Au secours envahie de "cheval de troie"
Résolu
manuella30
-
manuella30 Messages postés 76 Statut Membre -
manuella30 Messages postés 76 Statut Membre -
Bonjour,
mon ordinateur est infeste de 5 virus
Win32:AGENT-KIR il y en a deux
Win32:SMALL-ECR
Win32:AGENT-NHU il y en a deux
Ma souris devient incontrolable et des fenetres s'ouvrent et se ferment seules!!!!! Je n'arrive pas a m'en debarasser.
Une fenetre s'ouvre egalement toute les 5 minutes en me disant:
Warning! potential spyware operation!
Your computer is making unauthorized copies of your system and internet files. Run full scan now to pervent any unathorised access to your files! Click yes to download spyware remover...
Et la quoi que je clique rien ne marche. Merci de m'aider!!!!!!!!!!!!
mon ordinateur est infeste de 5 virus
Win32:AGENT-KIR il y en a deux
Win32:SMALL-ECR
Win32:AGENT-NHU il y en a deux
Ma souris devient incontrolable et des fenetres s'ouvrent et se ferment seules!!!!! Je n'arrive pas a m'en debarasser.
Une fenetre s'ouvre egalement toute les 5 minutes en me disant:
Warning! potential spyware operation!
Your computer is making unauthorized copies of your system and internet files. Run full scan now to pervent any unathorised access to your files! Click yes to download spyware remover...
Et la quoi que je clique rien ne marche. Merci de m'aider!!!!!!!!!!!!
A voir également:
- Au secours envahie de "cheval de troie"
- Antivirus cheval de troie gratuit - Télécharger - Antivirus & Antimalwares
- Ordinateur bloqué cheval de troie - Accueil - Arnaque
- Comment se débarrasser d'un cheval de troie - Forum Virus
- Comment eliminer un cheval de troie? ✓ - Forum Virus
- Supprimer cheval de troie - Forum Virus
140 réponses
lol non ca ira je me debrouillerais!!!!!!
je suis deja en train dee redemarrer le malade il vient de desinstaller avast!!!
jariveeeeeeeeeeee!!!!!lol
je suis deja en train dee redemarrer le malade il vient de desinstaller avast!!!
jariveeeeeeeeeeee!!!!!lol
Re
Double clique sur poste de travail puis idem pour C et dans C : Programfiles recherche Alwils Software et supprime le.
@+
Double clique sur poste de travail puis idem pour C et dans C : Programfiles recherche Alwils Software et supprime le.
@+
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
AU SECOURSSSSSSSSSSSSSSS!!!!!!!!
Il me dit qu'il a detecter un virus pendant qu'y faisait les mises a jours!!!!
il me propose: move tout quarantine
delete
rename
access deny
ignore
en plus c'est C:\windows\system32\sol852.txt
JE FAIS QUOIIIIIIIIIII?????
LOL
Il me dit qu'il a detecter un virus pendant qu'y faisait les mises a jours!!!!
il me propose: move tout quarantine
delete
rename
access deny
ignore
en plus c'est C:\windows\system32\sol852.txt
JE FAIS QUOIIIIIIIIIII?????
LOL
Re
en plus c'est C:\windows\system32\sol852.txt ce que j aime Antivir !! trop fort
Tu mets en quarantine
@ suivre
en plus c'est C:\windows\system32\sol852.txt ce que j aime Antivir !! trop fort
Tu mets en quarantine
@ suivre
Re
Non, pas normal
Scan Antivirus et nettoyage avec Avira Antivir
Lance Avira antivir en faisant un double-clique sur le raccourci d’Antivir sur ton Bureau (ou via Demarrer /tous les programmes /Antivir) puis « start Antivir »
Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
Mets tout ce qu il trouve en "quarantine"
Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton bureau..
@ +
Non, pas normal
Scan Antivirus et nettoyage avec Avira Antivir
Lance Avira antivir en faisant un double-clique sur le raccourci d’Antivir sur ton Bureau (ou via Demarrer /tous les programmes /Antivir) puis « start Antivir »
Clique sur l’onglet « scanner » puis vérifie a RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux) que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut)
Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
Mets tout ce qu il trouve en "quarantine"
Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport qui vient d'apparaître sur ton bureau..
@ +
lol
je suis atteinte de trojants aigues et non controlables!!!!!!!!!
lollll
bref, il en ai a 30% dis moi, n'y aurait'il pas un moyen de changer ce SAUSSINE? Il est partout!!!!!
C'est le nom de l'ancien proprietaire de l'ordi?
je suis atteinte de trojants aigues et non controlables!!!!!!!!!
lollll
bref, il en ai a 30% dis moi, n'y aurait'il pas un moyen de changer ce SAUSSINE? Il est partout!!!!!
C'est le nom de l'ancien proprietaire de l'ordi?
Re
Si, ce sera plus jolie avec "manuella" ;-) je te dirais comment faire, rappelle moi cela plus tard .
@ +
Si, ce sera plus jolie avec "manuella" ;-) je te dirais comment faire, rappelle moi cela plus tard .
@ +
Re
Apres tout pourquoi remettre a plus tard , mais ne le fait pas maintenant, laisse finir ce que l on a commencé ;-)
A/ En 1ere intention
Regarde ici https://www.pcastuces.com/pratique/astuces/1087.htm
B/ Si cela ne suffit pas , radical mais plus "compliqué et risqué"
1) Sauvegarde de la base de registre en cas de problème
Cliquer sur Démarrer / exécuter / tape regedit puis valide par ok:
Sélectionnez la ligne "poste de travail" d'un clic:
Dans le menu Fichier cliquez sur exporter :
Choisis de sauvegarder sur le bureau pour retrouver la sauvegarde facilement, nommez-la (ex sauvegarde bdr) puis enregistrer:
Ta sauvegarde de la base de registre windows est sur le bureau:
En cas de problème, pour la relancer, il suffira de double-cliquer dessus et d accepter la fusion dans le registre en validant par ok a la demande formulée.
2) Puis en faisant attention a ne pas se tromper , suis les instructions de ce lien :
http://www.aidoforum.com/tutoriaux-8-changer-le-nom-du-proprietaire-de-windows-xp.html
Note en remplaçant Test par Mon PC par exemple et Moi meme par Manuella par exemple
Puis fais redemarrer ton PC afin de constater les changements fait.
@ +
Apres tout pourquoi remettre a plus tard , mais ne le fait pas maintenant, laisse finir ce que l on a commencé ;-)
A/ En 1ere intention
Regarde ici https://www.pcastuces.com/pratique/astuces/1087.htm
B/ Si cela ne suffit pas , radical mais plus "compliqué et risqué"
1) Sauvegarde de la base de registre en cas de problème
Cliquer sur Démarrer / exécuter / tape regedit puis valide par ok:
Sélectionnez la ligne "poste de travail" d'un clic:
Dans le menu Fichier cliquez sur exporter :
Choisis de sauvegarder sur le bureau pour retrouver la sauvegarde facilement, nommez-la (ex sauvegarde bdr) puis enregistrer:
Ta sauvegarde de la base de registre windows est sur le bureau:
En cas de problème, pour la relancer, il suffira de double-cliquer dessus et d accepter la fusion dans le registre en validant par ok a la demande formulée.
2) Puis en faisant attention a ne pas se tromper , suis les instructions de ce lien :
http://www.aidoforum.com/tutoriaux-8-changer-le-nom-du-proprietaire-de-windows-xp.html
Note en remplaçant Test par Mon PC par exemple et Moi meme par Manuella par exemple
Puis fais redemarrer ton PC afin de constater les changements fait.
@ +
Rererere ..bonsoir Manuella ;-)
Je te dis a plus tard avec ton rapport d'Antivir et un nouveau log HijackThis, je sors louer un dvd pour finir la nuit .
@ +
Je te dis a plus tard avec ton rapport d'Antivir et un nouveau log HijackThis, je sors louer un dvd pour finir la nuit .
@ +
AntiVir PersonalEdition Classic
Report file date: mercredi 28 novembre 2007 02:53
Scanning for 944005 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SAUSSINE
Computer name: ELSA
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 01:08:36
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 01:08:37
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 01:08:37
ANTIVIR3.VDF : 7.0.1.13 47104 Bytes 27/11/2007 01:08:37
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 28/11/2007 01:08:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 28 novembre 2007 02:53
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_ELSA.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[1] Archive type: TAR (tape archiver)
--> WINDOWS/temp/startdrv.exe
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[INFO] The file was moved to '47b8cad1.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47b1cb3f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '46d86fc0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47a3cb46.qua'!
C:\Documents and Settings\SAUSSINE\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
--> nircmd.cfexe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
[INFO] The file was moved to '47b9cb80.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean.zip
[0] Archive type: ZIP
--> clean/pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b1cc97.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\incredimail_install.exe
[DETECTION] Contains detection pattern of the SPR/Dldr.ImLoader.C.3 program
[INFO] The file was moved to '47afcca7.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix.zip
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix/restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47b5ccbf.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean\clean\pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b7ccd1.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aecd46.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47bfcd46.qua'!
C:\Program Files\MSN Messenger\msimg32.dll
[DETECTION] Contains detection pattern of the SPR/AdTool.MyWebSearch.AU program
[INFO] The file was moved to '47b5d676.qua'!
C:\Program Files\Navilog1\reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aed669.qua'!
C:\WINDOWS\windisk.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47bad765.qua'!
C:\WINDOWS\pss\autos.exeCommon Startup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c0d9bb.qua'!
C:\WINDOWS\pss\infos.exeStartup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47b2d9b4.qua'!
End of the scan: mercredi 28 novembre 2007 04:07
Used time: 1:13:40 min
The scan has been done completely.
5065 Scanning directories
204233 Files were scanned
15 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
204218 Files not concerned
3810 Archives were scanned
1 Warnings
0 Notes
Voila doc, il parait qu'il faut faire une restauration du systempe tout les mois c'est vrai oui pas docteur?
Alors il dit quoi le monstre?
Report file date: mercredi 28 novembre 2007 02:53
Scanning for 944005 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SAUSSINE
Computer name: ELSA
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 01:08:36
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 01:08:37
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 01:08:37
ANTIVIR3.VDF : 7.0.1.13 47104 Bytes 27/11/2007 01:08:37
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 28/11/2007 01:08:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 28 novembre 2007 02:53
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_ELSA.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[1] Archive type: TAR (tape archiver)
--> WINDOWS/temp/startdrv.exe
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[INFO] The file was moved to '47b8cad1.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47b1cb3f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '46d86fc0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47a3cb46.qua'!
C:\Documents and Settings\SAUSSINE\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
--> nircmd.cfexe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
[INFO] The file was moved to '47b9cb80.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean.zip
[0] Archive type: ZIP
--> clean/pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b1cc97.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\incredimail_install.exe
[DETECTION] Contains detection pattern of the SPR/Dldr.ImLoader.C.3 program
[INFO] The file was moved to '47afcca7.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix.zip
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix/restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47b5ccbf.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean\clean\pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b7ccd1.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aecd46.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47bfcd46.qua'!
C:\Program Files\MSN Messenger\msimg32.dll
[DETECTION] Contains detection pattern of the SPR/AdTool.MyWebSearch.AU program
[INFO] The file was moved to '47b5d676.qua'!
C:\Program Files\Navilog1\reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aed669.qua'!
C:\WINDOWS\windisk.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47bad765.qua'!
C:\WINDOWS\pss\autos.exeCommon Startup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c0d9bb.qua'!
C:\WINDOWS\pss\infos.exeStartup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47b2d9b4.qua'!
End of the scan: mercredi 28 novembre 2007 04:07
Used time: 1:13:40 min
The scan has been done completely.
5065 Scanning directories
204233 Files were scanned
15 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
204218 Files not concerned
3810 Archives were scanned
1 Warnings
0 Notes
Voila doc, il parait qu'il faut faire une restauration du systempe tout les mois c'est vrai oui pas docteur?
Alors il dit quoi le monstre?
AntiVir PersonalEdition Classic
Report file date: mercredi 28 novembre 2007 02:53
Scanning for 944005 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SAUSSINE
Computer name: ELSA
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 01:08:36
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 01:08:37
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 01:08:37
ANTIVIR3.VDF : 7.0.1.13 47104 Bytes 27/11/2007 01:08:37
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 28/11/2007 01:08:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 28 novembre 2007 02:53
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_ELSA.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[1] Archive type: TAR (tape archiver)
--> WINDOWS/temp/startdrv.exe
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[INFO] The file was moved to '47b8cad1.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47b1cb3f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '46d86fc0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47a3cb46.qua'!
C:\Documents and Settings\SAUSSINE\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
--> nircmd.cfexe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
[INFO] The file was moved to '47b9cb80.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean.zip
[0] Archive type: ZIP
--> clean/pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b1cc97.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\incredimail_install.exe
[DETECTION] Contains detection pattern of the SPR/Dldr.ImLoader.C.3 program
[INFO] The file was moved to '47afcca7.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix.zip
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix/restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47b5ccbf.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean\clean\pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b7ccd1.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aecd46.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47bfcd46.qua'!
C:\Program Files\MSN Messenger\msimg32.dll
[DETECTION] Contains detection pattern of the SPR/AdTool.MyWebSearch.AU program
[INFO] The file was moved to '47b5d676.qua'!
C:\Program Files\Navilog1\reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aed669.qua'!
C:\WINDOWS\windisk.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47bad765.qua'!
C:\WINDOWS\pss\autos.exeCommon Startup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c0d9bb.qua'!
C:\WINDOWS\pss\infos.exeStartup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47b2d9b4.qua'!
End of the scan: mercredi 28 novembre 2007 04:07
Used time: 1:13:40 min
The scan has been done completely.
5065 Scanning directories
204233 Files were scanned
15 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
204218 Files not concerned
3810 Archives were scanned
1 Warnings
0 Notes
voili voilou bon rapport et bon film!!!!!!
Report file date: mercredi 28 novembre 2007 02:53
Scanning for 944005 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SAUSSINE
Computer name: ELSA
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 01:08:36
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 01:08:37
ANTIVIR2.VDF : 7.0.1.0 1393152 Bytes 23/11/2007 01:08:37
ANTIVIR3.VDF : 7.0.1.13 47104 Bytes 27/11/2007 01:08:37
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 28/11/2007 01:08:37
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mercredi 28 novembre 2007 02:53
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '23' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\upload_moi_ELSA.tar.gz
[0] Archive type: GZ
--> upload_moi.tar
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[1] Archive type: TAR (tape archiver)
--> WINDOWS/temp/startdrv.exe
[DETECTION] Contains detection pattern of the worm WORM/Ntech.V
[INFO] The file was moved to '47b8cad1.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker2.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47b1cb3f.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\EverestPoker3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '46d86fc0.qua'!
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip
[DETECTION] Contains suspicious code GEN/PwdZIP
[INFO] The file was moved to '47a3cb46.qua'!
C:\Documents and Settings\SAUSSINE\Bureau\ComboFix.exe
[0] Archive type: RAR SFX (self extracting)
--> nircmd.exe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
--> nircmd.cfexe
[DETECTION] Contains detection pattern of the application APPL/NirCmd.1
[INFO] The file was moved to '47b9cb80.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean.zip
[0] Archive type: ZIP
--> clean/pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b1cc97.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\incredimail_install.exe
[DETECTION] Contains detection pattern of the SPR/Dldr.ImLoader.C.3 program
[INFO] The file was moved to '47afcca7.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix.zip
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix/restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47b5ccbf.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\clean\clean\pskill.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2
[INFO] The file was moved to '47b7ccd1.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aecd46.qua'!
C:\Documents and Settings\SAUSSINE\Mes documents\SmitfraudFix\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47bfcd46.qua'!
C:\Program Files\MSN Messenger\msimg32.dll
[DETECTION] Contains detection pattern of the SPR/AdTool.MyWebSearch.AU program
[INFO] The file was moved to '47b5d676.qua'!
C:\Program Files\Navilog1\reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47aed669.qua'!
C:\WINDOWS\windisk.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47bad765.qua'!
C:\WINDOWS\pss\autos.exeCommon Startup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47c0d9bb.qua'!
C:\WINDOWS\pss\infos.exeStartup
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47b2d9b4.qua'!
End of the scan: mercredi 28 novembre 2007 04:07
Used time: 1:13:40 min
The scan has been done completely.
5065 Scanning directories
204233 Files were scanned
15 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
204218 Files not concerned
3810 Archives were scanned
1 Warnings
0 Notes
voili voilou bon rapport et bon film!!!!!!
