Sujet Précédent Sujet Suivant

Question sur un rapport d'avast ?

chtimipdc -  
 chtimipdc -
Bonsoir,

J'aurais une question. Je viens d'effectuer l'analyse de mon pc fixe à l'aide de "Avast" et "Ad aware". Avec Ad aware rien a signaler. Par contre avec Avast, il m'a signalé que "certains fichiers n'ont pas pu être scannés" et en dessous une longue liste de nom de fichier et dans la colonne "état" y est indiqué pour tous les fichier " Erreur l'archive est protégée par un mot de passe ( 42056)"

Par exemple
C:\User\Sandrine\Downloads\install_flashplayer10_mssd_aih.exe l>adobe\images\bgDownloadBarEmpty.png

ou
C:\User\Sandrine\Downloads\install_flashplayer10_mssd_aih.exe l>adobe\_css\default.css

Que dois je faire ? Supprimer, mettre en quarantaine ?
Est-ce un virus ou non ?

Merci pour votre aide.
A voir également:

7 réponses

Réponse 1 / 7
kalimusic Messages postés 14619 Statut Contributeur sécurité 3 027
 
Bonsoir,

Désinstalle Ad-Adware, ce logiciel est dépassé et fait double emploi avec ton anti-virus.

Avast! te signale que des fichiers n'ont pas pu être scannés.
C'est tout, pas d'infections.

A +
2
Réponse 2 / 7
juju666 Messages postés 35446 Date d'inscription   Statut Contributeur sécurité Dernière intervention   4 796
 
Bonsoir TLM

@fau pas que ...
Je ne comprends pas pourquoi tu as fait utiliser le removal de Kaspersky.
Inutile.

@chtimipdc : il faut maintenir Internet Explorer à jour, même si tu ne l'utilise pas, ça comble des failles de sécurité par lesquelles s'introduisent les malwares.

Hello kali et mat' :)

A+
2
Réponse 3 / 7
faut pas que.....
 
Salut ,

Peux-tu faire se scan---> http://support.kaspersky.com/fr/viruses/utility

clic à coté de---> Kaspersky Virus Removal Tool --->sur--> telecharger [EXE, 101 MB]

n'oublie pas de le configuré , clic sur le rond denté et coche toutes les cases !!!

poste en fin de scan le rapport en prenant soins en cas d'infections de bien supprimé !

-------------- ----------------- -------------- --------------- -------------- ------

puis éffectue se scan---> http://www.clubic.com/telecharger-fiche215092-malwarebytes-anti-malware.html

premierement , effectue la mise à jour(important , onglet mise à jour)

ensuite , fais un scan complet

en cas d'infections , supprime la selection , puis re-démarre ton ordinateur ,

comme il te le demanderas

poste le rapport, stp

-
0
chtimipdc
 
Merci pour c'est infos "faut pas que...".

J'ai suivi tes instructions, j'ai téléchargé "kaspersky", j'ai lancé le scan, mais je ne pourrai pas te mettre le rapport ce soir, car d'après ce qu'il indique, le scan sera terminé dans 1 jour. Je le mettrai que qu'il sera terminé. J'espère seulement que mon pc ne s'arrêtera pas durant la nuit.
0
chtimipdc
 
Hier soir, quand le scan avec Kaspersky c'est terminé. Il m'a anoncé deux infections que j'ai fait supprimer. Mais je n'ai pas vue de rapport, je dois l'avoir où ? Ou où aurais je dû le trouver ?

Cette après midi je lance le scan avec clubic.
0
chtimipdc
 
Voilà le rapport obtenue avec malwaeabytes :
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Version de la base de données: 7726

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120

16/09/2011 15:55:54
mbam-log-2011-09-16 (15-55-54).txt

Type d'examen: Examen complet (A:\|C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Elément(s) analysé(s): 319492
Temps écoulé: 1 heure(s), 23 minute(s), 36 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Je suis pas expert en informatique, mais d'après ce que j'ai pu lire, je n'ai pas de virus. C'est ça ?
Je vais faire la même chose demain avec mon portable.
Merci encore "Faut pas que...." pour votre aide. Une dernière question. Connaissez vous un bon anti virus gratuit ?
0
Réponse 4 / 7
chtimipdc
 
Bonjour et bon week end,

Voici le rapport sur Kaspersky :
Results of system analysis

Kaspersky Virus Removal Tool 11.0.0.1245 (database released 16/09/2011; 10:55)
List of processes
File name PID Description Copyright MD5 Information
c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate 1156 avast! Service Copyright (c) 2011 AVAST Software ?? 43.72 kb, rsAh,
created: 12.09.2011 11:35:51,
modified: 06.09.2011 22:45:28
Command line:
"C:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
cAudioFilterAgent64.exe
Script: Quarantine, Delete, BC delete, Terminate 2532 ?? error getting file info
Command line:
CFIWmxSvcs64.exe
Script: Quarantine, Delete, BC delete, Terminate 2052 ?? error getting file info
Command line:
mcsacore.exe
Script: Quarantine, Delete, BC delete, Terminate 1592 ?? error getting file info
Command line:
PresentationFontCache.exe
Script: Quarantine, Delete, BC delete, Terminate 1432 ?? error getting file info
Command line:
SmoothView.exe
Script: Quarantine, Delete, BC delete, Terminate 2788 ?? error getting file info
Command line:
c:\program files (x86)\openoffice.org 3\program\soffice.bin
Script: Quarantine, Delete, BC delete, Terminate 3836 OpenOffice.org 3.2 Copyright © 2000-2010 by Oracle, Inc. ?? 11047.00 kb, rsAh,
created: 21.05.2010 00:01:30,
modified: 21.05.2010 00:01:30
Command line:
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
SynTPEnh.exe
Script: Quarantine, Delete, BC delete, Terminate 3032 ?? error getting file info
Command line:
SynTPHelper.exe
Script: Quarantine, Delete, BC delete, Terminate 3700 ?? error getting file info
Command line:
TCrdMain.exe
Script: Quarantine, Delete, BC delete, Terminate 3000 ?? error getting file info
Command line:
TemproTray.exe
Script: Quarantine, Delete, BC delete, Terminate 1700 ?? error getting file info
Command line:
TMachInfo.exe
Script: Quarantine, Delete, BC delete, Terminate 4876 ?? error getting file info
Command line:
TosCoSrv.exe
Script: Quarantine, Delete, BC delete, Terminate 2372 ?? error getting file info
Command line:
ToshibaReminder.exe
Script: Quarantine, Delete, BC delete, Terminate 3112 ?? error getting file info
Command line:
ToshibaServiceStation.exe
Script: Quarantine, Delete, BC delete, Terminate 2484 ?? error getting file info
Command line:
TosNcCore.exe
Script: Quarantine, Delete, BC delete, Terminate 2172 ?? error getting file info
Command line:
TosReelTimeMonitor.exe
Script: Quarantine, Delete, BC delete, Terminate 2080 ?? error getting file info
Command line:
TosSENotify.exe
Script: Quarantine, Delete, BC delete, Terminate 4480 ?? error getting file info
Command line:
TosSmartSrv.exe
Script: Quarantine, Delete, BC delete, Terminate 3996 ?? error getting file info
Command line:
TPwrMain.exe
Script: Quarantine, Delete, BC delete, Terminate 2704 ?? error getting file info
Command line:
wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate 396 ?? error getting file info
Command line:
Detected:80, recognized as trusted 61
Module name Handle Description Copyright MD5 Used by processes
C:\Program Files (x86)\OpenOffice.org 3\program\behelper.uno.dll
Script: Quarantine, Delete, BC delete 134021120 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\configmgr2.uno.dll
Script: Quarantine, Delete, BC delete 131530752 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\emsermi.dll
Script: Quarantine, Delete, BC delete 232521728 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\fwemi.dll
Script: Quarantine, Delete, BC delete 31719424 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\fwkmi.dll
Script: Quarantine, Delete, BC delete 155648000 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\i18nisolang1MSC.dll
Script: Quarantine, Delete, BC delete 27262976 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\i18npapermi.dll
Script: Quarantine, Delete, BC delete 38666240 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\i18nutilMSC.dll
Script: Quarantine, Delete, BC delete 38797312 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\icudt40.dll
Script: Quarantine, Delete, BC delete 40042496 ICU Data DLL Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\icuuc40.dll
Script: Quarantine, Delete, BC delete 38993920 IBM ICU Common DLL Copyright (C) 2008, International Business Machines Corporation and others. All Rights Reserved. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\localebe1.uno.dll
Script: Quarantine, Delete, BC delete 133890048 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\oleautobridge.uno.dll
Script: Quarantine, Delete, BC delete 200212480 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\oooimprovementmi.dll
Script: Quarantine, Delete, BC delete 173277184 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\sax.uno.dll
Script: Quarantine, Delete, BC delete 133627904 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\sbmi.dll
Script: Quarantine, Delete, BC delete 61407232 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\sofficeapp.dll
Script: Quarantine, Delete, BC delete 1507328 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\sotmi.dll
Script: Quarantine, Delete, BC delete 38273024 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\svlmi.dll
Script: Quarantine, Delete, BC delete 56229888 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\sysmgr1.uno.dll
Script: Quarantine, Delete, BC delete 133300224 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\tlmi.dll
Script: Quarantine, Delete, BC delete 33751040 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\ucb1.dll
Script: Quarantine, Delete, BC delete 154927104 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\ucbhelper4MSC.dll
Script: Quarantine, Delete, BC delete 26607616 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\utlmi.dll
Script: Quarantine, Delete, BC delete 33161216 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\vos3MSC.dll
Script: Quarantine, Delete, BC delete 27066368 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\program\xcrmi.dll
Script: Quarantine, Delete, BC delete 62849024 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\bootstrap.uno.dll
Script: Quarantine, Delete, BC delete 105381888 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppu3.dll
Script: Quarantine, Delete, BC delete 3276800 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll
Script: Quarantine, Delete, BC delete 2031616 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\jvmfwk3.dll
Script: Quarantine, Delete, BC delete 60096512 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\msci_uno.dll
Script: Quarantine, Delete, BC delete 64946176 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\reg3.dll
Script: Quarantine, Delete, BC delete 102039552 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\sal3.dll
Script: Quarantine, Delete, BC delete 268435456 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\salhelper3MSC.dll
Script: Quarantine, Delete, BC delete 2555904 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stlport_vc7145.dll
Script: Quarantine, Delete, BC delete 3473408 STLport Copyright (C) Boris Fomitchev -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\stocservices.uno.dll
Script: Quarantine, Delete, BC delete 132972544 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\store3.dll
Script: Quarantine, Delete, BC delete 105906176 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files (x86)\OpenOffice.org 3\URE\bin\uwinapi.dll
Script: Quarantine, Delete, BC delete 1310720 Copyright © 2010 by Oracle, Inc. -- 3836
C:\Program Files\Alwil Software\Avast5\defs\11091601\algo.dll
Script: Quarantine, Delete, BC delete 1809580032 -- 1156
Modules detected:441, recognized as trusted 403
Kernel Space Modules Viewer
Module Base address Size in memory Description Manufacturer
C:\Windows\System32\Drivers\dump_dumpfve.sys
Script: Quarantine, Delete, BC delete 4E5C000 013000 (77824)
C:\Windows\System32\Drivers\dump_iaStor.sys
Script: Quarantine, Delete, BC delete 36A3000 11C000 (1163264)
Modules detected - 158, recognized as trusted - 156
Services
Service Description Status File Group Dependencies
Detected - 164, recognized as trusted - 164
Drivers
Service Description Status File Group Dependencies
Detected - 256, recognized as trusted - 256
Autoruns
File name Status Startup method Description
C:\Program Files\Common Files\McAfee\SystemCore\mfehidk_messages.dll
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, SYSTEM\CurrentControlSet\Services\Eventlog\System\mfehidk, EventMessageFile
C:\Users\sandrine\AppData\Local\Temp\_uninst_64255090.bat
Script: Quarantine, Delete, BC delete Active Shortcut in Autoruns folder C:\Users\sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\, C:\Users\sandrine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_64255090.lnk,
C:\Windows\system32\psxss.exe
Script: Quarantine, Delete, BC delete -- Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Session Manager\SubSystems, Posix
auditcse.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions\{f3ccc681-b74c-4060-9f26-cd84525dca2a}, DLLName
Delete
igfxdev.dll
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui, DLLName
Delete
rdpclip
Script: Quarantine, Delete, BC delete Active Registry key HKEY_LOCAL_MACHINE, System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd, StartupPrograms
Delete
Autoruns items detected - 593, recognized as trusted - 587
Microsoft Internet Explorer extension modules (BHOs, Toolbars ...)
File name Type Description Manufacturer CLSID
Elements detected - 5, recognized as trusted - 5
Windows Explorer extension modules
File name Destination Description Manufacturer CLSID
"C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl_x64.dll"
Script: Quarantine, Delete, BC delete ColumnHandler {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
Delete
ColumnHandler {F9DB5320-233E-11D1-9F84-707F02C10627}
Delete
Elements detected - 9, recognized as trusted - 7
Printing system extensions (print monitors, providers)
File name Type Name Description Manufacturer
localspl.dll
Script: Quarantine, Delete, BC delete Monitor Local Port
FXSMON.DLL
Script: Quarantine, Delete, BC delete Monitor Microsoft Shared Fax Monitor
tcpmon.dll
Script: Quarantine, Delete, BC delete Monitor Standard TCP/IP Port
usbmon.dll
Script: Quarantine, Delete, BC delete Monitor USB Monitor
WSDMon.dll
Script: Quarantine, Delete, BC delete Monitor WSD Port
inetpp.dll
Script: Quarantine, Delete, BC delete Provider HTTP Print Services
Elements detected - 7, recognized as trusted - 1
Task Scheduler jobs
File name Job name Job status Description Manufacturer
Elements detected - 7, recognized as trusted - 7
SPI/LSP settings
Namespace providers (NSP)
Provider Status EXE file Description GUID
Detected - 8, recognized as trusted - 8
Transport protocol providers (TSP, LSP)
Provider EXE file Description
Detected - 10, recognized as trusted - 10
Results of automatic SPI settings check

LSP settings checked. No errors detected

TCP/UDP ports
Port Status Remote Host Remote Port Application Notes
TCP ports
135 LISTENING 0.0.0.0 0 [800] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
139 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
445 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
554 LISTENING 0.0.0.0 0 [396] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
2869 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
5357 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
10243 LISTENING 0.0.0.0 0 [4] System
Script: Quarantine, Delete, BC delete, Terminate
12025 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12080 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12110 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12119 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12143 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12465 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12563 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12993 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
12995 LISTENING 0.0.0.0 0 [1156] c:\program files\alwil software\avast5\avastsvc.exe
Script: Quarantine, Delete, BC delete, Terminate
49152 LISTENING 0.0.0.0 0 [528] wininit.exe
Script: Quarantine, Delete, BC delete, Terminate
49153 LISTENING 0.0.0.0 0 [848] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49154 LISTENING 0.0.0.0 0 [600] lsass.exe
Script: Quarantine, Delete, BC delete, Terminate
49155 LISTENING 0.0.0.0 0 [1000] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49156 LISTENING 0.0.0.0 0 [576] services.exe
Script: Quarantine, Delete, BC delete, Terminate
49168 LISTENING 0.0.0.0 0 [1700] TemproTray.exe
Script: Quarantine, Delete, BC delete, Terminate
50490 TIME_WAIT 127.0.0.1 12080 [0]
UDP ports
68 LISTENING -- -- [848] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
137 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
138 LISTENING -- -- [4] System
Script: Quarantine, Delete, BC delete, Terminate
500 LISTENING -- -- [1000] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1233 LISTENING -- -- [4876] TMachInfo.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1864] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
1900 LISTENING -- -- [1864] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [796] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1864] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [796] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
3702 LISTENING -- -- [1864] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
4500 LISTENING -- -- [1000] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
5004 LISTENING -- -- [396] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5005 LISTENING -- -- [396] wmpnetwk.exe
Script: Quarantine, Delete, BC delete, Terminate
5355 LISTENING -- -- [1080] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49801 LISTENING -- -- [1864] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
49802 LISTENING -- -- [1864] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
52605 LISTENING -- -- [796] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
57468 LISTENING -- -- [796] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
58096 LISTENING -- -- [1864] svchost.exe
Script: Quarantine, Delete, BC delete, Terminate
61389 LISTENING -- -- [4004] c:\program files (x86)\msn toolbar\platform\5.0.1399.0\mswinext.exe
Script: Quarantine, Delete, BC delete, Terminate
Downloaded Program Files (DPF)
File name Description Manufacturer CLSID Source URL
Elements detected - 0, recognized as trusted - 0
Control Panel Applets (CPL)
File name Description Manufacturer
C:\Windows\system32\FlashPlayerCPLApp.cpl
Script: Quarantine, Delete, BC delete Adobe Flash Player Control Panel Applet Copyright © 1996-2010 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
Elements detected - 19, recognized as trusted - 18
Active Setup
File name Description Manufacturer CLSID
Elements detected - 9, recognized as trusted - 9
HOSTS file
Hosts file record
Protocols and handlers
File name Type Description Manufacturer CLSID
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
mscoree.dll
Script: Quarantine, Delete, BC delete Protocol Microsoft .NET Runtime Execution Engine () © Microsoft Corporation. All rights reserved. {1E66F26B-79EE-11D2-8710-00C04F79ED0D}
Delete
Elements detected - 18, recognized as trusted - 15
Suspicious objects
File Description Type
F:\autorun.inf
Script: Quarantine, Delete, BC delete Suspicion by Heuristic analysis HSC: suspicion for hidden autorun (high degree of probability)

Main script of analysis
Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
System Restore: enabled
>>> F:\autorun.inf HSC: suspicion for hidden autorun (high degree of probability)
>> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
>> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
>> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
> Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
>> Security: disk drives' autorun is enabled
>> Security: administrative shares (C$, D$ ...) are enabled
>> Security: anonymous user access is enabled
>> Security: sending Remote Assistant queries is enabled
>> Disable HDD autorun
>> Disable autorun from network drives
>> Disable CD/DVD autorun
>> Disable removable media autorun
>> Windows Explorer - show extensions of known file types
System Analysis in progress

System Analysis - complete

Script commands

Add commands to script:

* Blocking hooks using Anti-Rootkit
* Enable AVZGuard
* Operations with AVZPM (true=enable,false=disable)
* BootCleaner - import list of deleted files
* BootCleaner - import all
* Registry cleanup after deleting files
* ExecuteWizard ('TSW',2,3,true) - Running Troubleshooting wizard
* BootCleaner - activate
* Reboot
* Insert template for QuarantineFile() - quarantining file
* Insert template for BC_QrFile() - quarantining file via BootCleaner
* Insert template for DeleteFile() - deleting file
* Insert template for DelCLSID() - deleting CLSID item from registry

Additional operations:

* Performance tweaking: disable service TermService (@%SystemRoot%\System32\termsrv.dll,-268)
* Performance tweaking: disable service SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
* Performance tweaking: disable service Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
* Security tweaking: disable CD autorun
* Security tweaking: disable administrative shares
* Security tweaking: disable anonymous user access
* Security: disable sending Remote Assistant queries

File list

La j'y comprends rien.

Je vais lancer malwarebytes maintenant.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 7
chtimipdc
 
Bonsoir "Faut que..."

Tu me demandes de mettre a jour internet explorer, mais je ne l'utilise plus depuis un moment, j'utilise mozilla firefox maintenant comme navigateur.

Est ce un problème d'utiliser mozilla ?
0
Réponse 6 / 7
chtimipdc
 
Merci "Faut pas que pour ton aide"

et merci au autres pour vos conseils.
0
Réponse 7 / 7
faut pas que.....
 
Re-Salut ,

tres bien ,

quelque petite choses à mettre à jour (important)

désinstalle-----> AVAST5 avec---> http://www.clubic.com/telecharger-fiche39528-revouninstaller.html

tu telecharge revo , puis l'ouvre , tu véras tout tes logiciels ,

selectionne---> AVAST5(mets le en subrillance bleu)puis clic en haut sur désinstaller

suis la procedure jusqu'a qu'il te dise terminer

ensuite telecharge-------> http://www.clubic.com/telecharger-fiche11113-avast-antivirus-gratuit-6.html

apres telecharge internet explorer 9----> http://www.clubic.com/telecharger-fiche221602-internet-explorer-9.html

vérifie que tu es à jour via---->WINDOWS UPDATE (important)

aide toi de ses 2 logiciels pour mettre à jour ton systeme :

1) ---> http://secunia.com/vulnerability_scanning/personal/

2) --->http://www.filehippo.com/updatechecker/

-
-1
Utilisateur anonyme
 
Bonjour, quel intérêt de se mettre des plus1 tout seul !?

On fait la star !?
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
Phishing faux mail d'avast
Colette34 -
Gerper -

2 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
Arnaque installation Avast Premium security
Eldanield -
bazfile -

9 réponses
arnaque de avast prelevement sans autorisation
petit -
Petittoune -

15 réponses