Sujet Précédent Sujet Suivant

Virus? Malware?

Fermé
fab418 Messages postés 7 Date d'inscription jeudi 15 mai 2008 Statut Membre Dernière intervention 17 mai 2008 - 15 mai 2008 à 19:21
 Utilisateur anonyme - 17 mai 2008 à 18:49
Bonjour,
je ne suis plus capable d'accéder à hotmail ni à acun moteur de recherche depuis un téléchargement de torrent douteux. Avira à détecté 8 virus lors du scan, virus qui ont été soi-disant réparés par Avira car ils n'apparaissent plus lors du scan. Mais mon browseur ne fonctionne plus normallement. De plus, j'ai une notification de spywareguard concernat un bho à chaque démarrage. Si je ne l'accepte pas il tente indéfiniment de modifier le registre.
A voir également:

11 réponses

Réponse 1 / 11
fab418 Messages postés 7 Date d'inscription jeudi 15 mai 2008 Statut Membre Dernière intervention 17 mai 2008 1
15 mai 2008 à 19:22
Voici mon rapport de scan Avira



Avira AntiVir Personal
Report file date: May 14, 2008 17:16

Scanning for 1264213 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PORTABLEFAB

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 4/9/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 4/16/2008 00:22:27
AVSCAN.DLL : 8.1.1.0 53505 Bytes 4/16/2008 00:22:27
LUKE.DLL : 8.1.2.9 151809 Bytes 4/16/2008 00:22:27
LUKERES.DLL : 8.1.2.1 12033 Bytes 4/16/2008 00:22:27
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 19:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 3/7/2008 13:03:45
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 5/5/2008 15:35:18
ANTIVIR3.VDF : 7.0.4.33 166912 Bytes 5/13/2008 21:49:36
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 4/16/2008 00:22:27
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 5/9/2008 21:45:52
AESCN.DLL : 8.1.0.16 119156 Bytes 5/8/2008 15:35:00
AERDL.DLL : 8.1.0.20 418165 Bytes 4/25/2008 22:14:17
AEPACK.DLL : 8.1.1.4 364918 Bytes 4/29/2008 10:56:11
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 4/19/2008 00:53:27
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 5/9/2008 21:45:50
AEHELP.DLL : 8.1.0.14 115063 Bytes 4/19/2008 00:53:26
AEGEN.DLL : 8.1.0.20 299380 Bytes 5/8/2008 15:35:00
AEEMU.DLL : 8.1.0.6 430451 Bytes 5/8/2008 15:34:59
AECORE.DLL : 8.1.0.28 168310 Bytes 5/8/2008 15:34:58
AVWINLL.DLL : 1.0.0.7 14593 Bytes 4/16/2008 00:22:27
AVPREF.DLL : 8.0.0.1 25857 Bytes 4/16/2008 00:22:27
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 18:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 4/16/2008 00:22:27
AVARKT.DLL : 1.0.0.23 307457 Bytes 4/16/2008 00:22:27
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 4/16/2008 00:22:27
SQLITE3.DLL : 3.3.17.1 339968 Bytes 4/16/2008 00:22:27
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 4/16/2008 00:22:27
NETNT.DLL : 8.0.0.1 7937 Bytes 4/16/2008 00:22:27
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 4/16/2008 00:22:24
RCTEXT.DLL : 8.0.32.0 86273 Bytes 4/16/2008 00:22:25

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: May 14, 2008 17:16

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'ADCDLicSvc.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'NMSAccessU.exe' - '1' Module(s) have been scanned
Scan process 'sgbhp.exe' - '1' Module(s) have been scanned
Scan process 'sgmain.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'hueyTray.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'PCMService.exe' - '1' Module(s) have been scanned
Scan process 'KADxMain.exe' - '1' Module(s) have been scanned
Scan process 'stsystra.exe' - '1' Module(s) have been scanned
Scan process 'hnm_svc.exe' - '1' Module(s) have been scanned
Scan process 'quickset.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'DellWMgr.exe' - '1' Module(s) have been scanned
Scan process 'WLTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'OEM02Mon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'BCMWLTRY.EXE' - '1' Module(s) have been scanned
Scan process 'WLTRYSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
53 processes with 53 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\RECYCLER\S-1-5-21-49758469-3183501532-972678383-1005\Dc152.exe
[0] Archive type: RAR SFX (self extracting)
--> crack.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
--> serial.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] A backup was created as '485c5f10.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\RECYCLER\S-1-5-21-49758469-3183501532-972678383-1005\Dc149.18+crack\Autodata3.18crack.rar
[0] Archive type: RAR
--> Autodata3.18crack by Zogldi\part 1\AdKey.exe
[DETECTION] Is the Trojan horse TR/Small.LV.63
[NOTE] The file was deleted!
C:\RECYCLER\S-1-5-21-49758469-3183501532-972678383-1005\Dc155.18+crack\Autodata - 3.18_crack.rar
[0] Archive type: RAR
--> 3.18_crack\3.18 crack_1\AdKey.exe
[DETECTION] Is the Trojan horse TR/Small.LV.63
[NOTE] A backup was created as '489f5f3a.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP62\A0016580.exe
[0] Archive type: RAR SFX (self extracting)
--> crack.exe
[DETECTION] Is the Trojan horse TR/Vundo.Gen
--> keygen.exe
[DETECTION] Is the Trojan horse TR/Dldr.Small.iwh
--> serial.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] A backup was created as '485b5fab.qua' ( QUARANTINE )
[NOTE] The file was deleted!


End of the scan: May 14, 2008 17:59
Used time: 42:46 min

The scan has been done completely.

7972 Scanning directories
363804 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
363796 Files not concerned
4764 Archives were scanned
2 Warnings
4 Notes
1
Réponse 2 / 11
fab418 Messages postés 7 Date d'inscription jeudi 15 mai 2008 Statut Membre Dernière intervention 17 mai 2008 1
15 mai 2008 à 19:25
Voici un log Hijakthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:25:18, on 2008-05-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\OEM02Mon.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell Network Assistant\ezi_hnm2.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Pantone\huey\hueyTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_ca?hl=en&client=dell-row&channel=ca-smb&ibd=6080226
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/en_ca?hl=en&client=dell-row&channel=ca-smb&ibd=6080226
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.dell.com/en-ca?c=ca&l=en&s=gen&redirect=1
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.dell.com/en-ca?c=ca&l=en&s=gen&redirect=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://partnerpage.google.com/smallbiz.dell.com/en_ca?hl=en&client=dell-row&channel=ca-smb&ibd=6080226
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://partnerpage.google.com/smallbiz.dell.com/en_ca?hl=en&client=dell-row&channel=ca-smb&ibd=6080226
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [dscactivate] "%ProgramFiles%\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BM77ef21ff] Rundll32.exe "C:\WINDOWS\system32\vvdwmiob.dll",s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Dell Network Assistant.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - SingleClick Systems - C:\Program Files\Dell Network Assistant\hnm_svc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
0
Réponse 3 / 11
fab418 Messages postés 7 Date d'inscription jeudi 15 mai 2008 Statut Membre Dernière intervention 17 mai 2008 1
15 mai 2008 à 19:39
Voici le bho en question (tel que détecté par spywareguard)

NEW BHO DETECTION ALERT
On 16:07:46 05-14-2008 a new BHO installation attempt was detected.
BHO: {03FAA2A5-8136-403A-8998-AFDE34AEF8A7}
ProgramID: n/a
File Location: C:\WINDOWS\system32\xxywXNEw.dll
User Action Taken: REMOVE BHO
0
Réponse 4 / 11
Utilisateur anonyme
15 mai 2008 à 19:58
salut

mes bien a jour antivir puis fait un scan en mode sans echec puis supprime tous se qu'il trouve mais avant fait ca :

reglages pour antivir :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level


aussi clic sur guard puis coche scan archive puis tu decoche les 3 case en dessous puis ok

a+
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
Utilisateur anonyme
15 mai 2008 à 20:01
bonsoir

infection vundo
0
Réponse 6 / 11
Utilisateur anonyme
15 mai 2008 à 20:09
scan avec vundofix (colle le rapport)

Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

Double cliquez VundoFix.exe pour l'exécuter.
Quand VundoFix s'ouvre, cliquez sur le bouton Scan for Vundo.
Une fois le scan fini, cliquez sur le bouton Remove Vundo.
Vous recevrez un avertissement vous demandant si vous voulez effacer ces
fichiers répondez en cliquant sur YES
Une fois que vous avez cliqué yes, votre bureau deviendra vide au moment où il
enlève Vundo.

Quand c'est fini, il vous sera demandé de redémarrer votre ordinateur, cliquez
OK.
0
Réponse 7 / 11
fab418 Messages postés 7 Date d'inscription jeudi 15 mai 2008 Statut Membre Dernière intervention 17 mai 2008 1
16 mai 2008 à 20:09
Bonjour,

Tout d'abord, jessydu54, J'ai configuré antivir comme demandé mais je n'arrive pas à le faire fonctionner en safe mode.

shion-ares, j'ai effectué vundofix mais il n'as rien trouvé, c'est peut-être un peu ma faute car le log hijakthis contenais des virus mais non ouverts.

Entre-temps j'ai rebooté (a plusieurs reprises) et je suis pas mal certain d'être infecté par tr/crypt.xpack.gen. en tout cas c'est le seul qu'avira détecte maintenant.

Après quelques recherches j'ai executé combofix qui à trouvé plusieurs choses voici le log;

ComboFix 08-05-15.3 - Fabrice 2008-05-16 13:41:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3329 [GMT -4:00]
Running from: E:\ComboFix.exe
* Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\cinsjchd.ini
C:\WINDOWS\system32\ethqmnvb.ini
C:\WINDOWS\system32\hfrokwox.exe
C:\WINDOWS\system32\uDJknXyb.ini
C:\WINDOWS\system32\uDJknXyb.ini2
C:\WINDOWS\system32\wENXwyxx.ini
C:\WINDOWS\system32\wENXwyxx.ini2

.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.

2008-05-16 13:42 . 2008-05-16 13:42 1,466,368 --a------ C:\WINDOWS\system32\ethqmnvb.tmp
2008-05-16 13:23 . 2008-05-16 13:23 135,680 --a------ C:\WINDOWS\system32\ugwgxpvj.dll
2008-05-16 13:20 . 2008-05-16 13:20 116,736 --a------ C:\WINDOWS\system32\bvnmqhte.dll
2008-05-16 13:10 . 2008-05-16 13:10 370,688 --a------ C:\WINDOWS\system32\byXnkJDu.dll
2008-05-16 13:10 . 2008-05-16 13:10 125,952 --a------ C:\WINDOWS\system32\wyquddcb.dll
2008-05-15 17:05 . 2008-05-15 17:05 95 --a------ C:\WINDOWS\wininit.ini
2008-05-15 12:49 . 2008-05-15 12:49 <DIR> d-------- C:\VundoFix Backups
2008-05-15 10:43 . 2008-05-15 10:43 133,120 --a------ C:\WINDOWS\system32\bfbfaicx.dll
2008-05-15 06:43 . 2008-05-15 06:43 115,200 --a------ C:\WINDOWS\system32\dhcjsnic.dll
2008-05-15 06:40 . 2008-05-15 06:40 125,440 --a------ C:\WINDOWS\system32\vvdwmiob.dll
2008-05-15 06:40 . 2008-05-16 12:54 109,807 --a------ C:\WINDOWS\BM77ef21ff.xml
2008-05-14 16:40 . 2008-05-14 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Autodata Limited
2008-05-14 16:32 . 2008-05-14 16:32 <DIR> d-------- C:\Program Files\Common Files\Autodata Limited Shared
2008-05-14 16:32 . 2008-05-14 16:32 <DIR> d-------- C:\ADCDTEMP
2008-05-14 16:32 . 2008-05-14 16:44 <DIR> d-------- C:\ADCDA2
2008-05-14 16:09 . 2008-05-15 06:38 354 --ahs---- C:\WINDOWS\system32\ksvsaibi.ini
2008-05-14 16:02 . 2008-05-14 16:05 <DIR> d-------- C:\Program Files\MagicISO
2008-05-14 16:02 . 2008-05-14 16:02 58,368 --a------ C:\WINDOWS\system32\nnnolMGw.dll
2008-05-10 18:15 . 2008-05-10 18:15 <DIR> d-------- C:\Documents and Settings\Fabrice\Application Data\Publish Providers
2008-05-10 18:15 . 2008-05-11 08:27 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-05-10 18:15 . 2008-05-11 08:27 2 --a------ C:\WINDOWS\Twain001.Mtx
2008-05-10 18:15 . 2008-05-10 18:15 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-05-10 18:12 . 2008-05-10 18:14 <DIR> d-------- C:\Documents and Settings\Fabrice\Application Data\Sony
2008-05-10 18:12 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2008-05-10 18:12 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2008-05-10 18:11 . 2008-05-10 18:11 <DIR> d-------- C:\Program Files\Vstplugins
2008-05-10 18:11 . 2008-05-10 18:11 <DIR> d-------- C:\Program Files\Sony
2008-05-10 18:11 . 2008-05-10 18:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-05-10 18:10 . 2008-05-10 18:10 <DIR> d-------- C:\Program Files\Sony Setup
2008-04-21 13:50 . 2008-04-21 13:50 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-21 13:50 . 2006-10-04 10:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-21 13:50 . 2006-10-04 10:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-21 13:50 . 2006-10-04 10:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-21 13:49 . 2008-04-21 13:50 <DIR> d-------- C:\7a9a65fc7878e331f6b226
2008-04-21 13:48 . 2008-04-21 13:48 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-21 13:48 . 2008-04-21 13:49 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-21 13:48 . 2008-04-21 13:49 <DIR> d-------- C:\79df753098367471aec6

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 17:48 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\DNA
2008-05-16 17:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-15 21:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-15 17:31 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-05-15 10:46 --------- d-----w C:\Documents and Settings\Annie\Application Data\OpenOffice.org2
2008-05-14 21:15 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\uTorrent
2008-05-14 20:07 --------- d-----w C:\Program Files\SpywareGuard
2008-05-14 19:49 --------- d-----w C:\Program Files\CDBurnerXP
2008-05-14 17:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-14 16:32 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\OpenOffice.org2
2008-05-08 19:43 --------- d-----w C:\Program Files\Opera
2008-05-06 21:52 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\CoreFTP
2008-05-06 17:30 --------- d-----w C:\Program Files\CoreFTP
2008-04-13 17:44 --------- d-----w C:\Program Files\Foxit Software
2008-04-12 05:12 --------- d-----w C:\Program Files\DivX
2008-04-12 01:31 --------- d-----w C:\Program Files\Google
2008-04-10 00:20 --------- d-----w C:\Program Files\NCH Software
2008-04-10 00:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
2008-04-10 00:17 --------- d-----w C:\Program Files\NCH Swift Sound
2008-04-10 00:15 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\NCH Swift Sound
2008-04-09 00:27 --------- d-----w C:\Program Files\Preview Extractor V1.6
2008-04-05 15:50 --------- d-----w C:\Program Files\CDex_150
2008-04-03 01:40 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\BonkEnc
2008-04-03 01:39 --------- d-----w C:\Program Files\BonkEnc
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-28 11:35 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-03-28 11:23 --------- d-----w C:\Program Files\Java
2008-03-27 23:11 --------- d-----w C:\Documents and Settings\Juliette\Application Data\Pantone
2008-03-27 23:11 --------- d-----w C:\Documents and Settings\Juliette\Application Data\Dell
2008-03-22 00:03 --------- d-----w C:\Documents and Settings\Annie\Application Data\CyberLink
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2008-03-21 20:30 120,056 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-03-21 20:30 118,520 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 23:05 --------- d-----w C:\Program Files\7-Zip
2008-03-19 21:51 --------- d-----w C:\Documents and Settings\Annie\Application Data\Pantone
2008-03-19 20:41 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\CDBurnerXP_Soft
2008-03-19 20:40 --------- d-----w C:\Program Files\MSBuild
2008-03-19 20:37 --------- d-----w C:\Program Files\Reference Assemblies
2008-03-19 19:19 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\DivX
2008-03-19 17:11 --------- d-----w C:\Program Files\uTorrent
2008-03-19 14:48 --------- d-----w C:\Program Files\SpywareBlaster
2008-03-19 14:09 --------- d-----w C:\Program Files\Trend Micro
2008-03-19 14:09 --------- d-----w C:\Program Files\EULAlyzer
2008-03-19 13:57 --------- d-----w C:\Documents and Settings\Fabrice\Application Data\BitTorrent
2008-03-19 13:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-19 13:50 --------- d-----w C:\Program Files\Lavasoft
2008-03-19 13:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 13:12 --------- d-----w C:\Program Files\DNA
2008-03-19 13:02 --------- d-----w C:\Program Files\Avira
2008-03-19 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-19 00:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-03-16 14:10 118,784 ----a-w C:\WINDOWS\SeaMonkeyUninstall.exe
2008-03-16 14:10 118,784 ----a-w C:\WINDOWS\GREUninstall.exe
2008-03-16 14:09 --------- d-----w C:\Program Files\mozilla.org
2008-03-11 13:10 20,640 ----a-w C:\Documents and Settings\Fabrice\Application Data\GDIPFONTCACHEV1.DAT
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{03FAA2A5-8136-403A-8998-AFDE34AEF8A7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6A594B75-93B6-49BF-A103-3CBD7338B3C5}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C43140EC-6371-4C07-B93A-D230E41197FE}]
C:\WINDOWS\system32\xxywXNEw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8ce154c-5b6b-4ef9-b147-be77b02c3c75}]
2008-05-16 13:23 135680 --a------ C:\WINDOWS\system32\ugwgxpvj.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}]
2008-05-14 16:02 58368 --a------ C:\WINDOWS\system32\nnnolMGw.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC9134BF-F4F3-4B70-81B7-302FEC1531ED}]
2008-05-16 13:10 370688 --a------ C:\WINDOWS\system32\byXnkJDu.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-03-28 12:45 288576]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-03 16:20 851968]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-01-29 17:14 8491008]
"nwiz"="nwiz.exe" [2008-01-29 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2008-01-29 17:14 86016 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-01-29 17:14 81920]
"OEM02Mon.exe"="C:\WINDOWS\OEM02Mon.exe" [2007-08-28 16:54 36864]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 05:10 1392640]
"DELL Webcam Manager"="C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 18:43 118784]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-05-14 16:23 1191936]
"SigmatelSysTrayApp"="stsystra.exe" [2007-06-06 17:28 405504 C:\WINDOWS\stsystra.exe]
"KADxMain"="C:\WINDOWS\system32\KADxMain.exe" [2006-11-02 16:05 282624]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 20:57 16384]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [2007-11-01 17:39 189736]
"BootSkin Startup Jobs"="C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 17:21 270336]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-15 20:22 262401]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"BM77ef21ff"="C:\WINDOWS\system32\wyquddcb.dll" [2008-05-16 13:10 125952]
"74dc1263"="C:\WINDOWS\system32\bvnmqhte.dll" [2008-05-16 13:20 116736]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]

C:\Documents and Settings\Annie\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe [2008-01-21 15:41:28 393216]

C:\Documents and Settings\Fabrice\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-05-17 17:43:18 568176]
Dell Network Assistant.lnk - C:\WINDOWS\Installer\{0240BDFB-2995-4A3F-8C96-18D41282B716}\Icon0240BDFB3.exe [2008-02-26 02:56:54 7168]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2008-02-26 02:51:14 50688]
hueyTray.lnk - C:\Program Files\Pantone\huey\hueyTray.exe [2008-03-13 13:11:22 913408]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{E707216F-6AFF-4BD4-962D-EC5CDBA812A1}"= C:\WINDOWS\system32\nnnolMGw.dll [2008-05-14 16:02 58368]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnolMGw]
nnnolMGw.dll 2008-05-14 16:02 58368 C:\WINDOWS\system32\nnnolMGw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10421:UDP"= 10421:UDP:SingleClick Discovery Protocol
"10426:UDP"= 10426:UDP:SingleClick ICC
"4662:TCP"= 4662:TCP:emule
"4672:UDP"= 4672:UDP:emule

R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-03-09 11:20]
R3 DXEC02;DXEC02;C:\WINDOWS\system32\drivers\dxec02.sys [2006-11-02 14:31]
R3 OEM02Dev;Creative Camera OEM002 Driver;C:\WINDOWS\system32\DRIVERS\OEM02Dev.sys [2007-08-28 16:54]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;C:\WINDOWS\system32\DRIVERS\OEM02Vfx.sys [2007-08-28 16:55]

.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 08:10:00 C:\WINDOWS\Tasks\shutdown.job"
- C:\WINDOWS\system32\shutdown.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 13:51:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\nnnolMGw.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Dell Network Assistant\hnm_svc.exe
C:\WINDOWS\system32\nvsvc32.exe
.
**************************************************************************
.
Completion time: 2008-05-16 13:58:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-16 17:56:41

Pre-Run: 156,577,738,752 bytes free
Post-Run: 156,932,034,560 bytes free

252 --- E O F --- 2008-04-24 01:20:25



J'espère que cela peut vous aider à m'aider..... lol
0
Réponse 8 / 11
Utilisateur anonyme
17 mai 2008 à 09:46
tu as fais le scan avec antivir en mode normale?
0
fab418 Messages postés 7 Date d'inscription jeudi 15 mai 2008 Statut Membre Dernière intervention 17 mai 2008 1
17 mai 2008 à 14:41
J'ai fait le scan en mode windows normal et avira expert avec les ajustements que tu m'as suggérés
0
Réponse 9 / 11
Utilisateur anonyme
17 mai 2008 à 14:45
et alors ca a donner quoi?
0
Réponse 10 / 11
fab418 Messages postés 7 Date d'inscription jeudi 15 mai 2008 Statut Membre Dernière intervention 17 mai 2008 1
17 mai 2008 à 18:30
Avira à trouver et réparé quelques trucs mais après un redémarrage de windows je reçois sans arrêt un alerte de avira pour TR/Crypt.XPACK.Gen trouvé dans différents fichiers du répertoire system32 et le pc à énormément de difficulter à terminer son boot.
0
Réponse 11 / 11
Utilisateur anonyme
17 mai 2008 à 18:49
supprime les virus qu'il te detecte refais un scan !!
0

Discussions similaires

Comment supprimer tor.jack sur Android
sabinelouisonbruno -
akaloupile -

4 réponses
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Win64:Malware-gen
ptb35 -
MisteryBean -

3 réponses