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\Documents and Settings\Ludovic\Bureau\uninstallAV_v110.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.bgwt back-door program
    C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP698\A0143619.exe
    [DETECTION] Is the TR/Agent.59904.B Trojan
    C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP698\A0143620.ico
    [DETECTION] Contains recognition pattern of the KIT/GeeBat construction kit

    Beginning disinfection:
    C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP698\A0143620.ico
    [DETECTION] Contains recognition pattern of the KIT/GeeBat construction kit
    [NOTE] The file was moved to the quarantine directory under the name '46c35f3a.qua'.
    C:\System Volume Information\_restore{58F2378A-346C-49C9-9919-D1D804F5FDA0}\RP698\A0143619.exe
    [DETECTION] Is the TR/Agent.59904.B Trojan
    [NOTE] The file was moved to the quarantine directory under the name '5e54709d.qua'.
    C:\Documents and Settings\Ludovic\Bureau\uninstallAV_v110.exe
    [DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.bgwt back-door program
    [NOTE] The file was moved to the quarantine directory under the name '0c432a33.qua'.

    End of the scan: mardi 22 mars 2011 20:41
    Used time: 1:33:04 Hour(s)

    The scan has been done completely.

    9134 Scanned directories
    412742 Files were scanned
    3 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    3 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    412739 Files not concerned
    7895 Archives were scanned
    0 Warnings
    3 Notes
    463668 Objects were scanned with rootkit scan
    1 Hidden objects were found
    0
  10. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    testé mais il n'analyse aucun fichier
    "Fichiers analysés : 0"

    il détecte Avira et m'indique que ça peut géner l'analyse.
    Même en désactivant Avira, rien y fait.
    0
    1. Utilisateur anonyme
       
      avira te trouve toujours des fichiers infecter?
      0
  11. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    oui 2 que j'ai mis en quarantaine
    0
  12. Pedro-Rookie Messages postés 94 Statut Membre 1
     
    J'ai refait des scans à laide de MBAM et Antivir, à priori tout est rentré dans l'ordre

    Mon PC revit à nouveau :)
    Un grand Merci pour ton aide 91300.
    0
Précédent
  • 1
  • 2