Cheval de troie
Résolu
dede4240
Messages postés
243
Statut
Membre
-
FillPCA Messages postés 2264 Statut Contributeur sécurité -
FillPCA Messages postés 2264 Statut Contributeur sécurité -
Bonjour a tous je retente ma chance car j'ai postéun message il y a quelque jour qui semble t il est passé a la trappe..
j'ai un cheval de troie sur mon ordi qui est en train de se repandre partout en gros l'ordi est ralenti et des pub intempestive apparaissent sans cesse je viens de changer d'antivirus suite a une recommandation sur un forum j'ai donc installé antivir ( avant j'avasi avast) je vous poste le rapport aprezs analyse d'antivir... j'espereque qqn pourra m'aider car je viens d'aller rue montgallet et on me demande 60 euro pour reformatter l'ordi d'apres eux c est la seule chose a faire contre un cheval de trois... merci de votre aide
AntiVir PersonalEdition Classic
Report file date: 2007-11-03 13:15
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BEGNY-GA1A4CHG2
Version information:
BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2007-11-03 13:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '24' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\2EDF7FFG\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477c6725.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\5TVFVLU4\mosx1024[1]
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479f6776.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\Y2E0NSE5\isearch[1].htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4791678c.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a66e4f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cucpfbcc.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e63.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rslxxpph.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47986e62.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uaqifxbv.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479d6e50.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00198CA.dat.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e4e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\c124wvr.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475e6e21.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f6e62.qua'!
C:\RECYCLER\S-1-5-21-484763869-884357618-725345543-1003\Dc78.zip
[0] Archive type: ZIP
--> __c001EC51.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47636e63.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP19\A0006877.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was moved to '475c6e48.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP29\A0008577.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '475c6e89.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP60\A0013533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0a.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014704.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014707.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e57.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014854.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f11.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014861.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f12.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014863.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46c12e4b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014865.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f14.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f13.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4c.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014930.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4d.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014931.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f15.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP63\A0014989.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f18.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015109.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f1b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015220.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '475c6f1e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP65\A0015446.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '475c6f23.qua'!
C:\WINDOWS\mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f77.qua'!
C:\WINDOWS\mrofinu1000106.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46005930.qua'!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f79.qua'!
C:\WINDOWS\mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f78.qua'!
C:\WINDOWS\system32\lejygeds.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479671b9.qua'!
C:\WINDOWS\system32\nkiupqwt.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479571ca.qua'!
C:\WINDOWS\system32\spudscv.exe
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was moved to '47a171d9.qua'!
C:\WINDOWS\system32\__c009ADE2.dat
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\b3\rarndrll2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
[INFO] The file was moved to '479e72ab.qua'!
C:\WINDOWS\system32\u4\wr31drs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f7308.qua'!
End of the scan: 2007-11-03 14:07
Used time: 52:21 min
The scan has been done completely.
6463 Scanning directories
397755 Files were scanned
22 viruses and/or unwanted programs were found
16 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
397733 Files not concerned
6422 Archives were scanned
2 Warnings
50 Notes
j'ai un cheval de troie sur mon ordi qui est en train de se repandre partout en gros l'ordi est ralenti et des pub intempestive apparaissent sans cesse je viens de changer d'antivirus suite a une recommandation sur un forum j'ai donc installé antivir ( avant j'avasi avast) je vous poste le rapport aprezs analyse d'antivir... j'espereque qqn pourra m'aider car je viens d'aller rue montgallet et on me demande 60 euro pour reformatter l'ordi d'apres eux c est la seule chose a faire contre un cheval de trois... merci de votre aide
AntiVir PersonalEdition Classic
Report file date: 2007-11-03 13:15
Scanning for 1036370 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BEGNY-GA1A4CHG2
Version information:
BUILD.DAT : 269 15604 Bytes 2007-09-10 14:31:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 2006-05-31 12:32:40
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 2007-07-10 12:32:46
ANTIVIR2.VDF : 6.39.1.43 1542656 Bytes 2007-08-25 17:21:02
ANTIVIR3.VDF : 6.39.1.51 29696 Bytes 2007-08-28 07:22:36
AVEWIN32.DLL : 7.6.0.5 2789888 Bytes 2007-08-29 17:09:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 2007-08-03 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2007-11-03 13:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'HControl.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'TabUserW.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'Tablet.exe' - '1' Module(s) have been scanned
Scan process 'StkCSrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '24' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\2EDF7FFG\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '477c6725.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\5TVFVLU4\mosx1024[1]
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479f6776.qua'!
C:\Documents and Settings\BEGNY\Local Settings\Temporary Internet Files\Content.IE5\Y2E0NSE5\isearch[1].htm
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4791678c.qua'!
C:\qoobox\Quarantine\C\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47a66e4f.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\cucpfbcc.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e63.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\rslxxpph.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47986e62.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\uaqifxbv.dll.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479d6e50.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\__c00198CA.dat.vir
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '478f6e4e.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\c124wvr.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475e6e21.qua'!
C:\qoobox\Quarantine\C\WINDOWS\system32\u4\wr31drs.exe.vir
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f6e62.qua'!
C:\RECYCLER\S-1-5-21-484763869-884357618-725345543-1003\Dc78.zip
[0] Archive type: ZIP
--> __c001EC51.dat
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47636e63.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP19\A0006877.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was moved to '475c6e48.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP29\A0008577.dll
[DETECTION] Contains detection pattern of the dropper DR/Agent.141853.A
[INFO] The file was moved to '475c6e89.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP60\A0013533.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0a.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014704.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f0e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP61\A0014707.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e57.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014854.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f11.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014861.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f12.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014863.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '46c12e4b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014865.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f14.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014871.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f13.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014872.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4c.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014930.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46c12e4d.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP62\A0014931.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f15.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP63\A0014989.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475c6f18.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015109.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '475c6f1b.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP64\A0015220.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '475c6f1e.qua'!
C:\System Volume Information\_restore{1A8E027C-D601-467A-ABBC-00C5EF01FCC8}\RP65\A0015446.dll
[DETECTION] Is the Trojan horse TR/Trash.Gen
[INFO] The file was moved to '475c6f23.qua'!
C:\WINDOWS\mrofinu1000106.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f77.qua'!
C:\WINDOWS\mrofinu1000106.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46005930.qua'!
C:\WINDOWS\mrofinu1188.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f79.qua'!
C:\WINDOWS\mrofinu1188.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '479b6f78.qua'!
C:\WINDOWS\system32\lejygeds.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479671b9.qua'!
C:\WINDOWS\system32\nkiupqwt.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '479571ca.qua'!
C:\WINDOWS\system32\spudscv.exe
[DETECTION] Is the Trojan horse TR/Spy.Banker.Gen
[INFO] The file was moved to '47a171d9.qua'!
C:\WINDOWS\system32\__c009ADE2.dat
[DETECTION] Contains suspicious code HEUR/Malware
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\b3\rarndrll2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.buy.1
[INFO] The file was moved to '479e72ab.qua'!
C:\WINDOWS\system32\u4\wr31drs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '475f7308.qua'!
End of the scan: 2007-11-03 14:07
Used time: 52:21 min
The scan has been done completely.
6463 Scanning directories
397755 Files were scanned
22 viruses and/or unwanted programs were found
16 Files were classified as suspicious:
0 files were deleted
0 files were repaired
37 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
397733 Files not concerned
6422 Archives were scanned
2 Warnings
50 Notes
A voir également:
- Cheval de troie
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Qu'est ce que le cheval au poker - Forum Virus
- Comment se débarrasser d'un cheval de troie ✓ - Forum Virus
- Retrouver son cheval skyrim - Forum Jeux PC
42 réponses
bonsoir,
j'ai suivis toutes vos indication, et j'ai installé le nouveau parefeu...le pc ronronne a nouveau et je n'ai , semble il, plus de pbm... j'ai une derniere question cependant: quand dois-je reactiver la restauration systeme? je pense que je peux le faire maintenant car j'ai redemarré le pc en mode "restauration systeme desactivé"
je souhaite vous remercier tout spécialement d'avoir pris autant de votre temps pour m'aider, les gens comme vous se font rare de nos jours... vous n'imaginez pas de quelle situation vous m'avez sorti... je bosse depuis deux mois sur un projet flash a raison de 12 a 15 H par jour et je n'ai , bêtement pas pensé a sauvegarder mes donnés ailleurs... imaginez l'angoisse ce matin quand j'ai appris que je devais tout effacer... ce que vous m'avez fait faire relève a mes yeux plus du tour de passe passe qu'autre chose et j'admire la facilité avec laquelle vous êtes parvenu a me faire effectuer toutes ces manips complexes...
encore un immense merci pour votre bienveillance...
j'ai suivis toutes vos indication, et j'ai installé le nouveau parefeu...le pc ronronne a nouveau et je n'ai , semble il, plus de pbm... j'ai une derniere question cependant: quand dois-je reactiver la restauration systeme? je pense que je peux le faire maintenant car j'ai redemarré le pc en mode "restauration systeme desactivé"
je souhaite vous remercier tout spécialement d'avoir pris autant de votre temps pour m'aider, les gens comme vous se font rare de nos jours... vous n'imaginez pas de quelle situation vous m'avez sorti... je bosse depuis deux mois sur un projet flash a raison de 12 a 15 H par jour et je n'ai , bêtement pas pensé a sauvegarder mes donnés ailleurs... imaginez l'angoisse ce matin quand j'ai appris que je devais tout effacer... ce que vous m'avez fait faire relève a mes yeux plus du tour de passe passe qu'autre chose et j'admire la facilité avec laquelle vous êtes parvenu a me faire effectuer toutes ces manips complexes...
encore un immense merci pour votre bienveillance...
Bonjour,
Content d'avoir pu t'aider. Il faut en effet réactiver la restauration système et redémarrer le pc.
La protection d'un pc est nécessaire mais il faut surtout être prudent dans son surf : ne pas ouvrir de mails d'expéditeurs inconnus, pas de p2p, pas de cracks , ne pas installer n'importe quel programme et toujours le télécharger sur le site de l'éditeur s'il est fiable => 95 % des problèmes sont éliminés.
Pense à faire des sauvegardes régulières de tes documents. Enfin, un logiciels de restauration d'image système peut être utile en cas de gros pépin ou de plantage.
Bon surf !
FillPCA
Content d'avoir pu t'aider. Il faut en effet réactiver la restauration système et redémarrer le pc.
La protection d'un pc est nécessaire mais il faut surtout être prudent dans son surf : ne pas ouvrir de mails d'expéditeurs inconnus, pas de p2p, pas de cracks , ne pas installer n'importe quel programme et toujours le télécharger sur le site de l'éditeur s'il est fiable => 95 % des problèmes sont éliminés.
Pense à faire des sauvegardes régulières de tes documents. Enfin, un logiciels de restauration d'image système peut être utile en cas de gros pépin ou de plantage.
Bon surf !
FillPCA
