Sujet Précédent Sujet Suivant

Virus Msn --> Rapport Antivir

Résolu/Fermé
Aniew - 18 mars 2008 à 20:55
liguec1 Messages postés 1785 Date d'inscription mercredi 4 avril 2007 Statut Membre Dernière intervention 19 septembre 2020 - 19 mars 2008 à 18:11
Bonjour a tous, je fais appel à vous car j'ai attrapé le virus de MSN " Ta tof fais koi sur ce site ? "
J'ai fai un scan avec Antivir mais je ne sais pas comment faire ensuite pour l'eliminer si c'est possible biensur !!

Voila un copié coller du raport :



AntiVir PersonalEdition Classic
Report file date: mardi 18 mars 2008 19:51

Scanning for 1157825 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ACER-6C0BC44289

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 18:50:10
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 18:50:10
ANTIVIR3.VDF : 7.0.3.49 297472 Bytes 18/03/2008 18:50:10
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 18/03/2008 18:50:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 18/03/2008 18:50:10
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 18 mars 2008 19:51

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'Netlog24Notifier.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'MsnMsgr.Exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'ClientGUI.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SAcc.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'admtray.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'ashWebSv.exe' - '1' Module(s) have been scanned
Scan process 'ashMaiSv.exe' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'NVSVC32.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'BZRpcSs.exe' - '1' Module(s) have been scanned
Scan process 'BZDcomLaunch.exe' - '1' Module(s) have been scanned
Scan process 'ClntSvc.exe' - '0' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
60 processes with 60 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '40' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Aniew\vywbcs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48571205.qua'!
C:\Documents and Settings\Aniew\wydgbg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4844120b.qua'!
C:\Documents and Settings\Aniew\wtajyg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4841120c.qua'!
C:\Documents and Settings\Aniew\hzmftx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '484d1219.qua'!
C:\Documents and Settings\Aniew\mctnzn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48541207.qua'!
C:\Documents and Settings\Aniew\ycxjpp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4858120e.qua'!
C:\Documents and Settings\Aniew\epawyv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4841121f.qua'!
C:\Documents and Settings\Aniew\ggfcoy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4846121d.qua'!
C:\Documents and Settings\Aniew\vailkk.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4849121f.qua'!
C:\Documents and Settings\Aniew\Local Settings\Temp\services.exe
[WARNING] The file could not be opened!
C:\Program Files\Secured eMule\Zapu-SecuredEMule-Installer.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L.9
[INFO] The file was moved to '485017d2.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP423\A0035128.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c1f.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP444\A0041042.com
[DETECTION] Is the Trojan horse TR/Agent.dwd.4
[INFO] The file was moved to '48101c48.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP449\A0045266.exe
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[INFO] The file was moved to '48101c5e.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP450\A0046215.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c64.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046237.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c6f.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046238.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c72.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046239.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c76.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046240.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c78.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046241.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c7b.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046242.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c7e.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046243.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c81.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046244.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c83.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046245.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '48101c86.qua'!
C:\System Volume Information\_restore{971BA714-3578-4A78-9285-791521829CFA}\RP453\A0046248.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L.9
[INFO] The file was moved to '48101c88.qua'!
Begin scan in 'D:\' <ACERDATA>


End of the scan: mardi 18 mars 2008 20:48
Used time: 57:51 min

The scan has been done completely.

5676 Scanning directories
214289 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
24 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
214265 Files not concerned
6871 Archives were scanned
3 Warnings
0 Notes

Voila si quelqu'un peut m'aider ce serait super gentil

Merci a tous a bientot
Julien
A voir également:

5 réponses

Réponse 1 / 5
liguec1 Messages postés 1785 Date d'inscription mercredi 4 avril 2007 Statut Membre Dernière intervention 19 septembre 2020 78
18 mars 2008 à 20:58
salut Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).

Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt
0
Réponse 2 / 5
Aniew
18 mars 2008 à 22:06
Voila j'ai fais ce qui été dit et voici le rapport de MSNFix :

MSNFix 1.685

C:\MSNFix
Fix exécuté le 18/03/2008 - 21:54:22,07 By Aniew
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\Aniew\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\Aniew\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Aniew\??????.exe
... C:\Documents and Settings\Aniew\????????.exe
... C:\WINDOWS\system32\real.txt

************************ Recherche les dossiers présents

... \TEMP\
... C:\Temp\




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Aniew\LOCALS~1\Temp\winlogon.exe
/!\ ... C:\DOCUME~1\Aniew\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\DOCUME~1\Aniew\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\Aniew\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Aniew\??????.exe
.. OK ... C:\Documents and Settings\Aniew\????????.exe
.. OK ... C:\WINDOWS\system32\real.txt


************************ Suppression des dossiers

/!\ ... \TEMP\
/!\ ... C:\Temp\


************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Aniew\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\LOCALS~1



************************ Fichiers suspects

Aucun Fichier trouvé


Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 18032008_22031246.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------
0
Réponse 3 / 5
liguec1 Messages postés 1785 Date d'inscription mercredi 4 avril 2007 Statut Membre Dernière intervention 19 septembre 2020 78
18 mars 2008 à 22:07
msn fix a bien bosser

Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente. http://www.malekal.com/download/clean.zip
démarrer en mode sans echec : https://forum.pcastuces.com/sujet.asp?f=25&s=3902
Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître , choisissez l'option 2 et laissez l'operation de nettoyage s'effectuer
Poster le rapport
0
Réponse 4 / 5
Aniew
18 mars 2008 à 23:00
Et voila j'ai fait ce qui été marqué voici le raport de clean :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 18/03/2008 a 22:54:08,70

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\

*** Suppression des fichiers dans C:\WINDOWS\system32

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Everest Poker\"
tentative de suppression de "C:\Program Files\SurfAccuracy\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 5
liguec1 Messages postés 1785 Date d'inscription mercredi 4 avril 2007 Statut Membre Dernière intervention 19 septembre 2020 78
19 mars 2008 à 18:11
salut clean n'est pas arriver a effacer des fichiers alors continuons


Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
écrire un rapport de travail
asi -
REGINALD -

3 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses