Problème Backdoor.win32.small.fyt
ponponmontblanc
Messages postés
14
Statut
Membre
-
ponponmontblanc Messages postés 14 Statut Membre -
ponponmontblanc Messages postés 14 Statut Membre -
Bonjour,
Mon ordi est infecté par un backdoor, en me baladant sur ce forum, j'ai vu une manip avec Netlog. Je l'ai effectuée, et comme le recommande le site, je vous transmets le rapport et m'en remet à l"helper" qui voudra bien me conseiller.
Merci d'avance.
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Guillaume"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\users\guilla~1\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\Guillaume\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\Guillaume\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\Guillaume\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\Guillaume\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\Guillaume\AppData\Local\Microsoft" :
* Dans "C:\Users\Guillaume\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 04/09/2008 à 18:55:33,75 ***
Mon ordi est infecté par un backdoor, en me baladant sur ce forum, j'ai vu une manip avec Netlog. Je l'ai effectuée, et comme le recommande le site, je vous transmets le rapport et m'en remet à l"helper" qui voudra bien me conseiller.
Merci d'avance.
Outil exécuté depuis C:\Program Files\navilog1
Session actuelle : "Guillaume"
Mise à jour le 22.08.2008 à 17h30 par IL-MAFIOSO
Microsoft Windows Vista 6.0.6001
Internet Explorer : 7.0.6001.18000
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "C:\Windows" ***
*** Recherche dossiers dans "C:\Program Files" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "c:\progra~2\micros~1\windows\startm~1" ***
*** Recherche dossiers dans "C:\ProgramData" ***
*** Recherche dossiers dans "c:\users\guilla~1\appdata\roaming\micros~1\windows\startm~1\programs" ***
*** Recherche dossiers dans "C:\Users\Guillaume\AppData\Local\virtualstore\Program Files" ***
*** Recherche dossiers dans "C:\Users\Guillaume\AppData\Roaming" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "C:\Windows\system32" *
* Recherche dans "C:\Users\Guillaume\AppData\Local\Microsoft" *
* Recherche dans "C:\Users\Guillaume\AppData\Local" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "C:\Windows\system32" :
* Dans "C:\Users\Guillaume\AppData\Local\Microsoft" :
* Dans "C:\Users\Guillaume\AppData\Local" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
*** Analyse terminée le 04/09/2008 à 18:55:33,75 ***
25 réponses
c'est orange, je me doute bien que c'est pas le top!! à y réfléchir, c'est normal, puisqu'il ne doit fonctionner que connecté à internet...
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
http://www.securitoo.com/fra/download/UNINSTALATION_TOOL.exe
Ton antivirus orange s'appelle t-il Securitoo?
Si c'est le cas, voici une procédure pour le désinstaller.
"Nous vous recommandons de suivre la procédure ci-dessous pour désinstaller Securitoo AntiVirus Firewall de manière "propre" :
Désinstallez Securitoo AntiVirus Firewall : cliquez sur le menu "Démarrer" puis sur "Programmes" (ou "Tous les programmes").
Cliquez ensuite sur "Securitoo / Securitoo Antivirus Firewal / Désinstaller Securitoo Antivirus Firewall"
Pour finir, redémarrez votre PC.
1/ Téléchargez le fichier" UNINSTALATION_TOOL.exe et enregistrez-le sur votre disque dur (dans le dossier "Mes documents" ou sur le bureau de Windows par exemple).
2/ Executez le fichier "UNINSTALATION_TOOL.exe" que vous avez enregistré.
3/ Redémarrez normalement votre ordinateur. "
Ton antivirus orange s'appelle t-il Securitoo?
Si c'est le cas, voici une procédure pour le désinstaller.
"Nous vous recommandons de suivre la procédure ci-dessous pour désinstaller Securitoo AntiVirus Firewall de manière "propre" :
Désinstallez Securitoo AntiVirus Firewall : cliquez sur le menu "Démarrer" puis sur "Programmes" (ou "Tous les programmes").
Cliquez ensuite sur "Securitoo / Securitoo Antivirus Firewal / Désinstaller Securitoo Antivirus Firewall"
Pour finir, redémarrez votre PC.
1/ Téléchargez le fichier" UNINSTALATION_TOOL.exe et enregistrez-le sur votre disque dur (dans le dossier "Mes documents" ou sur le bureau de Windows par exemple).
2/ Executez le fichier "UNINSTALATION_TOOL.exe" que vous avez enregistré.
3/ Redémarrez normalement votre ordinateur. "
Puis après telecharge avira antivir ici https://www.01net.com/telecharger/windows/Securite/antivirus-antitrojan/fiches/13198.html
Mise a jour puis scan en mode sans echec poste ensuite le rapport situé dans Orverview>repport
Mise a jour puis scan en mode sans echec poste ensuite le rapport situé dans Orverview>repport
Non, c'est une version plus récente il s'appelle anti-virus fire wall PC, mais si je le supprime il m'en faut un autre? lequel?
voici le report du scan :
Avira AntiVir Personal
Report file date: jeudi 4 septembre 2008 19:55
Scanning for 1598352 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode with network
Username: Guillaume
Computer name: PC-DE-GUILLAUME
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 17:44:59
ANTIVIR3.VDF : 7.0.6.118 179712 Bytes 04/09/2008 17:45:00
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 17:45:13
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 17:45:12
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 17:45:12
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 17:45:11
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 04/09/2008 17:45:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 17:45:04
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 17:45:01
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 4 septembre 2008 19:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32Info.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'F:\' <DISQUE GP>
F:\Logiciels lu\PHOTOPROUT\Adobe.Photoshop.CS2.v.9.0+Keygen+Patch Fr\Dossier Keygen + Patch Français\keygen.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[WARNING] The file was ignored!
End of the scan: jeudi 4 septembre 2008 23:37
Used time: 3:41:47 Hour(s)
The scan has been done completely.
18278 Scanning directories
450087 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
450085 Files not concerned
3246 Archives were scanned
2 Warnings
0 Notes
Avira AntiVir Personal
Report file date: jeudi 4 septembre 2008 19:55
Scanning for 1598352 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode with network
Username: Guillaume
Computer name: PC-DE-GUILLAUME
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 17:44:59
ANTIVIR3.VDF : 7.0.6.118 179712 Bytes 04/09/2008 17:45:00
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 17:45:13
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 17:45:12
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 17:45:12
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 17:45:11
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 04/09/2008 17:45:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 17:45:04
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 17:45:01
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 4 septembre 2008 19:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32Info.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'F:\' <DISQUE GP>
F:\Logiciels lu\PHOTOPROUT\Adobe.Photoshop.CS2.v.9.0+Keygen+Patch Fr\Dossier Keygen + Patch Français\keygen.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[WARNING] The file was ignored!
End of the scan: jeudi 4 septembre 2008 23:37
Used time: 3:41:47 Hour(s)
The scan has been done completely.
18278 Scanning directories
450087 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
450085 Files not concerned
3246 Archives were scanned
2 Warnings
0 Notes
WORM/Autorun.cxl supprimé ?
Télécharge a-squared et fais une mise à jour, puis un scan detail(complet)
http://download3.emsisoft.com/a2AntiMalwareSetup.exe
Tuto : http://www.malekal.com/tutorial_a2squaredfree.php
Si il trouve des virus supprime les, a la fin su scan copie/colle le rapport obtenu dans
ton prochain message.
Télécharge a-squared et fais une mise à jour, puis un scan detail(complet)
http://download3.emsisoft.com/a2AntiMalwareSetup.exe
Tuto : http://www.malekal.com/tutorial_a2squaredfree.php
Si il trouve des virus supprime les, a la fin su scan copie/colle le rapport obtenu dans
ton prochain message.
Salut plm, merci pour l'attention que tu m'apportes.
Le scan detail est en cours,je te le transmets apres.
Le scan detail est en cours,je te le transmets apres.
voici le scan detail :
(merci pour tout...)
Avira AntiVir Personal
Report file date: jeudi 4 septembre 2008 19:55
Scanning for 1598352 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode with network
Username: Guillaume
Computer name: PC-DE-GUILLAUME
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 17:44:59
ANTIVIR3.VDF : 7.0.6.118 179712 Bytes 04/09/2008 17:45:00
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 17:45:13
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 17:45:12
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 17:45:12
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 17:45:11
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 04/09/2008 17:45:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 17:45:04
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 17:45:01
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 4 septembre 2008 19:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32Info.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'F:\' <DISQUE GP>
F:\Logiciels lu\PHOTOPROUT\Adobe.Photoshop.CS2.v.9.0+Keygen+Patch Fr\Dossier Keygen + Patch Français\keygen.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[WARNING] The file was ignored!
End of the scan: jeudi 4 septembre 2008 23:37
Used time: 3:41:47 Hour(s)
The scan has been done completely.
18278 Scanning directories
450087 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
450085 Files not concerned
3246 Archives were scanned
2 Warnings
0 Notes
(merci pour tout...)
Avira AntiVir Personal
Report file date: jeudi 4 septembre 2008 19:55
Scanning for 1598352 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (Service Pack 1) [6.0.6001]
Boot mode: Save mode with network
Username: Guillaume
Computer name: PC-DE-GUILLAUME
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 17:44:59
ANTIVIR3.VDF : 7.0.6.118 179712 Bytes 04/09/2008 17:45:00
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 04/09/2008 17:45:13
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.1 397683 Bytes 04/09/2008 17:45:12
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 04/09/2008 17:45:12
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 04/09/2008 17:45:11
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 04/09/2008 17:45:05
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 04/09/2008 17:45:04
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 04/09/2008 17:45:01
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 4 septembre 2008 19:55
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32Info.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
22 processes with 22 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <PRESARIO_RP>
Begin scan in 'F:\' <DISQUE GP>
F:\Logiciels lu\PHOTOPROUT\Adobe.Photoshop.CS2.v.9.0+Keygen+Patch Fr\Dossier Keygen + Patch Français\keygen.exe
[DETECTION] Contains recognition pattern of the WORM/Autorun.cxl worm
[WARNING] The file was ignored!
End of the scan: jeudi 4 septembre 2008 23:37
Used time: 3:41:47 Hour(s)
The scan has been done completely.
18278 Scanning directories
450087 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
450085 Files not concerned
3246 Archives were scanned
2 Warnings
0 Notes
Oui, mais antivir me dit toujours qu'il y a un bacckdoor à l'adresse :
C:\Users\Guillaume8Appdata\local\Microsoft\windows\temporary internet files\low\content.IE5\6IGFILAA\install_wmpwindowsxp86FRFR.exe[1].exe
Le problème initial vient du fait que parfois sur internet, je n'arrive pas à lire les video WMP directemment(il faut que je les enregistre avant), sinon, IE me dit que la page est inaccessible.
Il y a quelques jours, je me suis donc dit que j'allais essayer une méthode bourrin : réinstaller WMP, et quand je l'installe à partir d'internet, mon antivi me présente le message au dessus et quand je clique sur supprimer ou mettre en quarantaine, il ne se passe rien. (idem avec orange, que j'ai maintenant désactivé).
C:\Users\Guillaume8Appdata\local\Microsoft\windows\temporary internet files\low\content.IE5\6IGFILAA\install_wmpwindowsxp86FRFR.exe[1].exe
Le problème initial vient du fait que parfois sur internet, je n'arrive pas à lire les video WMP directemment(il faut que je les enregistre avant), sinon, IE me dit que la page est inaccessible.
Il y a quelques jours, je me suis donc dit que j'allais essayer une méthode bourrin : réinstaller WMP, et quand je l'installe à partir d'internet, mon antivi me présente le message au dessus et quand je clique sur supprimer ou mettre en quarantaine, il ne se passe rien. (idem avec orange, que j'ai maintenant désactivé).
L'antivirus orange m'annonçait : Backdoor.win32.small.fyt
Antivir personnal dit : "contains a recognition pattern of the (harmful) BDS/small.fyt back door program"
Antivir personnal dit : "contains a recognition pattern of the (harmful) BDS/small.fyt back door program"
