Trojan 17PHolmes, mises a jour désactivées
nanousab
Messages postés
7
Statut
Membre
-
nanousab Messages postés 7 Statut Membre -
nanousab Messages postés 7 Statut Membre -
Bonjour,
J’ai été infectée hier par un virus contenu dans un dossier « codec » que j’ai bêtement ouvert,
Avast a détecté un cheval de troie et n’a pas pu trouver les fichiers « WINDOWS\17Pholmes1000106.exe » et « \Temp\cq.bat ».
J’ai installée prevx computer security investigator, qui a trouvé deux fichiers dangereux dans system32 : « ssqrPHaW.dll » et « qwdmkqgo.dl », impossibles à supprimer car utilisés par autres ressources.
Avec « unlocker assistant » jai supprimé ssqrPH… et prevx a supprimé qwdmkqgo.
Depuis, les mises à jour de sécurité windows sont désactivées,impossible de les réactiver, même en passant par « menu rer—exécuter—services.msc—mises àjour automatiques – démarrer » : je reçois le messsage d’erreur : « error 1058 : le service ne peut être démarré car il est désinstallé ou qu’aucun périphérique ne lui est associé ».
J'ai aussi des fenêtres internet publicitaires qui s'ouvrent toutes seules.
pourtant prevx et avast ne trouvent pas de virus.
Que faire ?
merci de votre aide.
J’ai été infectée hier par un virus contenu dans un dossier « codec » que j’ai bêtement ouvert,
Avast a détecté un cheval de troie et n’a pas pu trouver les fichiers « WINDOWS\17Pholmes1000106.exe » et « \Temp\cq.bat ».
J’ai installée prevx computer security investigator, qui a trouvé deux fichiers dangereux dans system32 : « ssqrPHaW.dll » et « qwdmkqgo.dl », impossibles à supprimer car utilisés par autres ressources.
Avec « unlocker assistant » jai supprimé ssqrPH… et prevx a supprimé qwdmkqgo.
Depuis, les mises à jour de sécurité windows sont désactivées,impossible de les réactiver, même en passant par « menu rer—exécuter—services.msc—mises àjour automatiques – démarrer » : je reçois le messsage d’erreur : « error 1058 : le service ne peut être démarré car il est désinstallé ou qu’aucun périphérique ne lui est associé ».
J'ai aussi des fenêtres internet publicitaires qui s'ouvrent toutes seules.
pourtant prevx et avast ne trouvent pas de virus.
Que faire ?
merci de votre aide.
A voir également:
- Trojan 17PHolmes, mises a jour désactivées
- Mise a jour chrome - Accueil - Applications & Logiciels
- Mise a jour windows 10 - Accueil - Mise à jour
- Vous n'avez pas installer certaines mises à jour de sécurité importantes sur votre appareil - Guide
- Mise a jour chromecast - Accueil - Guide TV et vidéo
- Mise à jour libre office - Accueil - Bureautique
1 réponse
Salut alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware,Ccleaner et active le pare-feu XP.(ou installe un pare-feu plus efficace comme Kerio).
*AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
*Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
*Ccleaner: https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html Tu l'installe sans la barre d'outil Yahoo)
*Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
*PS: TU LES INSTALLES SEULEMENT ET TU NE FAIS PAS D'ANALYSE. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE.
*AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
*Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
*Ccleaner: https://www.01net.com/outils/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/tele32599.html Tu l'installe sans la barre d'outil Yahoo)
*Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
*PS: TU LES INSTALLES SEULEMENT ET TU NE FAIS PAS D'ANALYSE. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE.
merci !
et maintenant ? je suppose que je désactive le pare feu windows (j'ai installé SUnbelt personal firewall) ? je lance les analyse d'antivir et anti-malware ?
j'ai toujours le mme problême de mises à jour désactivées, et le pare feu a bloqué un truc au démarrage.
Mode sans Echec:
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
PS: JE TE CONSEILLE D'ENREGISTRER CE MESSAGE DANS TON BUREAU OU CAS OU.
En fait j’ai déjà fait deux scans avec antivir et un avec malwarebytes (je viens de voir ton mail …) , à chaque fois j’ai redémarré windows, mais pas avec le mode sans échec.
Voici les trois rapports :
Antivir 1 :
Avira AntiVir Personal
Report file date: dimanche 8 juin 2008 10:04
Scanning for 1313263 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANNE2
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 17:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 16:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 16:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 16:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:08:58
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 19:11:43
ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 06/06/2008 19:11:46
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 17:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 19:12:27
AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 19:12:23
AERDL.DLL : 8.1.0.20 418165 Bytes 07/06/2008 19:12:19
AEPACK.DLL : 8.1.1.5 364918 Bytes 07/06/2008 19:12:15
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 07/06/2008 19:12:11
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 19:12:08
AEHELP.DLL : 8.1.0.15 115063 Bytes 07/06/2008 19:12:00
AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 19:11:58
AEEMU.DLL : 8.1.0.6 430451 Bytes 07/06/2008 19:11:54
AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 19:11:50
AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 01:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 18:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 21:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 01:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 16:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 01:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 01:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 20:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 22:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 20:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 8 juin 2008 10:04
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'matlab.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'matlabserver.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
45 processes with 45 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '22' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Anne.POLYTECH-F09DDE\Local Settings\Temporary Internet Files\Content.IE5\GH234DU7\kb713501[1]
[DETECTION] Is the Trojan horse TR/Lowzones.SG
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\Documents and Settings\Anne.POLYTECH-F09DDE\TuneUp\TuneUp_Utilities_2007_v6.0.2200_by_FFF.zip
[0] Archive type: ZIP
--> tuneup.utilities.2007.6.0.2200-patch.exe
[DETECTION] Is the Trojan horse TR/Agent.54784.C
[NOTE] The file was moved to '48ba0b26.qua'!
C:\Program Files\HPQ\Default Settings\CpqsetVer.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.ahj.62 Backdoor server programs
[NOTE] The file was moved to '48bd11a0.qua'!
C:\System Volume Information\_restore{3F9574C6-B099-4CC2-9C9D-3CCD7EE0465B}\RP3\A0000257.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.ahj.62 Backdoor server programs
[NOTE] The file was moved to '487c15d5.qua'!
C:\WINDOWS\system32\b3\antilutx.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48c01867.qua'!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7549.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\vntiho05\vntiho051080.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.epp
[NOTE] The file was moved to '48c018cb.qua'!
End of the scan: dimanche 8 juin 2008 11:35
Used time: 1:30:44 min
The scan has been done completely.
12368 Scanning directories
641914 Files were scanned
6 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
5 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
641908 Files not concerned
8598 Archives were scanned
5 Warnings
5 Notes
Antivir 2 :
Avira AntiVir Personal
Report file date: dimanche 8 juin 2008 11:44
Scanning for 1313263 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANNE2
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 17:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 16:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 16:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 16:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:08:58
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 19:11:43
ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 06/06/2008 19:11:46
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 17:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 19:12:27
AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 19:12:23
AERDL.DLL : 8.1.0.20 418165 Bytes 07/06/2008 19:12:19
AEPACK.DLL : 8.1.1.5 364918 Bytes 07/06/2008 19:12:15
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 07/06/2008 19:12:11
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 19:12:08
AEHELP.DLL : 8.1.0.15 115063 Bytes 07/06/2008 19:12:00
AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 19:11:58
AEEMU.DLL : 8.1.0.6 430451 Bytes 07/06/2008 19:11:54
AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 19:11:50
AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 01:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 18:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 21:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 01:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 16:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 01:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 01:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 20:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 22:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 20:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 8 juin 2008 11:44
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'matlab.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'matlabserver.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '26' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{3F9574C6-B099-4CC2-9C9D-3CCD7EE0465B}\RP3\A0000258.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487c297f.qua'!
C:\System Volume Information\_restore{3F9574C6-B099-4CC2-9C9D-3CCD7EE0465B}\RP3\A0000259.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.epp
[NOTE] The file was moved to '487c2987.qua'!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7549.sys
[WARNING] The file could not be opened!
End of the scan: dimanche 8 juin 2008 12:56
Used time: 1:11:26 min
The scan has been done completely.
12368 Scanning directories
641984 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
641982 Files not concerned
8597 Archives were scanned
4 Warnings
2 Notes
Rapport Malwarebyte :
Avira AntiVir Personal
Report file date: dimanche 8 juin 2008 11:44
Scanning for 1313263 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANNE2
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 17:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 16:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 16:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 16:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 18:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:08:58
ANTIVIR2.VDF : 7.0.4.120 2206720 Bytes 01/06/2008 19:11:43
ANTIVIR3.VDF : 7.0.4.156 144896 Bytes 06/06/2008 19:11:46
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 17:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 07/06/2008 19:12:27
AESCN.DLL : 8.1.0.21 119156 Bytes 07/06/2008 19:12:23
AERDL.DLL : 8.1.0.20 418165 Bytes 07/06/2008 19:12:19
AEPACK.DLL : 8.1.1.5 364918 Bytes 07/06/2008 19:12:15
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 07/06/2008 19:12:11
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 07/06/2008 19:12:08
AEHELP.DLL : 8.1.0.15 115063 Bytes 07/06/2008 19:12:00
AEGEN.DLL : 8.1.0.28 307572 Bytes 07/06/2008 19:11:58
AEEMU.DLL : 8.1.0.6 430451 Bytes 07/06/2008 19:11:54
AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 19:11:50
AVWINLL.DLL : 1.0.0.7 14593 Bytes 24/01/2008 01:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 18:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 21:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 24/01/2008 01:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 16:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 16:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/01/2008 01:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 24/01/2008 01:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 20:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 22:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 20:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 8 juin 2008 11:44
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'searchindexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'UnlockerAssistant.exe' - '1' Module(s) have been scanned
Scan process 'matlab.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'matlabserver.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'prevxcsi.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '26' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{3F9574C6-B099-4CC2-9C9D-3CCD7EE0465B}\RP3\A0000258.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487c297f.qua'!
C:\System Volume Information\_restore{3F9574C6-B099-4CC2-9C9D-3CCD7EE0465B}\RP3\A0000259.exe
[DETECTION] Is the Trojan horse TR/Dldr.VB.epp
[NOTE] The file was moved to '487c2987.qua'!
C:\WINDOWS\system32\drivers\dtscsi.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd7549.sys
[WARNING] The file could not be opened!
End of the scan: dimanche 8 juin 2008 12:56
Used time: 1:11:26 min
The scan has been done completely.
12368 Scanning directories
641984 Files were scanned
2 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
4 Files cannot be scanned
641982 Files not concerned
8597 Archives were scanned
4 Warnings
2 Notes
…………………………………
Voilà, j’espère que ce n’était pas Mal de faire ça, en tout cas j’ai mis la plupart des fichiers suspects en quarantaine.
Toujours impossible de mettre à jour le centre desécurité windows.
à quoi sert le redémarrage "sans échec "? est-ce cela que tu appelles "mode normal" ? si oui dois-je le faire systématiquement après un scan ?
merci encore, cette fois j'attends tes instructions pour continuer.