Problème avec win32 trojan-gen {other} - Page 3

Résolu
Précédent
  • 1
  • 2
  • 3
  1. anthony5151 Messages postés 10927 Statut Contributeur sécurité 790
     
    Si tu n'es pas sûr, tu peux retrouver le rapport d'Antivir : double clique sur l'icone antivir près de l'heure, clique sur Reports, double clique sur le rapport de scan le plus récent, puis clique sur "Report file" et fais un copier/coller ici.

    Sinon, si tu es sûr que tout ce qu'Antivir a détecté était pour la restauration système, il suffit de faire ce que je t'ai indiqué dans le message 37, c'est à dire :

    Pour finir le nettoyage, il faut désactiver puis réactiver la restauration système (pour créer un nouveau point de restauration sain et éviter le retour de l'infection).

    * Fais un clic droit sur poste de travail (qui est sur ton bureau ou dans le menu démarrer), puis propriétés.
    * Sélectionne l'onglet restauration du système
    * Coche l'option Désactiver la restauration du système sur tous les lecteurs
    * Clique sur OK.

    Puis refais la manipulation inverse pour réactiver la restauration système.

    0
  2. bou33 Messages postés 26 Statut Membre
     
    Je n'ai pas effacé le rapport , le voici:
    Avira AntiVir Personal
    Report file date: lundi 28 juillet 2008 18:50

    Scanning for 1513701 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: ACER-BOUCHON

    Version information:
    BUILD.DAT : 8.1.0.326 16933 Bytes 11/07/2008 12:57:00
    AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
    AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
    LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
    LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
    ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 08:42:50
    ANTIVIR3.VDF : 7.0.5.178 53248 Bytes 28/07/2008 09:05:30
    Engineversion : 8.1.1.12
    AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 27/07/2008 08:42:58
    AESCN.DLL : 8.1.0.23 119156 Bytes 27/07/2008 08:42:58
    AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:52
    AEPACK.DLL : 8.1.2.1 364917 Bytes 27/07/2008 08:42:58
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 27/07/2008 08:42:56
    AEHEUR.DLL : 8.1.0.44 1343863 Bytes 27/07/2008 08:42:54
    AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52
    AEGEN.DLL : 8.1.0.31 311669 Bytes 27/07/2008 08:42:52
    AEEMU.DLL : 8.1.0.6 430451 Bytes 09/07/2008 08:46:52
    AECORE.DLL : 8.1.1.7 172406 Bytes 27/07/2008 08:42:52
    AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
    AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
    AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
    AVREP.DLL : 8.0.0.2 98561 Bytes 27/07/2008 08:42:50
    AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
    AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
    SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
    RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
    RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
    Macro heuristic..................: on
    File heuristic...................: high
    Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

    Start of the scan: lundi 28 juillet 2008 18:50

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'mantispm.exe' - '1' Module(s) have been scanned
    Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'ZLCLIENT.EXE' - '0' Module(s) have been scanned
    Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
    Scan process 'VSNP2STD.EXE' - '1' Module(s) have been scanned
    Scan process 'ALG.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
    Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
    Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
    Scan process 'SCHED.EXE' - '1' Module(s) have been scanned
    Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
    Scan process 'VSMON.EXE' - '0' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
    Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
    Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
    Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
    Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
    Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
    27 processes with 27 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] System error [21]: Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '56' files ).

    Starting the file scan:

    Begin scan in 'C:\' <ACER>
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP638\A0096890.CMD
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '48bdfe7d.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP638\A0096891.EXE
    [DETECTION] Contains recognition pattern of the APPL/Tool.PsKill.2 application
    [NOTE] The file was moved to '48bdfe86.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097231.exe
    [DETECTION] Contains recognition pattern of the APPL/Tool.PsKill.2 application
    [NOTE] The file was moved to '48bdfe8e.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097247.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
    [NOTE] The file was moved to '48bdfe91.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097266.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
    [NOTE] The file was moved to '48bdfe98.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097276.exe
    [0] Archive type: RAR SFX (self extracting)
    --> SmitfraudFix\Reboot.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
    --> SmitfraudFix\restart.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '48bdfe9d.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097291.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.C program
    [NOTE] The file was moved to '48bdfea2.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097292.exe
    [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program
    [NOTE] The file was moved to '48bdfeab.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097306.cmd
    [DETECTION] Contains HEUR/HTML.Malware suspicious code
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '49290eb4.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP643\A0097485.exe
    [0] Archive type: RAR SFX (self extracting)
    --> 327882R2FWJFW\NirCmd.cfexe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    --> 327882R2FWJFW\nircmd.com
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    --> 327882R2FWJFW\NirCmdC.cfexe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.1.B application
    --> 327882R2FWJFW\psexec.cfexe
    [DETECTION] Contains recognition pattern of the APPL/Rmadmin.131072 application
    --> 327882R2FWJFW\pv.cfexe
    [DETECTION] Contains recognition pattern of the SPR/Tool.PV program
    [NOTE] The file was moved to '48bdfeb1.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP588\A0089050.exe
    [DETECTION] Is the TR/Krunchy Trojan
    [NOTE] The file was moved to '48bdfed8.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP617\A0092433.exe
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '48bdfef7.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096773.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
    [NOTE] The file was moved to '48bdff16.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096775.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
    [NOTE] The file was moved to '48bdff17.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP640\A0096952.com
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    [NOTE] The file was moved to '48bdff18.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097132.com
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    [NOTE] The file was moved to '48bdff1e.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097145.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    [NOTE] The file was moved to '49290f07.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097152.EXE
    [DETECTION] Contains recognition pattern of the APPL/PsExec.E application
    [NOTE] The file was moved to '48bdff1f.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP641\A0097175.com
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    [NOTE] The file was moved to '48bdff20.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP642\A0097192.exe
    [DETECTION] Contains recognition pattern of the APPL/BoontyGames application
    [NOTE] The file was moved to '48bdff22.qua'!
    C:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP642\A0097199.exe
    [DETECTION] Contains recognition pattern of the APPL/NirCmd.E.2.B application
    [NOTE] The file was moved to '49290f3b.qua'!
    Begin scan in 'D:\' <ACERDATA>
    D:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP617\A0092612.exe
    [DETECTION] Contains HEUR/Crypted suspicious code
    [NOTE] The detection was classified as suspicious.
    [NOTE] The file was moved to '48be006a.qua'!
    D:\System Volume Information\_restore{DA1684A3-4776-45C8-851D-DD8A56FF2753}\RP637\A0096778.exe
    [DETECTION] Contains recognition pattern of the DR/Tool.Reboot.F.108 dropper
    [NOTE] The file was moved to '48be006d.qua'!

    End of the scan: lundi 28 juillet 2008 19:22
    Used time: 32:08 Minute(s)

    The scan has been done completely.

    6278 Scanning directories
    239820 Files were scanned
    24 viruses and/or unwanted programs were found
    4 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    23 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    239791 Files not concerned
    12999 Archives were scanned
    5 Warnings
    23 Notes

    Y-a-t-il encore des virus ou autres. J'attends ta réponse pour faire le point de restauration.

    Si tu as le temps, peux-tu me dire quoi faire de l'extension téléchargée adblockplus je me retrouve avec un fichier que je ne peux même pas ouvrir et je ne sais pas où le ranger.
    0
  3. bou33 Messages postés 26 Statut Membre
     
    ok merci pour tout et j'espère ne pas à avoir à revenir sur le forum pour des soucis d'infection de mon pc.

    GRAND MERCI.
    0
Précédent
  • 1
  • 2
  • 3