Infecté par Virtob

Résolu/Fermé
flobx33 -  
 jerome -
Tout d'abord bonjour, ce site m'a aidé de nombreuses fois mais aujourd'hui je n'ai pas trouvé de solutiions à mon problème.
Voilà mon problème la dernière fois j'ai fat un scan complet au démarrage avec Avast et il a trouvé environ 200 .exe infecté par win32:virtob, impossible de réparé les .exe il faut les supprimer ce que je refuse de faire étant donné que ces .exe sont tout ce dont je me sert ma question étant la suivante y a t-il une solution pour éradiquer ce virus sans supprimer les programmes infecté ?

J'ai windows Vista en version intégrale et à jour
Merci de votre aide.

Rapport HijackThis v2.0.2:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:19:31, on 16/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Users\Flo\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MySQL51 - Unknown owner - H:\Program.exe (file missing)
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe (file missing)

26 réponses

Précédent
  • 1
  • 2
Réponse 21 / 26
flobx33 Messages postés 9 Statut Membre
 
Raport Avira Antivir

AntiVir PersonalEdition Classic
Report file date: mardi 20 novembre 2007 10:51

Scanning for 935480 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: Flo
Computer name: FLO-PC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 09:48:01
ANTIVIR3.VDF : 7.0.0.236 138752 Bytes 20/11/2007 09:48:01
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 20/11/2007 09:48:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mardi 20 novembre 2007 10:51

Starting search for hidden objects.
'83525' objects were checked, '0' hidden objects were found.

End of the scan: mardi 20 novembre 2007 12:46
Used time: 1:55:14 min

The scan has been done completely.

15094 Scanning directories
188694 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
74 Files cannot be scanned
188694 Files not concerned
1066 Archives were scanned
75 Warnings
0 Notes
83525 Objects were scanned with rootkit scan
0 Hidden objects were found


ça c'est le scan de mon DD ou il y a windows je vais scanner mon autre DD interne ou il y a le virusmais d'abord il faut que je le brache je post le rapport après
0
Réponse 22 / 26
jalobservateur Messages postés 7539 Statut Contributeur sécurité 930
 
Super ! tu fais ça comme un chef!
Continues mon ami !!!
Passes toute la sauce!
Sur Windows, cliques le moins possible, laisses-le dormir...
Si tu avais Process explorer... tu pourrais lui couper sa source aussi...
E T no phone home Loll!
;-)
0
Réponse 23 / 26
flobx33 Messages postés 9 Statut Membre
 
Scan de l'autre Disque Dur interne:




AntiVir PersonalEdition Classic
Report file date: mardi 20 novembre 2007 16:28

Scanning for 935480 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Username: Flo
Computer name: FLO-PC

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 1103052
8 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.198 1206272 Bytes 11/11/2007 09:48:01
ANTIVIR3.VDF : 7.0.0.236 138752 Bytes 20/11/2007 09:48:01
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 20/11/2007 09:48:02
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\ProgramData\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: mardi 20 novembre 2007 16:28

Starting search for hidden objects.
'79906' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'MSASCui.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'infocard.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'FileZilla server.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
40 processes with 40 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!

Start scanning boot sectors:
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '7' files ).


Starting the file scan:

Begin scan in 'D:\' <Windows>
D:\grabit\downloads\vista installation.rar
[0] Archive type: RAR
--> vista installation\cl08seCu9\ocr\filer.net\AntiCaptcha\AntiCaptcha.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\megaupload.com\AntiCaptcha\AntiCaptcha.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\megaupload.com\AntiCaptcha\megafree.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\megaupload.com\FineReader\result.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\netload.in\FineReader\netload.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\netload.in\FineReader\result.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\netload.in\nur_fuer_disch\CleanNetload.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\netload.in\nur_fuer_disch\rapidclip.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\rapidshare.com\AntiCaptcha\AntiCaptcha.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\rapidshare.com\Bot check\Bot.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\ocr\rapidshare.de\BotCheck\BotCheck.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\router\Arcor Wlan Router 100\ztnbatch.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\router\FRITZ!Box\nc.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\router\FRITZ!Box\voip.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\router\Speedport w 500v\DisConnect.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\RouterClient.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\cl08seCu9\RouterRecorder.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\Fritzbox reconnect\bat\nc.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\Fritzbox reconnect\exe\nc.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\IfoEdit.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDBD\Advisor\CLDetect.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDBD\RichVideo\RichVideo.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDBD\RichVideo\RichVideoInstall.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDBD\RichVideo\RichVideoUnInstall.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDBD\Setup.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDHD\Advisor\CLDetect.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDHD\RichVideo\RichVideo.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDHD\RichVideo\RichVideoInstall.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDHD\RichVideo\RichVideoUnInstall.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\PDVDHD\Setup.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> vista installation\power dvd\Setup.exe
[DETECTION] Contains detection pattern of the SPR/RAS.A program
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16001
[WARNING] Failed!
D:\Program Files\NiProD.rar
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO
[INFO] The file was moved to '479301e7.qua'!
D:\Program Files\3d Dialing\3d Dialing.rar
[0] Archive type: RAR
--> dialing.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> uninstall.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
[INFO] The file was moved to '4763023e.qua'!
D:\Program Files\Microsoft Games\Age of Empires III\Age of Empires III.rar
[0] Archive type: RAR
--> instapup.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> splash.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> autopatcher.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
--> filecrc.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
[INFO] The file was moved to '47a802ed.qua'!
D:\Program Files\Notepad++\Notepad++.rar
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.AO
[INFO] The file was renamed to 'Notepad++.rar.VIR'!
D:\Program Files\UseNeXT\UseNeXT.rar
[0] Archive type: RAR
--> UseNeXT.exe
[DETECTION] Contains code of the Windows virus W32/Virut.AO
[INFO] The file was moved to '47a80fcf.qua'!


End of the scan: mardi 20 novembre 2007 17:48
Used time: 1:19:57 min

The scan has been done completely.

1545 Scanning directories
110234 Files were scanned
49 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
1 files were renamed
0 Files cannot be scanned
110185 Files not concerned
738 Archives were scanned
1 Warnings
111 Notes
79906 Objects were scanned with rootkit scan
0 Hidden objects were found


Apparement le virus vient de vista Installation qui est une archive rar que j'ai télécharger sur zdnet il me semble c'est une archive avec les meilleurs logiciels pour vista ...
Voilà c'est mon Disque dur secondaire qui est infecté pas de problème avec ma partition Windows donc j'installe zone alarm et je te tient au courant.

PS: D:\Program Files\Microsoft Games\Age of Empires III\Age of Empires III.rar c'est l'archive ou j'ai mis tout les .exe de AOE 3 (je peux plus y jouer heuresement j'ai sauvegarde le dossier ou les parties sont enregistré)

PPS: J'ai suprimé tout les fichiers de la quarentaines
0
Réponse 24 / 26
flobx33 Messages postés 9 Statut Membre
 
J'ai instaler process explorer mais aucun processus ne m'a l'air suspect mais comme je l'ai dit ma partition windows n'est pas infecté:


Process PID CPU Description Company Name
System Idle Process 0 1.52
Interrupts n/a 3.03 Hardware Interrupts
DPCs n/a 12.12 Deferred Procedure Calls
System 4
smss.exe 416 Windows Session Manager Microsoft Corporation
csrss.exe 484 Processus d'exécuttion client-serveur Microsoft Corporation
wininit.exe 532 Application de démarrage de Windows Microsoft Corporation
services.exe 616 Applications Services et Contrôleur Microsoft Corporation
svchost.exe 788 Processus hôte pour les services Windows Microsoft Corporation
svchost.exe 836 Processus hôte pour les services Windows Microsoft Corporation
svchost.exe 876 Processus hôte pour les services Windows Microsoft Corporation
svchost.exe 940 Processus hôte pour les services Windows Microsoft Corporation
audiodg.exe 1136 Isolation graphique de périphérique audio Windows Microsoft Corporation
svchost.exe 1036 9.09 Processus hôte pour les services Windows Microsoft Corporation
dwm.exe 1884 Gestionnaire de fenêtres du Bureau Microsoft Corporation
svchost.exe 1052 Processus hôte pour les services Windows Microsoft Corporation
taskeng.exe 272 Moteur du Planificateur de tâches Microsoft Corporation
taskeng.exe 2584 Moteur du Planificateur de tâches Microsoft Corporation
SLsvc.exe 1176 Service de gestion des licences Microsoft Microsoft Corporation
svchost.exe 1204 Processus hôte pour les services Windows Microsoft Corporation
svchost.exe 1376 Processus hôte pour les services Windows Microsoft Corporation
vsmon.exe 1432 TrueVector Service Check Point Software Technologies LTD
spoolsv.exe 2000 Application sous-système spouleur Microsoft Corporation
svchost.exe 2036 Processus hôte pour les services Windows Microsoft Corporation
FileZilla server.exe 924 FileZilla Server FileZilla Project
mdm.exe 1852 Machine Debug Manager Microsoft Corporation
svchost.exe 2088 Processus hôte pour les services Windows Microsoft Corporation
svchost.exe 2172 Processus hôte pour les services Windows Microsoft Corporation
svchost.exe 2208 Processus hôte pour les services Windows Microsoft Corporation
SearchIndexer.exe 2280 Microsoft Windows Search Indexer Microsoft Corporation
avguard.exe 3264 Antivirus On-Access Service Avira GmbH
sched.exe 4064 Antivirus Scheduler Avira GmbH
lsass.exe 632 1.52 Processus de l’autorité de sécurité locale Microsoft Corporation
lsm.exe 640 Service du gestionnaire de session locale Microsoft Corporation
csrss.exe 540 Processus d'exécuttion client-serveur Microsoft Corporation
winlogon.exe 572 Application d'ouverture de session Windows Microsoft Corporation
explorer.exe 1912 3.03 Explorateur Windows Microsoft Corporation
MSASCui.exe 488 Windows Defender User Interface Microsoft Corporation
SOUNDMAN.EXE 472 Realtek Sound Manager Realtek Semiconductor Corp.
zlclient.exe 652 ZoneAlarm Client Check Point Software Technologies LTD
firefox.exe 2064 Firefox Mozilla Corporation
procexp.exe 4060 62.12 Sysinternals Process Explorer Sysinternals
avgnt.exe 2852 Antivirus System Tray Tool Avira GmbH
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 26
jalobservateur Messages postés 7539 Statut Contributeur sécurité 930
 
Super continues!
Jettes tout ce qui te sembles bizz. et oui ok pour les process! Good news!
Mets Ccleaner et RegSeeker
RegSeeker mode auto.
Je vais tenter de revenir
Je suis encore en combat avec la famille Virut de Q et ses cousins/cousines LOLL
0
Réponse 26 / 26
pixel-mort Messages postés 51 Statut Membre 3
 
bonjour,

oh lala ton virus a l'air mechant ! tu la choper comment ? d/L sur emule, téléchargement illegale ?
si c'est le cas c'est bien fait pour toi, sinon ben achete un anti virus payant ou gratuit (antivir)

mais sache que dans les cas comme le tien, je te conseil de formater ton pc, j'espere pour toi que tu a fait des sauvgardes PC

amicalement
pixel-mort
-1

Discussions similaires

Virus détecté
Koony -
MisteryBean -

6 réponses
mustapha
mustapha -
Ainillia -

1 réponse
Menace détectée TrojanSMS-PA sur Google Huawei/Android
Outmost -
bazfile -

6 réponses
infecté par des virus
Lisy59120 -
Lisy59120 -

5 réponses
Virus non détecté par mon anti-virus ?
F2L -
cabrier -

12 réponses