Prblème avec un virus : JS:FakeAV-A [Trj]

Résolu

artanis2880 Messages postés 35 Statut Membre -
g!rly Messages postés 18462 Statut Contributeur - 13 déc. 2008 à 18:33

Bonjour, j'ai un problème avec un virus, JS:FakeAV-A [Trj], c'est ce que avast me marque. Je suis incapable de le supprimer, avast le détecte mais il ne me donne pas l'optn de le supprimer. Il m'apparait constament des pubs quand je suis sur internet... pouvez-vous m'aider??????

Merci d'avance

Afficher la suite

A voir également:

Prblème avec un virus : JS:FakeAV-A [Trj]
Virus mcafee - Accueil - Piratage
Virus informatique - Guide
Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
Undisclosed-recipients virus - Guide
Ordinateur bloqué virus - Accueil - Arnaque

53 réponses

Réponse 41 / 53

artanis2880 Messages postés 35 Statut Membre

Je ne trouves pas du tout rootkit search dans l'anti-virus

Réponse 42 / 53

artanis2880 Messages postés 35 Statut Membre

J'ai trouvé!!!

Réponse 43 / 53

artanis2880 Messages postés 35 Statut Membre

Voici le rapport

Avira AntiVir Personal
Report file date: 27 novembre 2008 12:05

Scanning for 1056637 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: CLIENT-7BBC2144

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-27 16:46:58
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 14:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 19:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 14:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 16:46:58
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 2008-11-09 16:46:58
ANTIVIR2.VDF : 7.1.0.124 376832 Bytes 2008-11-23 16:46:58
ANTIVIR3.VDF : 7.1.0.149 166400 Bytes 2008-11-27 16:46:58
Engineversion : 8.2.0.35
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 17:05:58
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 2008-11-27 16:46:58
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-27 16:46:58
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-27 16:46:58
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-27 16:46:58
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 2008-11-27 16:46:58
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 2008-11-27 16:46:58
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-27 16:46:58
AEGEN.DLL : 8.1.1.5 323956 Bytes 2008-11-27 16:46:58
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 17:05:58
AECORE.DLL : 8.1.5.1 172406 Bytes 2008-11-27 16:46:58
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 17:05:58
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 15:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 16:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-27 16:46:58
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 18:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 15:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 19:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-23 00:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 19:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 19:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 20:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 20:34:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: 27 novembre 2008 12:05

Starting search for hidden objects.
'36539' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'ViewMgr.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RoxWatch.exe' - '1' Module(s) have been scanned
Scan process 'RoxMediaDB.exe' - '1' Module(s) have been scanned
Scan process 'NkMonitor.exe' - '1' Module(s) have been scanned
Scan process 'AnyDVDtray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'WeatherEye.exe' - '1' Module(s) have been scanned
Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned
Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned
Scan process 'IGFXPERS.EXE' - '1' Module(s) have been scanned
Scan process 'SoundMan.exe' - '1' Module(s) have been scanned
Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned
Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '56' files ).

Starting the file scan:

Begin scan in 'C:\' <SYSTEM>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6VOLQD4L\top[1].rdf
[DETECTION] Is the TR/Monder.aada Trojan
[NOTE] The file was deleted!
C:\Program Files\Wedding Dash\Wedding Dash.exe.bak
[DETECTION] Is the TR/Dldr.Agent.alzc Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{8BF267AE-0161-4D3F-9335-8A8F20F51C12}\RP80\A0009144.dll
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '495ed774.qua'!
C:\System Volume Information\_restore{8BF267AE-0161-4D3F-9335-8A8F20F51C12}\RP80\A0009145.dll
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\System Volume Information\_restore{8BF267AE-0161-4D3F-9335-8A8F20F51C12}\RP80\A0009146.dll
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '495ed780.qua'!
C:\System Volume Information\_restore{8BF267AE-0161-4D3F-9335-8A8F20F51C12}\RP80\A0009147.dll
[DETECTION] Is the TR/Vundo.fxr.84 Trojan
[NOTE] The file was deleted!
C:\System Volume Information\_restore{8BF267AE-0161-4D3F-9335-8A8F20F51C12}\RP80\A0009148.dll
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[WARNING] The file was ignored!
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S.vir
[DETECTION] Contains recognition pattern of the DR/MyWebSearch.AU dropper
[NOTE] The file was deleted!
C:\Qoobox\Quarantine\C\WINDOWS\system32\gzrglq.dll.vir
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49a0d8e5.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\iettmn.dll.vir
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49a2d8d4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\oblaprtu.dll.vir
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '499ad8d4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\qoMccCvw.dll.vir
[DETECTION] Is the TR/Vundo.fxr.84 Trojan
[NOTE] The file was moved to '497bd8e4.qua'!
C:\Qoobox\Quarantine\C\WINDOWS\system32\tmxfkgxf.dll.vir
[DETECTION] Contains HEUR/Crypted suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '49a6d8e5.qua'!
Begin scan in 'D:\' <BACKUP>
D:\FOUND.000\FILE0161.CHK
[0] Archive type: ZIP
--> album-348.jpg_artanis2880@hotmail.com
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.98304 back-door program
[NOTE] The file was deleted!

End of the scan: 27 novembre 2008 12:43
Used time: 37:59 Minute(s)

The scan has been done completely.

4317 Scanning directories
266309 Files were scanned
6 viruses and/or unwanted programs were found
8 Files were classified as suspicious:
5 files were deleted
0 files were repaired
7 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
266294 Files not concerned
1668 Archives were scanned
3 Warnings
14 Notes
36539 Objects were scanned with rootkit scan
0 Hidden objects were found

Réponse 44 / 53

artanis2880 Messages postés 35 Statut Membre

J'attends de tes nouvelles!!! Et merci encore pour tout... : )

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 45 / 53

Utilisateur anonyme

hi .........

msn ??

biz

Réponse 46 / 53

artanis2880 Messages postés 35 Statut Membre

Très bien, grâce à toi!!!! merci

Réponse 47 / 53

artanis2880 Messages postés 35 Statut Membre

Est-ce que je dois garder les programmes comme hijackthis, mawarebytes , ToolbarSD.exe, Otmoveit3.exe???

Réponse 48 / 53

g!rly Messages postés 18462 Statut Contributeur 406

resalut,

fais encore ceci pour créer un point de restauration propre car les tiens sont infectés

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés;
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

puis

utilise maintenant et régulièrement :

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

Dans la colonne de gauche, click sur :

->"registre" :

Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.

ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

->"nettoyeur"

quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

+

maintenant et moins régulièrement :

telecharge et instal regcleaner:

http://www.01net.com/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/4894.html

tutorial :

https://forums.cnetfrance.fr

http://www.softastuces.com/tuto/maint/regcleaner/

garde malwarebytes pour scanner ton pc de temps en temps...

pour supprimer les autres outils utilisés :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

voilà

bonne continuation :)

bye

g!rly`

Réponse 49 / 53

Utilisateur anonyme

oué nena ....... nettoie ma restauaration hi hi hi

Réponse 50 / 53

artanis2880 Messages postés 35 Statut Membre

[ Rapport ToolsCleaner version 2.2.6 (par A.Rothstein & dj QUIOU) ]

-->- Recherche:

C:\Combofix.txt: trouvé !
C:\lopR.txt: trouvé !
C:\TB.txt: trouvé !
C:\Lop SD: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Toolbar SD: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\LopSD.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\ToolBarSD.exe: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\hijackthis.log: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\lopR.txt: trouvé !
C:\Documents and Settings\Propriétaire\Bureau\OTMoveIt3.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

---------------------------------
-->- Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\LopSD.exe: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\ComboFix.exe: ERREUR DE SUPPRESSION !!
C:\Documents and Settings\Propriétaire\Bureau\ToolBarSD.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\Combofix.txt: supprimé !
C:\lopR.txt: supprimé !
C:\TB.txt: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\hijackthis.log: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\lopR.txt: supprimé !
C:\Documents and Settings\Propriétaire\Bureau\OTMoveIt3.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !
C:\Lop SD: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Toolbar SD: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Réponse 51 / 53

g!rly Messages postés 18462 Statut Contributeur 406

Salut artanis2880,

Ça va comme tu veux ?

Réponse 52 / 53

artanis2880 Messages postés 35 Statut Membre

Super!!!! Aucun problème!!! Merci

Réponse 53 / 53

g!rly Messages postés 18462 Statut Contributeur 406

;-)

Discussions similaires

Softonic,est-ce un virus ?

virus Artemis!

Désinstaller Softonic

Message Apple virus !!

Erreur 0x800700E1

Prblème avec un virus : JS:FakeAV-A [Trj]

53 réponses

Votre réponse

Discussions similaires

Newsletters