Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

point de restauration systéme défectueux

nacarat

Par nacarat
dans Analyses et éradication malwares

 Partager

Messages recommandés

nacarat Member

nacarat

Posté(e)
Posté(e)

Bonjour

Suite à l'apparition de la fenêtre : deck / scrollbar property out of range et à l'invitation de Papo,

j'ai restauré mon systéme sachant qu'il ne me semble pas qu'il soit infecté car j'ai fait un scan avec antivir qui n'a rien signalé.

 

La fenêtre a disparu et tout allait bien mais maintenant je n'arrive plus à ouvrir "mes documents" et les racourcis installés sur le bureau se connecte avec un fenêtre "ouvrir avec" et suit une liste de programmes.

 

J'ai essayé la méthode magique de Papo à savoir restaurer le systéme mais là, la restauration systéme se bloque en cours de parcours .

 

Voici le rapport antivir et Highjack

 

Merci de votre aide

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 17 novembre 2006 23:40

 

Scanning for 556169 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: MARINO

Computer name: ACER-1916361FFD

 

Version information:

AVSCAN.EXE : 7.0.0.47 200744 18/09/2006 23:23:50

AVSCAN.DLL : 7.0.0.45 41000 18/09/2006 23:23:50

LUKE.DLL : 7.0.0.47 118824 18/09/2006 23:23:52

LUKERES.DLL : 7.0.0.47 9256 18/09/2006 23:23:52

ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:05:28

ANTIVIR1.VDF : 6.36.1.24 2212864 14/11/2006 00:17:22

ANTIVIR2.VDF : 6.36.1.25 2048 14/11/2006 00:17:22

ANTIVIR3.VDF : 6.36.1.47 35840 17/11/2006 11:17:04

AVEWIN32.DLL : 7.2.0.39 1909248 08/11/2006 23:11:26

AVPREF.DLL : 7.0.0.2 23592 18/09/2006 23:23:50

AVREP.DLL : 6.36.1.1 925736 08/11/2006 23:11:26

AVRPBASE.DLL : 7.0.0.0 2162728 04/05/2006 14:01:18

AVPACK32.DLL : 7.2.0.5 368680 05/11/2006 17:48:38

AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36

NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:50

NETNW.DLL : 7.0.0.0 9768 18/09/2006 23:23:52

RCIMAGE.DLL : 7.0.0.74 1642536 18/09/2006 23:23:44

RCTEXT.DLL : 7.0.1.4 77864 02/10/2006 16:33:22

 

Configuration settings for the scan:

Jobname.......................: Local Hard Disks

Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp

Boot sectors..................: C,D

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,1005,

Macro heuristic...............: 1

File heuristic................: 2

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: vendredi 17 novembre 2006 23:40

 

 

The scan of running processes will be started

4 Processes were scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 30 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\DEFAULT

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SOFTWARE

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SYSTEM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\ntuser.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Sysinfo\WORKS70\COMMON\APERþu.WSB

[WARNING] The file could not be opened!

 

 

End of the scan: samedi 18 novembre 2006 00:27

Used time: 46:59 min

 

The scan has been done completely.

 

3849 Scanning directories

214079 Files were scanned

0 viruses and/or unwanted programs were found

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

7180 Archives were scanned

20 Warnings

10 Notes

 

 

 

 

 

AntiVir PersonalEdition Classic

Report file date: vendredi 17 novembre 2006 23:40

 

Scanning for 556169 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-WURGE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: MARINO

Computer name: ACER-1916361FFD

 

Version information:

AVSCAN.EXE : 7.0.0.47 200744 18/09/2006 23:23:50

AVSCAN.DLL : 7.0.0.45 41000 18/09/2006 23:23:50

LUKE.DLL : 7.0.0.47 118824 18/09/2006 23:23:52

LUKERES.DLL : 7.0.0.47 9256 18/09/2006 23:23:52

ANTIVIR0.VDF : 6.35.0.1 7371264 31/05/2006 10:05:28

ANTIVIR1.VDF : 6.36.1.24 2212864 14/11/2006 00:17:22

ANTIVIR2.VDF : 6.36.1.25 2048 14/11/2006 00:17:22

ANTIVIR3.VDF : 6.36.1.47 35840 17/11/2006 11:17:04

AVEWIN32.DLL : 7.2.0.39 1909248 08/11/2006 23:11:26

AVPREF.DLL : 7.0.0.2 23592 18/09/2006 23:23:50

AVREP.DLL : 6.36.1.1 925736 08/11/2006 23:11:26

AVRPBASE.DLL : 7.0.0.0 2162728 04/05/2006 14:01:18

AVPACK32.DLL : 7.2.0.5 368680 05/11/2006 17:48:38

AVREG.DLL : 6.31.0.90 27688 28/07/2005 10:06:36

NETNT.DLL : 6.32.0.0 6696 27/09/2005 07:56:50

NETNW.DLL : 7.0.0.0 9768 18/09/2006 23:23:52

RCIMAGE.DLL : 7.0.0.74 1642536 18/09/2006 23:23:44

RCTEXT.DLL : 7.0.1.4 77864 02/10/2006 16:33:22

 

Configuration settings for the scan:

Jobname.......................: Local Hard Disks

Configuration file............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp

Boot sectors..................: C,D

Scan memory...................: 1

Process scan..................: 1

Scan all files................: 1

Scan archives.................: 1

Recursion depth...............: 20

Smart extensions..............: 1

Skipped archive types.........: 1000,1001,1002,1003,1004,1005,

Macro heuristic...............: 1

File heuristic................: 2

Primary action................: 1

Secondary action..............: 0

 

Start of the scan: vendredi 17 novembre 2006 23:40

 

 

The scan of running processes will be started

4 Processes were scanned

 

Start scanning boot sectors:

 

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( 30 files ).

 

 

Starting the file scan:

 

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\system.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\software.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\default.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY.LOG

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\DEFAULT

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SECURITY

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SOFTWARE

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SYSTEM

[WARNING] The file could not be opened!

C:\WINDOWS\system32\config\SAM

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\ntuser.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\ntuser.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\ntuser.dat

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

[WARNING] The file could not be opened!

C:\Documents and Settings\MARINO\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat

[WARNING] The file could not be opened!

C:\Sysinfo\WORKS70\COMMON\APERþu.WSB

[WARNING] The file could not be opened!

 

 

End of the scan: samedi 18 novembre 2006 00:27

Used time: 46:59 min

 

The scan has been done completely.

 

3849 Scanning directories

214079 Files were scanned

0 viruses and/or unwanted programs were found

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

7180 Archives were scanned

20 Warnings

10 Notes

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 23:20:13, on 17/11/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Acer\eManager\anbmServ.exe

C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

C:\Program Files\ewido\security suite\ewidoctrl.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Launch Manager\LaunchAp.exe

C:\Program Files\Launch Manager\PowerKey.exe

C:\Program Files\Launch Manager\HotkeyApp.exe

C:\Program Files\Launch Manager\CtrlVol.exe

C:\Program Files\Launch Manager\OSDCtrl.exe

C:\Program Files\Launch Manager\Wbutton.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\ltmoh\Ltmoh.exe

C:\Program Files\Arcade\PCMService.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe

C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe

C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Logitech\MouseWare\system\em_exec.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\WinRAR\WinRAR.exe

C:\DOCUME~1\MARINO\LOCALS~1\Temp\Rar$EX20.922\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll (file missing)

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe

O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"

O4 - HKLM\..\Run: [LManager] C:\Program Files\Launch Manager\HotkeyApp.exe

O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe

O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe

O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe

O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Arcade\PCMService.exe"

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [boots Insert Detect] C:\Program Files\Boots F2CD\Picture Suite\InsDetect.exe

O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1145286716125

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe

O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: lxcf_device - Unknown owner - C:\WINDOWS\system32\lxcfcoms.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

O23 - Service: Windows Defender Service (WinDefend) - Unknown owner - C:\Program Files\Windows Defender\MsMpEng.exe (file missing)

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...