Virus atraps gen 2
Fermé
jaycevolcom
Messages postés
8
Date d'inscription
vendredi 29 mars 2013
Statut
Membre
Dernière intervention
30 mars 2013
-
29 mars 2013 à 18:19
Utilisateur anonyme - 2 avril 2013 à 18:39
Utilisateur anonyme - 2 avril 2013 à 18:39
A voir également:
- Virus atraps gen 2
- 2 ecran pc - Guide
- Gto saison 2 - Forum Cinéma / Télé
- Win32:malware-gen ✓ - Forum Virus
- Virus mcafee - Accueil - Piratage
- Word numéro de page 1/2 - Guide
10 réponses
Utilisateur anonyme
29 mars 2013 à 18:41
29 mars 2013 à 18:41
Bonsoir
[*] Télécharger sur le bureau RogueKiller (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du rapport
@+
[*] Télécharger sur le bureau RogueKiller (by tigzy)
[*] Quitter tous les programmes
[*] Lancer RogueKiller.exe.
[*] Attendre que le Prescan ait fini ...
[*] Cliquer sur Scan. Cliquer sur Rapport et copier coller le contenu du rapport
@+
voici le rapport
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : legout [Droits d'admin]
Mode : Recherche -- Date : 29/03/2013 19:16:10
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 9 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\n.) [x] -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\n) [-] -> TROUVÉ
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\n) [-] -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\@ [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\L --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] 43b30392733cb2ecac4295ef5b51c21a
[BSP] afb95b465f2937054f1b102f50da048c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32770048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32974848 | Size: 297188 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 641615872 | Size: 297190 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: Seagate Portable USB Device +++++
--- User ---
[MBR] bcdea99337531baf68baff7cc0d94541
[BSP] b0e716624a2dbb878f4da2e2ea08995b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1]_S_29032013_191610.txt >>
RKreport[1]_S_29032013_191610.txt
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : http://www.sur-la-toile.com/discussion-193725-1--RogueKiller-Remontees.html
Site Web : http://www.sur-la-toile.com/RogueKiller/
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : legout [Droits d'admin]
Mode : Recherche -- Date : 29/03/2013 19:16:10
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 9 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> TROUVÉ
[HJ] HKLM\[...]\System : EnableLUA (0) -> TROUVÉ
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> TROUVÉ
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\n.) [x] -> TROUVÉ
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\n) [-] -> TROUVÉ
[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$RECYCLE.BIN\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\n) [-] -> TROUVÉ
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\n [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\@ [-] --> TROUVÉ
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\@ [-] --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\U --> TROUVÉ
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\U --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\L --> TROUVÉ
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-286311551-2488778920-1381968392-1000\$2be8ccdf27920dfeb82c14d7eff552ac\L --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> TROUVÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> TROUVÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] 43b30392733cb2ecac4295ef5b51c21a
[BSP] afb95b465f2937054f1b102f50da048c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32770048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32974848 | Size: 297188 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 641615872 | Size: 297190 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: Seagate Portable USB Device +++++
--- User ---
[MBR] bcdea99337531baf68baff7cc0d94541
[BSP] b0e716624a2dbb878f4da2e2ea08995b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[1]_S_29032013_191610.txt >>
RKreport[1]_S_29032013_191610.txt
Utilisateur anonyme
Modifié par Guillaume5188 le 29/03/2013 à 19:21
Modifié par Guillaume5188 le 29/03/2013 à 19:21
Re
Editer Poste en étant enregistré
Relance RogueKiller option suppression et poste moi ce rapport
Merci
@+
--------Contributeur Sécurité---------
On a tous été un jour débutant dans quelque chose.
Mais le savoir est la récompense de l'assiduité.
Editer Poste en étant enregistré
Relance RogueKiller option suppression et poste moi ce rapport
Merci
@+
--------Contributeur Sécurité---------
On a tous été un jour débutant dans quelque chose.
Mais le savoir est la récompense de l'assiduité.
jaycevolcom
Messages postés
8
Date d'inscription
vendredi 29 mars 2013
Statut
Membre
Dernière intervention
30 mars 2013
29 mars 2013 à 21:54
29 mars 2013 à 21:54
RogueKiller V8.5.4 [Mar 18 2013] par Tigzy
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : legout [Droits d'admin]
Mode : Suppression -- Date : 29/03/2013 21:52:04
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\U --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> SUPPRIMÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] 43b30392733cb2ecac4295ef5b51c21a
[BSP] afb95b465f2937054f1b102f50da048c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32770048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32974848 | Size: 297188 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 641615872 | Size: 297190 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: Seagate Portable USB Device +++++
--- User ---
[MBR] bcdea99337531baf68baff7cc0d94541
[BSP] b0e716624a2dbb878f4da2e2ea08995b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[4]_D_29032013_215204.txt >>
RKreport[1]_S_29032013_191610.txt ; RKreport[2]_D_29032013_214016.txt ; RKreport[3]_S_29032013_215058.txt ; RKreport[4]_D_29032013_215204.txt
mail : tigzyRK<at>gmail<dot>com
Remontees : https://www.luanagames.com/index.fr.html
Site Web : https://www.luanagames.com/index.fr.html
Blog : http://tigzyrk.blogspot.com/
Systeme d'exploitation : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Demarrage : Mode normal
Utilisateur : legout [Droits d'admin]
Mode : Suppression -- Date : 29/03/2013 21:52:04
| ARK || FAK || MBR |
¤¤¤ Processus malicieux : 0 ¤¤¤
¤¤¤ Entrees de registre : 0 ¤¤¤
¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$2be8ccdf27920dfeb82c14d7eff552ac\U --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_32\Desktop.ini [-] --> SUPPRIMÉ
[ZeroAccess][FILE] Desktop.ini : C:\Windows\Assembly\GAC_64\Desktop.ini [-] --> SUPPRIMÉ
¤¤¤ Driver : [NON CHARGE] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ Fichier HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Verif: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400AAKS-22A7B2 +++++
--- User ---
[MBR] 43b30392733cb2ecac4295ef5b51c21a
[BSP] afb95b465f2937054f1b102f50da048c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 32770048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 32974848 | Size: 297188 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 641615872 | Size: 297190 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive3: Seagate Portable USB Device +++++
--- User ---
[MBR] bcdea99337531baf68baff7cc0d94541
[BSP] b0e716624a2dbb878f4da2e2ea08995b : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Termine : << RKreport[4]_D_29032013_215204.txt >>
RKreport[1]_S_29032013_191610.txt ; RKreport[2]_D_29032013_214016.txt ; RKreport[3]_S_29032013_215058.txt ; RKreport[4]_D_29032013_215204.txt
jaycevolcom
Messages postés
8
Date d'inscription
vendredi 29 mars 2013
Statut
Membre
Dernière intervention
30 mars 2013
29 mars 2013 à 21:54
29 mars 2013 à 21:54
voici le rapport après suppression
Utilisateur anonyme
29 mars 2013 à 22:15
29 mars 2013 à 22:15
Re
On avance
Télécharge Malwaresbytes anti malware ici
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d'utilisation).
relance Malwaresbytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's. Sous Vista ;Seven ou Windows 8 (clic droit de la souris « exécuter en tant que administrateur »)
*Procèdes à une mise à jour
*Fais un examen dit "Complet"
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)
@+
On avance
Télécharge Malwaresbytes anti malware ici
https://www.commentcamarche.net/telecharger/securite/14361-malwarebytes-anti-malware/
* Installe le (choisis bien "français" ; ne modifie pas les paramètres d'installe ) et mets le à jour .
* Potasse le tuto pour te familiariser avec le prg :
https://forum.pcastuces.com/sujet.asp?f=31&s=3
(cela dis, il est très simple d'utilisation).
relance Malwaresbytes en suivant scrupuleusement ces consignes :
! Déconnecte toi et ferme toutes applications en cours !
* Lance Malwarebyte's. Sous Vista ;Seven ou Windows 8 (clic droit de la souris « exécuter en tant que administrateur »)
*Procèdes à une mise à jour
*Fais un examen dit "Complet"
--> Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
--> à la fin tu cliques sur "Afficher les résultats" " .
--> Vérifie que tous les objets infectés soient validés, puis clique sur " supprimer la sélection " .
Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !
Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwaresbytes, le dernier en date)
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
jaycevolcom
Messages postés
8
Date d'inscription
vendredi 29 mars 2013
Statut
Membre
Dernière intervention
30 mars 2013
30 mars 2013 à 08:17
30 mars 2013 à 08:17
voici le résultat:
Malwarebytes Anti-Malware (Essai) 1.70.0.1100
www.malwarebytes.org
Version de la base de données: v2013.03.29.14
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
legout :: LEGOUT-PC [administrateur]
Protection: Activé
29/03/2013 22:52:41
mbam-log-2013-03-29 (22-52-41).txt
Type d'examen: Examen complet (C:\|D:\|H:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 457003
Temps écoulé: 1 heure(s), 53 minute(s), 1 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\legout\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\469f5d9d-2503c58c (Rootkit.0Access.ZPE) -> Mis en quarantaine et supprimé avec succès.
(fin)
Malwarebytes Anti-Malware (Essai) 1.70.0.1100
www.malwarebytes.org
Version de la base de données: v2013.03.29.14
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
legout :: LEGOUT-PC [administrateur]
Protection: Activé
29/03/2013 22:52:41
mbam-log-2013-03-29 (22-52-41).txt
Type d'examen: Examen complet (C:\|D:\|H:\|Q:\|)
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 457003
Temps écoulé: 1 heure(s), 53 minute(s), 1 seconde(s)
Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)
Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)
Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)
Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)
Fichier(s) détecté(s): 1
C:\Users\legout\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\469f5d9d-2503c58c (Rootkit.0Access.ZPE) -> Mis en quarantaine et supprimé avec succès.
(fin)
Utilisateur anonyme
30 mars 2013 à 09:40
30 mars 2013 à 09:40
Bonjour
On finalise
Télécharge DelFix de Xplode
Lance le.
Tu as 5 choix :
Réactiver l'UAC
Supprimer les outils de désinfection (cocher par défaut)
Effectuer une sauvegarde du registre
Purger la restauration de système
Réinitialisation des paramètres usine
Tu coches ceux qui sont en gras
et tu exécutes
Le rapport se trouve ici généralement
C:\DelFix.txt
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
@+
On finalise
Télécharge DelFix de Xplode
Lance le.
Tu as 5 choix :
Réactiver l'UAC
Supprimer les outils de désinfection (cocher par défaut)
Effectuer une sauvegarde du registre
Purger la restauration de système
Réinitialisation des paramètres usine
Tu coches ceux qui sont en gras
et tu exécutes
Le rapport se trouve ici généralement
C:\DelFix.txt
Le reste de la sécurité : http://forum.malekal.com/comment-securiser-son-ordinateur.html
@+
jaycevolcom
Messages postés
8
Date d'inscription
vendredi 29 mars 2013
Statut
Membre
Dernière intervention
30 mars 2013
30 mars 2013 à 09:46
30 mars 2013 à 09:46
voici le résultat après delfix:
# DelFix v10.1 - Rapport créé le 30/03/2013 à 09:45:02
# Mis à jour le 23/02/2013 par Xplode
# Nom d'utilisateur : legout - LEGOUT-PC
~ Activation de l'UAC ... OK
~ Suppression des outils de désinfection ...
Supprimé : C:\TDSSKiller_Quarantine
Supprimé : C:\Users\legout\Desktop\RK_Quarantine
Supprimé : C:\TDSSKiller.2.8.16.0_29.03.2013_18.04.00_log.txt
Supprimé : C:\TDSSKiller.2.8.16.0_29.03.2013_18.05.28_log.txt
Supprimé : C:\Users\legout\Desktop\RogueKiller.exe
Supprimé : C:\Users\legout\Downloads\ComboFix.exe
Supprimé : C:\Users\legout\Downloads\tdsskiller.exe
~ Purge de la restauration système ...
Supprimé : RP #274 [Windows Update | 03/13/2013 21:52:33]
Supprimé : RP #275 [Point de contrôle planifié | 03/21/2013 17:43:30]
Supprimé : RP #276 [Windows Update | 03/27/2013 02:00:26]
Supprimé : RP #277 [Removed Polar WebSync. | 03/30/2013 07:34:47]
Supprimé : RP #278 [Removed Polar Daemon. | 03/30/2013 07:35:23]
Nouveau point de restauration créé !
########## - EOF - ##########
# DelFix v10.1 - Rapport créé le 30/03/2013 à 09:45:02
# Mis à jour le 23/02/2013 par Xplode
# Nom d'utilisateur : legout - LEGOUT-PC
~ Activation de l'UAC ... OK
~ Suppression des outils de désinfection ...
Supprimé : C:\TDSSKiller_Quarantine
Supprimé : C:\Users\legout\Desktop\RK_Quarantine
Supprimé : C:\TDSSKiller.2.8.16.0_29.03.2013_18.04.00_log.txt
Supprimé : C:\TDSSKiller.2.8.16.0_29.03.2013_18.05.28_log.txt
Supprimé : C:\Users\legout\Desktop\RogueKiller.exe
Supprimé : C:\Users\legout\Downloads\ComboFix.exe
Supprimé : C:\Users\legout\Downloads\tdsskiller.exe
~ Purge de la restauration système ...
Supprimé : RP #274 [Windows Update | 03/13/2013 21:52:33]
Supprimé : RP #275 [Point de contrôle planifié | 03/21/2013 17:43:30]
Supprimé : RP #276 [Windows Update | 03/27/2013 02:00:26]
Supprimé : RP #277 [Removed Polar WebSync. | 03/30/2013 07:34:47]
Supprimé : RP #278 [Removed Polar Daemon. | 03/30/2013 07:35:23]
Nouveau point de restauration créé !
########## - EOF - ##########
Utilisateur anonyme
30 mars 2013 à 09:49
30 mars 2013 à 09:49
Re
Lance une analyse avec ton antivirus à jour et communique moi le résultat
@+
Lance une analyse avec ton antivirus à jour et communique moi le résultat
@+
jaycevolcom
Messages postés
8
Date d'inscription
vendredi 29 mars 2013
Statut
Membre
Dernière intervention
30 mars 2013
30 mars 2013 à 12:32
30 mars 2013 à 12:32
voici le rapport de Avira
Avira Free Antivirus
Report file date: samedi 30 mars 2013 10:21
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : legout
Computer name : LEGOUT-PC
Version information:
BUILD.DAT : 13.0.0.3499 Bytes 19/03/2013 16:37:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 27/03/2013 19:19:02
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 11/12/2012 11:49:36
LUKE.DLL : 13.6.0.902 67808 Bytes 27/03/2013 19:19:19
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19/03/2013 17:05:37
AVREG.DLL : 13.6.0.940 250592 Bytes 19/03/2013 17:05:35
avlode.dll : 13.6.2.940 434912 Bytes 27/03/2013 19:19:01
avlode.rdf : 13.0.0.46 15591 Bytes 28/03/2013 16:39:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 16:35:30
VBASE008.VDF : 7.11.65.172 9122816 Bytes 21/03/2013 16:35:55
VBASE009.VDF : 7.11.65.173 2048 Bytes 21/03/2013 16:35:55
VBASE010.VDF : 7.11.65.174 2048 Bytes 21/03/2013 16:35:55
VBASE011.VDF : 7.11.65.175 2048 Bytes 21/03/2013 16:35:55
VBASE012.VDF : 7.11.65.176 2048 Bytes 21/03/2013 16:35:55
VBASE013.VDF : 7.11.66.48 120832 Bytes 22/03/2013 16:35:56
VBASE014.VDF : 7.11.66.133 339456 Bytes 24/03/2013 19:49:46
VBASE015.VDF : 7.11.66.209 317440 Bytes 25/03/2013 17:18:01
VBASE016.VDF : 7.11.67.57 224256 Bytes 27/03/2013 06:50:12
VBASE017.VDF : 7.11.67.143 264192 Bytes 28/03/2013 16:39:43
VBASE018.VDF : 7.11.67.229 126976 Bytes 29/03/2013 22:36:33
VBASE019.VDF : 7.11.67.230 2048 Bytes 29/03/2013 22:36:33
VBASE020.VDF : 7.11.67.231 2048 Bytes 29/03/2013 22:36:33
VBASE021.VDF : 7.11.67.232 2048 Bytes 29/03/2013 22:36:33
VBASE022.VDF : 7.11.67.233 2048 Bytes 29/03/2013 22:36:33
VBASE023.VDF : 7.11.67.234 2048 Bytes 29/03/2013 22:36:33
VBASE024.VDF : 7.11.67.235 2048 Bytes 29/03/2013 22:36:33
VBASE025.VDF : 7.11.67.236 2048 Bytes 29/03/2013 22:36:33
VBASE026.VDF : 7.11.67.237 2048 Bytes 29/03/2013 22:36:33
VBASE027.VDF : 7.11.67.238 2048 Bytes 29/03/2013 22:36:33
VBASE028.VDF : 7.11.67.239 2048 Bytes 29/03/2013 22:36:34
VBASE029.VDF : 7.11.67.240 2048 Bytes 29/03/2013 22:36:34
VBASE030.VDF : 7.11.67.241 2048 Bytes 29/03/2013 22:36:34
VBASE031.VDF : 7.11.68.36 3584 Bytes 29/03/2013 07:11:48
Engine version : 8.2.12.22
AEVDF.DLL : 8.1.2.10 102772 Bytes 19/09/2012 13:42:55
AESCRIPT.DLL : 8.1.4.102 471421 Bytes 28/03/2013 16:39:54
AESCN.DLL : 8.1.10.4 131446 Bytes 26/03/2013 17:18:05
AESBX.DLL : 8.2.5.12 606578 Bytes 28/08/2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10/01/2013 16:53:54
AEPACK.DLL : 8.3.2.6 827767 Bytes 28/03/2013 16:39:53
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08/03/2013 18:44:28
AEHEUR.DLL : 8.1.4.268 5861753 Bytes 28/03/2013 16:39:50
AEHELP.DLL : 8.1.25.2 258423 Bytes 17/10/2012 09:27:09
AEGEN.DLL : 8.1.7.2 442741 Bytes 26/03/2013 17:18:04
AEEXP.DLL : 8.4.0.14 192886 Bytes 22/03/2013 16:36:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 19/09/2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19/02/2013 14:57:30
AEBB.DLL : 8.1.1.4 53619 Bytes 08/11/2012 20:41:48
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12/02/2013 16:42:06
AVPREF.DLL : 13.6.0.480 51056 Bytes 12/02/2013 16:42:12
AVREP.DLL : 13.6.0.480 178544 Bytes 05/02/2013 17:17:40
AVARKT.DLL : 13.6.0.902 260832 Bytes 27/03/2013 19:18:57
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 27/03/2013 19:18:59
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19/09/2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12/02/2013 16:42:13
NETNT.DLL : 13.6.0.480 16240 Bytes 12/02/2013 16:42:34
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 11/12/2012 11:49:29
RCTEXT.DLL : 13.6.0.976 67296 Bytes 27/03/2013 19:18:46
Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldrives.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, H:, Q:, G:, I:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi 30 mars 2013 10:21
Starting master boot sector scan:
Start scanning boot sectors:
The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '103' Module(s) have been scanned
Scan process 'svchost.exe' - '71' Module(s) have been scanned
Scan process 'svchost.exe' - '128' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'spoolsv.exe' - '93' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'avguard.exe' - '77' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'GREGsvc.exe' - '15' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '37' Module(s) have been scanned
Scan process 'mbamservice.exe' - '53' Module(s) have been scanned
Scan process 'NOBuAgent.exe' - '30' Module(s) have been scanned
Scan process 'sftvsa.exe' - '32' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '27' Module(s) have been scanned
Scan process 'sftlist.exe' - '75' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '40' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '64' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '72' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '118' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'taskhost.exe' - '58' Module(s) have been scanned
Scan process 'mbamgui.exe' - '39' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'Explorer.EXE' - '170' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '43' Module(s) have been scanned
Scan process 'mwlDaemon.exe' - '73' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '46' Module(s) have been scanned
Scan process 'igfxtray.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'igfxpers.exe' - '32' Module(s) have been scanned
Scan process 'BJMYPRT.EXE' - '25' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '59' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '53' Module(s) have been scanned
Scan process 'MediaCenter.exe' - '58' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '41' Module(s) have been scanned
Scan process 'ANT Agent.exe' - '74' Module(s) have been scanned
Scan process 'ScanToPCActivationApp.exe' - '52' Module(s) have been scanned
Scan process 'MediaCenter.exe' - '126' Module(s) have been scanned
Scan process 'SSScheduler.exe' - '27' Module(s) have been scanned
Scan process 'RunDll32.exe' - '56' Module(s) have been scanned
Scan process 'HPNetworkCommunicator.exe' - '46' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'PmmUpdate.exe' - '44' Module(s) have been scanned
Scan process 'HotkeyUtility.exe' - '59' Module(s) have been scanned
Scan process 'ArcadeMovieService.exe' - '47' Module(s) have been scanned
Scan process 'HPNetworkCommunicator.exe' - '46' Module(s) have been scanned
Scan process 'AirNCFG.exe' - '46' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '69' Module(s) have been scanned
Scan process 'jusched.exe' - '41' Module(s) have been scanned
Scan process 'avgnt.exe' - '88' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '73' Module(s) have been scanned
Scan process 'soffice.exe' - '24' Module(s) have been scanned
Scan process 'soffice.bin' - '97' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'httpd.exe' - '54' Module(s) have been scanned
Scan process 'conhost.exe' - '20' Module(s) have been scanned
Scan process 'EgisUpdate.exe' - '44' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '32' Module(s) have been scanned
Scan process 'jucheck.exe' - '65' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '56' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '29' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '37' Module(s) have been scanned
Scan process 'avcenter.exe' - '118' Module(s) have been scanned
Scan process 'avscan.exe' - '108' Module(s) have been scanned
Scan process 'httpd.exe' - '53' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '68' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '2733' files ).
Starting the file scan:
Begin scan in 'C:\' <Acer>
[0] Archive type: RSRC
--> C:\Program Files (x86)\EgisTec MyWinLocker\HTCA_SelfExtract.bin
[1] Archive type: OVL
--> C:\Users\legout\AppData\Local\Temp\jar_cache3207164488153336083.tmp
[2] Archive type: ZIP
--> wcyEdCqVp/giJpSL.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.JX exploit
[WARNING] Infected files in archives cannot be repaired
C:\Users\legout\AppData\Local\Temp\jar_cache3207164488153336083.tmp
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.JX exploit
Begin scan in 'D:\' <Data>
Begin scan in 'H:\' <Expansion Drive>
--> H:\divers\picasaweb-current-setup.exe
[2] Archive type: RSRC
--> H:\divers\Tell Me More - Logiciel - Cours d'anglais - PRESTIGE.rar
[3] Archive type: RAR
--> H:\divers\vdownloader1.0\vdownloader_setup.exe
[4] Archive type: Inno Setup
--> {app}\eBay_shortcuts_1029.exe
[5] Archive type: NSIS
--> ProgramFilesDir/eBayShortcuts.exe
[6] Archive type: Runtime Packed
[DETECTION] Contains recognition pattern of the APPL/Yabector.Gen5 application
[WARNING] Infected files in archives cannot be repaired
H:\divers\vdownloader1.0\vdownloader_setup.exe
[DETECTION] Contains recognition pattern of the APPL/Yabector.Gen5 application
H:\dossiers\jayce\panda virus\PANDA_2007\Platinum\Files\RAntispam\pskmssvc.exe
[DETECTION] Contains recognition pattern of the W32/Parite.BadClean.Gen Windows virus
H:\Logiciel\Nero7\Nero7Keygen.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
--> H:\Logiciel\picasaweb-current-setup.exe
[4] Archive type: RSRC
--> H:\Logiciel\Nero7\Nero7Keygen.zip
[5] Archive type: ZIP
--> Nero7Keygen.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
[WARNING] Infected files in archives cannot be repaired
H:\Logiciel\Nero7\Nero7Keygen.zip
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Accès refusé.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\' <Adibou3>
Beginning disinfection:
H:\Logiciel\Nero7\Nero7Keygen.zip
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
[NOTE] The file was moved to the quarantine directory under the name '57056f3c.qua'!
H:\Logiciel\Nero7\Nero7Keygen.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
[NOTE] The file was moved to the quarantine directory under the name '4f92409b.qua'!
H:\dossiers\jayce\panda virus\PANDA_2007\Platinum\Files\RAntispam\pskmssvc.exe
[DETECTION] Contains recognition pattern of the W32/Parite.BadClean.Gen Windows virus
[NOTE] The file was moved to the quarantine directory under the name '1dc41a62.qua'!
H:\divers\vdownloader1.0\vdownloader_setup.exe
[DETECTION] Contains recognition pattern of the APPL/Yabector.Gen5 application
[NOTE] The file was moved to the quarantine directory under the name '7bf755b1.qua'!
C:\Users\legout\AppData\Local\Temp\jar_cache3207164488153336083.tmp
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.JX exploit
[NOTE] The file was moved to the quarantine directory under the name '3e7e788c.qua'!
End of the scan: samedi 30 mars 2013 12:31
Used time: 1:31:48 Hour(s)
The scan has been done completely.
34926 Scanned directories
895722 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
895714 Files not concerned
12982 Archives were scanned
3 Warnings
5 Notes
Avira Free Antivirus
Report file date: samedi 30 mars 2013 10:21
The program is running as an unrestricted full version.
Online services are available.
Licensee : Avira Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 Home Premium
Windows version : (Service Pack 1) [6.1.7601]
Boot mode : Normally booted
Username : legout
Computer name : LEGOUT-PC
Version information:
BUILD.DAT : 13.0.0.3499 Bytes 19/03/2013 16:37:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 27/03/2013 19:19:02
AVSCANRC.DLL : 13.4.0.360 54560 Bytes 11/12/2012 11:49:36
LUKE.DLL : 13.6.0.902 67808 Bytes 27/03/2013 19:19:19
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 19/03/2013 17:05:37
AVREG.DLL : 13.6.0.940 250592 Bytes 19/03/2013 17:05:35
avlode.dll : 13.6.2.940 434912 Bytes 27/03/2013 19:19:01
avlode.rdf : 13.0.0.46 15591 Bytes 28/03/2013 16:39:54
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 13:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 13:50:31
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20/12/2011 13:50:34
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01/02/2012 13:50:36
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28/03/2012 13:50:37
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29/06/2012 13:42:40
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06/09/2012 13:42:40
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22/11/2012 16:35:30
VBASE008.VDF : 7.11.65.172 9122816 Bytes 21/03/2013 16:35:55
VBASE009.VDF : 7.11.65.173 2048 Bytes 21/03/2013 16:35:55
VBASE010.VDF : 7.11.65.174 2048 Bytes 21/03/2013 16:35:55
VBASE011.VDF : 7.11.65.175 2048 Bytes 21/03/2013 16:35:55
VBASE012.VDF : 7.11.65.176 2048 Bytes 21/03/2013 16:35:55
VBASE013.VDF : 7.11.66.48 120832 Bytes 22/03/2013 16:35:56
VBASE014.VDF : 7.11.66.133 339456 Bytes 24/03/2013 19:49:46
VBASE015.VDF : 7.11.66.209 317440 Bytes 25/03/2013 17:18:01
VBASE016.VDF : 7.11.67.57 224256 Bytes 27/03/2013 06:50:12
VBASE017.VDF : 7.11.67.143 264192 Bytes 28/03/2013 16:39:43
VBASE018.VDF : 7.11.67.229 126976 Bytes 29/03/2013 22:36:33
VBASE019.VDF : 7.11.67.230 2048 Bytes 29/03/2013 22:36:33
VBASE020.VDF : 7.11.67.231 2048 Bytes 29/03/2013 22:36:33
VBASE021.VDF : 7.11.67.232 2048 Bytes 29/03/2013 22:36:33
VBASE022.VDF : 7.11.67.233 2048 Bytes 29/03/2013 22:36:33
VBASE023.VDF : 7.11.67.234 2048 Bytes 29/03/2013 22:36:33
VBASE024.VDF : 7.11.67.235 2048 Bytes 29/03/2013 22:36:33
VBASE025.VDF : 7.11.67.236 2048 Bytes 29/03/2013 22:36:33
VBASE026.VDF : 7.11.67.237 2048 Bytes 29/03/2013 22:36:33
VBASE027.VDF : 7.11.67.238 2048 Bytes 29/03/2013 22:36:33
VBASE028.VDF : 7.11.67.239 2048 Bytes 29/03/2013 22:36:34
VBASE029.VDF : 7.11.67.240 2048 Bytes 29/03/2013 22:36:34
VBASE030.VDF : 7.11.67.241 2048 Bytes 29/03/2013 22:36:34
VBASE031.VDF : 7.11.68.36 3584 Bytes 29/03/2013 07:11:48
Engine version : 8.2.12.22
AEVDF.DLL : 8.1.2.10 102772 Bytes 19/09/2012 13:42:55
AESCRIPT.DLL : 8.1.4.102 471421 Bytes 28/03/2013 16:39:54
AESCN.DLL : 8.1.10.4 131446 Bytes 26/03/2013 17:18:05
AESBX.DLL : 8.2.5.12 606578 Bytes 28/08/2012 15:58:06
AERDL.DLL : 8.2.0.88 643444 Bytes 10/01/2013 16:53:54
AEPACK.DLL : 8.3.2.6 827767 Bytes 28/03/2013 16:39:53
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08/03/2013 18:44:28
AEHEUR.DLL : 8.1.4.268 5861753 Bytes 28/03/2013 16:39:50
AEHELP.DLL : 8.1.25.2 258423 Bytes 17/10/2012 09:27:09
AEGEN.DLL : 8.1.7.2 442741 Bytes 26/03/2013 17:18:04
AEEXP.DLL : 8.4.0.14 192886 Bytes 22/03/2013 16:36:04
AEEMU.DLL : 8.1.3.2 393587 Bytes 19/09/2012 13:42:55
AECORE.DLL : 8.1.31.2 201080 Bytes 19/02/2013 14:57:30
AEBB.DLL : 8.1.1.4 53619 Bytes 08/11/2012 20:41:48
AVWINLL.DLL : 13.6.0.480 26480 Bytes 12/02/2013 16:42:06
AVPREF.DLL : 13.6.0.480 51056 Bytes 12/02/2013 16:42:12
AVREP.DLL : 13.6.0.480 178544 Bytes 05/02/2013 17:17:40
AVARKT.DLL : 13.6.0.902 260832 Bytes 27/03/2013 19:18:57
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 27/03/2013 19:18:59
SQLITE3.DLL : 3.7.0.1 397088 Bytes 19/09/2012 17:17:40
AVSMTP.DLL : 13.6.0.480 62832 Bytes 12/02/2013 16:42:13
NETNT.DLL : 13.6.0.480 16240 Bytes 12/02/2013 16:42:34
RCIMAGE.DLL : 13.4.0.360 4782880 Bytes 11/12/2012 11:49:29
RCTEXT.DLL : 13.6.0.976 67296 Bytes 27/03/2013 19:18:46
Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\program files (x86)\avira\antivir desktop\alldrives.avp
Reporting...........................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:, H:, Q:, G:, I:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Limit recursion depth...............: 20
Smart extensions....................: on
Macrovirus heuristic................: on
File heuristic......................: extended
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: samedi 30 mars 2013 10:21
Starting master boot sector scan:
Start scanning boot sectors:
The scan of running processes will be started:
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '58' Module(s) have been scanned
Scan process 'svchost.exe' - '103' Module(s) have been scanned
Scan process 'svchost.exe' - '71' Module(s) have been scanned
Scan process 'svchost.exe' - '128' Module(s) have been scanned
Scan process 'svchost.exe' - '80' Module(s) have been scanned
Scan process 'spoolsv.exe' - '93' Module(s) have been scanned
Scan process 'sched.exe' - '43' Module(s) have been scanned
Scan process 'avguard.exe' - '77' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '68' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '35' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'GREGsvc.exe' - '15' Module(s) have been scanned
Scan process 'mbamscheduler.exe' - '37' Module(s) have been scanned
Scan process 'mbamservice.exe' - '53' Module(s) have been scanned
Scan process 'NOBuAgent.exe' - '30' Module(s) have been scanned
Scan process 'sftvsa.exe' - '32' Module(s) have been scanned
Scan process 'UpdaterService.exe' - '27' Module(s) have been scanned
Scan process 'sftlist.exe' - '75' Module(s) have been scanned
Scan process 'IAANTMon.exe' - '40' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '64' Module(s) have been scanned
Scan process 'avshadow.exe' - '20' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '72' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '34' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '118' Module(s) have been scanned
Scan process 'svchost.exe' - '48' Module(s) have been scanned
Scan process 'taskhost.exe' - '58' Module(s) have been scanned
Scan process 'mbamgui.exe' - '39' Module(s) have been scanned
Scan process 'Dwm.exe' - '31' Module(s) have been scanned
Scan process 'Explorer.EXE' - '170' Module(s) have been scanned
Scan process 'IAAnotif.exe' - '43' Module(s) have been scanned
Scan process 'mwlDaemon.exe' - '73' Module(s) have been scanned
Scan process 'RAVCpl64.exe' - '46' Module(s) have been scanned
Scan process 'igfxtray.exe' - '29' Module(s) have been scanned
Scan process 'hkcmd.exe' - '28' Module(s) have been scanned
Scan process 'igfxpers.exe' - '32' Module(s) have been scanned
Scan process 'BJMYPRT.EXE' - '25' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '59' Module(s) have been scanned
Scan process 'MSOSYNC.EXE' - '53' Module(s) have been scanned
Scan process 'MediaCenter.exe' - '58' Module(s) have been scanned
Scan process 'SpotifyWebHelper.exe' - '41' Module(s) have been scanned
Scan process 'ANT Agent.exe' - '74' Module(s) have been scanned
Scan process 'ScanToPCActivationApp.exe' - '52' Module(s) have been scanned
Scan process 'MediaCenter.exe' - '126' Module(s) have been scanned
Scan process 'SSScheduler.exe' - '27' Module(s) have been scanned
Scan process 'RunDll32.exe' - '56' Module(s) have been scanned
Scan process 'HPNetworkCommunicator.exe' - '46' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '29' Module(s) have been scanned
Scan process 'PmmUpdate.exe' - '44' Module(s) have been scanned
Scan process 'HotkeyUtility.exe' - '59' Module(s) have been scanned
Scan process 'ArcadeMovieService.exe' - '47' Module(s) have been scanned
Scan process 'HPNetworkCommunicator.exe' - '46' Module(s) have been scanned
Scan process 'AirNCFG.exe' - '46' Module(s) have been scanned
Scan process 'AdobeARM.exe' - '69' Module(s) have been scanned
Scan process 'jusched.exe' - '41' Module(s) have been scanned
Scan process 'avgnt.exe' - '88' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '73' Module(s) have been scanned
Scan process 'soffice.exe' - '24' Module(s) have been scanned
Scan process 'soffice.bin' - '97' Module(s) have been scanned
Scan process 'iPodService.exe' - '33' Module(s) have been scanned
Scan process 'httpd.exe' - '54' Module(s) have been scanned
Scan process 'conhost.exe' - '20' Module(s) have been scanned
Scan process 'EgisUpdate.exe' - '44' Module(s) have been scanned
Scan process 'OSPPSVC.EXE' - '32' Module(s) have been scanned
Scan process 'jucheck.exe' - '65' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '56' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '29' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '37' Module(s) have been scanned
Scan process 'avcenter.exe' - '118' Module(s) have been scanned
Scan process 'avscan.exe' - '108' Module(s) have been scanned
Scan process 'httpd.exe' - '53' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'wininit.exe' - '26' Module(s) have been scanned
Scan process 'csrss.exe' - '18' Module(s) have been scanned
Scan process 'services.exe' - '33' Module(s) have been scanned
Scan process 'lsass.exe' - '68' Module(s) have been scanned
Scan process 'lsm.exe' - '16' Module(s) have been scanned
Scan process 'winlogon.exe' - '31' Module(s) have been scanned
Starting to scan executable files (registry):
The registry was scanned ( '2733' files ).
Starting the file scan:
Begin scan in 'C:\' <Acer>
[0] Archive type: RSRC
--> C:\Program Files (x86)\EgisTec MyWinLocker\HTCA_SelfExtract.bin
[1] Archive type: OVL
--> C:\Users\legout\AppData\Local\Temp\jar_cache3207164488153336083.tmp
[2] Archive type: ZIP
--> wcyEdCqVp/giJpSL.class
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.JX exploit
[WARNING] Infected files in archives cannot be repaired
C:\Users\legout\AppData\Local\Temp\jar_cache3207164488153336083.tmp
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.JX exploit
Begin scan in 'D:\' <Data>
Begin scan in 'H:\' <Expansion Drive>
--> H:\divers\picasaweb-current-setup.exe
[2] Archive type: RSRC
--> H:\divers\Tell Me More - Logiciel - Cours d'anglais - PRESTIGE.rar
[3] Archive type: RAR
--> H:\divers\vdownloader1.0\vdownloader_setup.exe
[4] Archive type: Inno Setup
--> {app}\eBay_shortcuts_1029.exe
[5] Archive type: NSIS
--> ProgramFilesDir/eBayShortcuts.exe
[6] Archive type: Runtime Packed
[DETECTION] Contains recognition pattern of the APPL/Yabector.Gen5 application
[WARNING] Infected files in archives cannot be repaired
H:\divers\vdownloader1.0\vdownloader_setup.exe
[DETECTION] Contains recognition pattern of the APPL/Yabector.Gen5 application
H:\dossiers\jayce\panda virus\PANDA_2007\Platinum\Files\RAntispam\pskmssvc.exe
[DETECTION] Contains recognition pattern of the W32/Parite.BadClean.Gen Windows virus
H:\Logiciel\Nero7\Nero7Keygen.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
--> H:\Logiciel\picasaweb-current-setup.exe
[4] Archive type: RSRC
--> H:\Logiciel\Nero7\Nero7Keygen.zip
[5] Archive type: ZIP
--> Nero7Keygen.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
[WARNING] Infected files in archives cannot be repaired
H:\Logiciel\Nero7\Nero7Keygen.zip
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
Begin scan in 'Q:\'
Search path Q:\ could not be opened!
System error [5]: Accès refusé.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\' <Adibou3>
Beginning disinfection:
H:\Logiciel\Nero7\Nero7Keygen.zip
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
[NOTE] The file was moved to the quarantine directory under the name '57056f3c.qua'!
H:\Logiciel\Nero7\Nero7Keygen.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Keygen.4507 program
[NOTE] The file was moved to the quarantine directory under the name '4f92409b.qua'!
H:\dossiers\jayce\panda virus\PANDA_2007\Platinum\Files\RAntispam\pskmssvc.exe
[DETECTION] Contains recognition pattern of the W32/Parite.BadClean.Gen Windows virus
[NOTE] The file was moved to the quarantine directory under the name '1dc41a62.qua'!
H:\divers\vdownloader1.0\vdownloader_setup.exe
[DETECTION] Contains recognition pattern of the APPL/Yabector.Gen5 application
[NOTE] The file was moved to the quarantine directory under the name '7bf755b1.qua'!
C:\Users\legout\AppData\Local\Temp\jar_cache3207164488153336083.tmp
[DETECTION] Contains recognition pattern of the EXP/CVE-2012-1723.JX exploit
[NOTE] The file was moved to the quarantine directory under the name '3e7e788c.qua'!
End of the scan: samedi 30 mars 2013 12:31
Used time: 1:31:48 Hour(s)
The scan has been done completely.
34926 Scanned directories
895722 Files were scanned
8 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
5 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
895714 Files not concerned
12982 Archives were scanned
3 Warnings
5 Notes
Utilisateur anonyme
2 avril 2013 à 18:39
2 avril 2013 à 18:39
Bonsoir
Tu joues avec des licences illégitimes
Tu te feras reprendre
@+
Tu joues avec des licences illégitimes
Tu te feras reprendre
@+
