Problème avec win32 trojan-gen {other}
Résolu/Fermé
bou33
Messages postés
26
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
29 juillet 2008
-
26 juil. 2008 à 12:11
bou33 Messages postés 26 Date d'inscription samedi 26 juillet 2008 Statut Membre Dernière intervention 29 juillet 2008 - 29 juil. 2008 à 19:37
bou33 Messages postés 26 Date d'inscription samedi 26 juillet 2008 Statut Membre Dernière intervention 29 juillet 2008 - 29 juil. 2008 à 19:37
A voir également:
- Problème avec win32 trojan-gen {other}
- Win32 trojan gen - Forum Virus / Sécurité
- Trojan remover - Télécharger - Antivirus & Antimalwares
- Win32:evo-gen - Forum antivirus
- Win32:malware-gen ✓ - Forum Virus / Sécurité
- Win32:pup-gen ✓ - Forum Virus / Sécurité
44 réponses
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
29 juil. 2008 à 13:04
29 juil. 2008 à 13:04
Si tu n'es pas sûr, tu peux retrouver le rapport d'Antivir : double clique sur l'icone antivir près de l'heure, clique sur Reports, double clique sur le rapport de scan le plus récent, puis clique sur "Report file" et fais un copier/coller ici.
Sinon, si tu es sûr que tout ce qu'Antivir a détecté était pour la restauration système, il suffit de faire ce que je t'ai indiqué dans le message 37, c'est à dire :
Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection).
* Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés.
* Sélectionne l'onglet restauration du système
* Coche l'option Désactiver la restauration du système sur tous les lecteurs
* Clique sur OK.
Puis refais la manipulation inverse pour réactiver la restauration système.
Sinon, si tu es sûr que tout ce qu'Antivir a détecté était pour la restauration système, il suffit de faire ce que je t'ai indiqué dans le message 37, c'est à dire :
Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection).
* Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés.
* Sélectionne l'onglet restauration du système
* Coche l'option Désactiver la restauration du système sur tous les lecteurs
* Clique sur OK.
Puis refais la manipulation inverse pour réactiver la restauration système.
bou33
Messages postés
26
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
29 juillet 2008
29 juil. 2008 à 16:36
29 juil. 2008 à 16:36
Je n'ai pas effacé le rapport , le voici:
Avira AntiVir Personal
Report file date: lundi 28 juillet 2008 18:50
Scanning for 1513701 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACER-BOUCHON
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 08:42:50
ANTIVIR3.VDF : 7.0.5.178 53248 Bytes 28/07/2008 09:05:30
Engineversion : 8.1.1.12
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 27/07/2008 08:42:58
AESCN.DLL : 8.1.0.23 119156 Bytes 27/07/2008 08:42:58
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52
AEPACK.DLL : 8.1.2.1 364917 Bytes 27/07/2008 08:42:58
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 27/07/2008 08:42:56
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 27/07/2008 08:42:54
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52
AEGEN.DLL : 8.1.0.31 311669 Bytes 27/07/2008 08:42:52
AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 08:46:52
AECORE.DLL : 8.1.1.7 172406 Bytes 27/07/2008 08:42:52
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98561 Bytes 27/07/2008 08:42:50
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: lundi 28 juillet 2008 18:50
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'mantispm.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ZLCLIENT.EXE' - '0' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'VSNP2STD.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'VSMON.EXE' - '0' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP638\A0096890.CMD
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48bdfe7d.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP638\A0096891.EXE
[DETECTION] Contains recognition pattern of the APPL/Tool.PsKill.2 application
[NOTE] The file was moved to '48bdfe86.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097231.exe
[DETECTION] Contains recognition pattern of the APPL/Tool.PsKill.2 application
[NOTE] The file was moved to '48bdfe8e.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097247.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '48bdfe91.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097266.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48bdfe98.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097276.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Reboot.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48bdfe9d.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097291.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '48bdfea2.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097292.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48bdfeab.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097306.cmd
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49290eb4.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097485.exe
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\NirCmd.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 327882R2FWJFW\nircmd.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 327882R2FWJFW\NirCmdC.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains recognition pattern of the APPL/Rmadmin.131072 application
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains recognition pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '48bdfeb1.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP588\A0089050.exe
[DETECTION] Is the TR/Krunchy Trojan
[NOTE] The file was moved to '48bdfed8.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP617\A0092433.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48bdfef7.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096773.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48bdff16.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096775.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48bdff17.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP640\A0096952.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '48bdff18.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097132.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '48bdff1e.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097145.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '49290f07.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097152.EXE
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] The file was moved to '48bdff1f.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097175.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '48bdff20.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP642\A0097192.exe
[DETECTION] Contains recognition pattern of the APPL/BoontyGames application
[NOTE] The file was moved to '48bdff22.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP642\A0097199.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '49290f3b.qua'!
Begin scan in 'D:\' <ACERDATA>
D:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP617\A0092612.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48be006a.qua'!
D:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096778.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48be006d.qua'!
End of the scan: lundi 28 juillet 2008 19:22
Used time: 32:08 Minute(s)
The scan has been done completely.
6278 Scanning directories
239820 Files were scanned
24 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
0 files were deleted
0 files were repaired
23 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
239791 Files not concerned
12999 Archives were scanned
5 Warnings
23 Notes
Y-a-t-il encore des virus ou autres. J'attends ta réponse pour faire le point de restauration.
Si tu as le temps, peux-tu me dire quoi faire de l'extension téléchargée adblockplus je me retrouve avec un fichier que je ne peux même pas ouvrir et je ne sais pas où le ranger.
Avira AntiVir Personal
Report file date: lundi 28 juillet 2008 18:50
Scanning for 1513701 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACER-BOUCHON
Version information:
BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 08:42:50
ANTIVIR3.VDF : 7.0.5.178 53248 Bytes 28/07/2008 09:05:30
Engineversion : 8.1.1.12
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 27/07/2008 08:42:58
AESCN.DLL : 8.1.0.23 119156 Bytes 27/07/2008 08:42:58
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52
AEPACK.DLL : 8.1.2.1 364917 Bytes 27/07/2008 08:42:58
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 27/07/2008 08:42:56
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 27/07/2008 08:42:54
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52
AEGEN.DLL : 8.1.0.31 311669 Bytes 27/07/2008 08:42:52
AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 08:46:52
AECORE.DLL : 8.1.1.7 172406 Bytes 27/07/2008 08:42:52
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98561 Bytes 27/07/2008 08:42:50
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: lundi 28 juillet 2008 18:50
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'mantispm.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'ZLCLIENT.EXE' - '0' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'VSNP2STD.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'VSMON.EXE' - '0' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
27 processes with 27 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP638\A0096890.CMD
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48bdfe7d.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP638\A0096891.EXE
[DETECTION] Contains recognition pattern of the APPL/Tool.PsKill.2 application
[NOTE] The file was moved to '48bdfe86.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097231.exe
[DETECTION] Contains recognition pattern of the APPL/Tool.PsKill.2 application
[NOTE] The file was moved to '48bdfe8e.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097247.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '48bdfe91.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097266.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48bdfe98.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097276.exe
[0] Archive type: RAR SFX (self extracting)
--> SmitfraudFix\Reboot.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix\restart.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48bdfe9d.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097291.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
[NOTE] The file was moved to '48bdfea2.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097292.exe
[DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
[NOTE] The file was moved to '48bdfeab.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097306.cmd
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49290eb4.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097485.exe
[0] Archive type: RAR SFX (self extracting)
--> 327882R2FWJFW\NirCmd.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 327882R2FWJFW\nircmd.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
--> 327882R2FWJFW\NirCmdC.cfexe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
--> 327882R2FWJFW\psexec.cfexe
[DETECTION] Contains recognition pattern of the APPL/Rmadmin.131072 application
--> 327882R2FWJFW\pv.cfexe
[DETECTION] Contains recognition pattern of the SPR/Tool.PV program
[NOTE] The file was moved to '48bdfeb1.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP588\A0089050.exe
[DETECTION] Is the TR/Krunchy Trojan
[NOTE] The file was moved to '48bdfed8.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP617\A0092433.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48bdfef7.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096773.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48bdff16.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096775.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48bdff17.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP640\A0096952.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '48bdff18.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097132.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '48bdff1e.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097145.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '49290f07.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097152.EXE
[DETECTION] Contains recognition pattern of the APPL/PsExec.E application
[NOTE] The file was moved to '48bdff1f.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097175.com
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '48bdff20.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP642\A0097192.exe
[DETECTION] Contains recognition pattern of the APPL/BoontyGames application
[NOTE] The file was moved to '48bdff22.qua'!
C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP642\A0097199.exe
[DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
[NOTE] The file was moved to '49290f3b.qua'!
Begin scan in 'D:\' <ACERDATA>
D:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP617\A0092612.exe
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '48be006a.qua'!
D:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096778.exe
[DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
[NOTE] The file was moved to '48be006d.qua'!
End of the scan: lundi 28 juillet 2008 19:22
Used time: 32:08 Minute(s)
The scan has been done completely.
6278 Scanning directories
239820 Files were scanned
24 viruses and/or unwanted programs were found
4 Files were classified as suspicious:
0 files were deleted
0 files were repaired
23 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
239791 Files not concerned
12999 Archives were scanned
5 Warnings
23 Notes
Y-a-t-il encore des virus ou autres. J'attends ta réponse pour faire le point de restauration.
Si tu as le temps, peux-tu me dire quoi faire de l'extension téléchargée adblockplus je me retrouve avec un fichier que je ne peux même pas ouvrir et je ne sais pas où le ranger.
anthony5151
Messages postés
10573
Date d'inscription
vendredi 27 juin 2008
Statut
Contributeur sécurité
Dernière intervention
2 mars 2015
790
29 juil. 2008 à 18:07
29 juil. 2008 à 18:07
Ok, ce ne sont que des archives de la restauration système et de SmitFraudFix (que tu as utilisé au début de la désinfection).
Si tu fais tout ce que je t'ai indiqué ici, tu effaceras correctement toutes les traces de l'infection :
http://www.commentcamarche.net/forum/affich 7593101 probleme avec win32 trojan gen other?page=2#37
Si tu fais tout ce que je t'ai indiqué ici, tu effaceras correctement toutes les traces de l'infection :
http://www.commentcamarche.net/forum/affich 7593101 probleme avec win32 trojan gen other?page=2#37
bou33
Messages postés
26
Date d'inscription
samedi 26 juillet 2008
Statut
Membre
Dernière intervention
29 juillet 2008
29 juil. 2008 à 19:37
29 juil. 2008 à 19:37
ok merci pour tout et j'espère ne pas à avoir à revenir sur le forum pour des soucis d'infection de mon pc.
GRAND MERCI.
GRAND MERCI.