Probleme virus search daily
Fermé
dino.ortolani
Messages postés
7
Date d'inscription
lundi 21 mai 2007
Statut
Membre
Dernière intervention
4 avril 2008
-
3 avril 2008 à 21:28
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 4 avril 2008 à 01:28
g!rly Messages postés 18206 Date d'inscription vendredi 17 août 2007 Statut Contributeur Dernière intervention 30 novembre 2014 - 4 avril 2008 à 01:28
A voir également:
- Probleme virus search daily
- Tinyurl virus - Forum Virus / Sécurité
- Svchost.exe virus - Guide
- Tlauncher virus ✓ - Forum Jeux vidéo
- Mega search - Télécharger - Divers Web & Internet
- 6 proccesus svchost.exe Virus? ✓ - Forum Virus / Sécurité
5 réponses
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
3 avril 2008 à 22:12
3 avril 2008 à 22:12
salut
tu es infecté jusqu´a la moelle !
pourquoi ?
tu n´as aucune protection !
installe :
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
ps : fais le scan en mode sans echec :
-> Redémarre en mode sans échec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
-> Tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
puis reviens avec le rapport d´antivir et un nouveau hijack this
@+
tu es infecté jusqu´a la moelle !
pourquoi ?
tu n´as aucune protection !
installe :
Telecharge et instales l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp
ps : fais le scan en mode sans echec :
-> Redémarre en mode sans échec :
Comment redémarrer en mode sans echec?
Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.
-> Tuto : http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
puis reviens avec le rapport d´antivir et un nouveau hijack this
@+
dino.ortolani
Messages postés
7
Date d'inscription
lundi 21 mai 2007
Statut
Membre
Dernière intervention
4 avril 2008
3 avril 2008 à 22:20
3 avril 2008 à 22:20
salut
d'abord merci de ton aide, mais c'est bizzare parceque j'ai AVG installé sur mon PC avec le pare feu actif et le rapport hijackthis ne le voit pas...d'ailleurs il ne voyait pas non plus avast avan que je ne le desinstalle! par contre ce que je ne comprends pas non plus c'est que windows ne semble pas le reconnaitre également (AVG). Bon jvé faire les manip que tu m'as indiqués et je revien
+++
d'abord merci de ton aide, mais c'est bizzare parceque j'ai AVG installé sur mon PC avec le pare feu actif et le rapport hijackthis ne le voit pas...d'ailleurs il ne voyait pas non plus avast avan que je ne le desinstalle! par contre ce que je ne comprends pas non plus c'est que windows ne semble pas le reconnaitre également (AVG). Bon jvé faire les manip que tu m'as indiqués et je revien
+++
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
3 avril 2008 à 22:23
3 avril 2008 à 22:23
re,
tu as juste l´antispyware d´avg d´installé ?! non ?!
oui essaie de passer combofix on avisera apres...
@+
tu as juste l´antispyware d´avg d´installé ?! non ?!
oui essaie de passer combofix on avisera apres...
@+
dino.ortolani
Messages postés
7
Date d'inscription
lundi 21 mai 2007
Statut
Membre
Dernière intervention
4 avril 2008
4 avril 2008 à 00:21
4 avril 2008 à 00:21
re,
Voici le rapport ANTIVIR
AntiVir PersonalEdition Classic
Report file date: jeudi 3 avril 2008 22:40
Scanning for 1178038 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MK
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:25:59
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 20:25:59
ANTIVIR3.VDF : 7.0.3.116 147968 Bytes 03/04/2008 20:25:59
AVEWIN32.DLL : 7.6.0.80 3420672 Bytes 03/04/2008 20:26:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 03/04/2008 20:26:01
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: jeudi 3 avril 2008 22:40
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\jkpruacp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48654119.qua'!
C:\WINDOWS\system32\jkpruacp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\system32\lzrotlaw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4867412b.qua'!
C:\WINDOWS\system32\lzrotlaw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\system32\bthuhysa.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485d4128.qua'!
C:\WINDOWS\system32\bthuhysa.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\system32\voirtiqs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485e4125.qua'!
C:\WINDOWS\system32\voirtiqs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\zgfyzmpg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485b411f.qua'!
C:\WINDOWS\zgfyzmpg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
The registry was scanned ( '33' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\cdurqrup.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486a4126.qua'!
C:\Documents and Settings\All Users\Application Data\ktsdqbcb.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48684138.qua'!
C:\Documents and Settings\All Users\Application Data\ulkbmhkh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48604131.qua'!
C:\Documents and Settings\All Users\Application Data\yrcrkdun.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4858413c.qua'!
C:\Documents and Settings\NK\Local Settings\Temp\Av-test.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
[INFO] The file was moved to '48224267.qua'!
C:\Documents and Settings\NK\Mes documents\Mes fichiers reçus\KYNG_MultiLoader_V1_10.rar
[0] Archive type: RAR
--> KYNG_MultiLoader_V1_10.exe
[DETECTION] Is the Trojan horse TR/Agent.702496
[INFO] The file was moved to '48434335.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winzdn32.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '48634868.qua'!
C:\WINDOWS\system32\eefxlxym.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485b4c51.qua'!
C:\WINDOWS\system32\gkjnpwph.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485f4c5c.qua'!
C:\WINDOWS\system32\jqxsqiar.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486d4c6a.qua'!
End of the scan: jeudi 3 avril 2008 23:31
Used time: 51:35 min
The scan has been done completely.
3262 Scanning directories
183657 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
15 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
183642 Files not concerned
1726 Archives were scanned
1 Warnings
0 Notes
Voici le rapport ANTIVIR
AntiVir PersonalEdition Classic
Report file date: jeudi 3 avril 2008 22:40
Scanning for 1178038 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: MK
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:25:59
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 20:25:59
ANTIVIR3.VDF : 7.0.3.116 147968 Bytes 03/04/2008 20:25:59
AVEWIN32.DLL : 7.6.0.80 3420672 Bytes 03/04/2008 20:26:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 03/04/2008 20:26:01
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: jeudi 3 avril 2008 22:40
Starting search for hidden objects.
The driver could not be initialized.
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\WINDOWS\system32\jkpruacp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '48654119.qua'!
C:\WINDOWS\system32\jkpruacp.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\system32\lzrotlaw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4867412b.qua'!
C:\WINDOWS\system32\lzrotlaw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\system32\bthuhysa.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485d4128.qua'!
C:\WINDOWS\system32\bthuhysa.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\system32\voirtiqs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485e4125.qua'!
C:\WINDOWS\system32\voirtiqs.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
C:\WINDOWS\zgfyzmpg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '485b411f.qua'!
C:\WINDOWS\zgfyzmpg.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
The registry was scanned ( '33' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\cdurqrup.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486a4126.qua'!
C:\Documents and Settings\All Users\Application Data\ktsdqbcb.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48684138.qua'!
C:\Documents and Settings\All Users\Application Data\ulkbmhkh.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '48604131.qua'!
C:\Documents and Settings\All Users\Application Data\yrcrkdun.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '4858413c.qua'!
C:\Documents and Settings\NK\Local Settings\Temp\Av-test.txt
[DETECTION] Contains code of the Eicar-Test-Signature virus
[INFO] The file was moved to '48224267.qua'!
C:\Documents and Settings\NK\Mes documents\Mes fichiers reçus\KYNG_MultiLoader_V1_10.rar
[0] Archive type: RAR
--> KYNG_MultiLoader_V1_10.exe
[DETECTION] Is the Trojan horse TR/Agent.702496
[INFO] The file was moved to '48434335.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\winzdn32.dll.vir
[DETECTION] Is the Trojan horse TR/Crypt.PEC2X.Gen
[INFO] The file was moved to '48634868.qua'!
C:\WINDOWS\system32\eefxlxym.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485b4c51.qua'!
C:\WINDOWS\system32\gkjnpwph.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '485f4c5c.qua'!
C:\WINDOWS\system32\jqxsqiar.dll
[DETECTION] Is the Trojan horse TR/Vundo.Gen
[INFO] The file was moved to '486d4c6a.qua'!
End of the scan: jeudi 3 avril 2008 23:31
Used time: 51:35 min
The scan has been done completely.
3262 Scanning directories
183657 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
15 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
183642 Files not concerned
1726 Archives were scanned
1 Warnings
0 Notes
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
g!rly
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
407
4 avril 2008 à 01:28
4 avril 2008 à 01:28
ok
et combofix tu arrives a le passer ?
@+
et combofix tu arrives a le passer ?
@+