Trojan.zlob.byp etc...

Funkytom · le 17 janvier 2008

Salut j ai detecté deux virus avec BitDefender que je ne suis pas capable de traiter alors j ai besoin d aide.

Je vous post les rapport que j ai deja je vous posterez ceux que vous avez besoin en temps voulu Merci

KASPERSKY ONLINE SCANNER REPORT

Thursday, January 17, 2008 11:09:09 AM

Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)

Kaspersky Online Scanner version: 5.0.98.0

Kaspersky Anti-Virus database last update: 17/01/2008

Kaspersky Anti-Virus database records: 513742

Scan Settings

Scan using the following antivirus database extended

Scan Archives true

Scan Mail Bases true

Scan Target My Computer

C:\

D:\

E:\

F:\

G:\

H:\

I:\

J:\

K:\

Scan Statistics

Total number of scanned objects 81444

Number of viruses found 1

Number of infected objects 1

Number of suspicious objects 0

Duration of the scan process 02:22:57

Infected Object Name Virus Name Last Action

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Compaq_Propriétaire\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\BitDefender\BitDefender 2008\as2core\antispam_sig_8472\aspdict.dat Object is locked skipped

C:\Program Files\BitDefender\BitDefender 2008\dbokf.db Object is locked skipped

C:\Program Files\BitDefender\BitDefender 2008\dbokf.db-journal Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\L0000003.FCS Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Compaq Connections\5577497\Users\Default\Data\storydb.idx Object is locked skipped

C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdfirewall.txt Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP31\A0002673.exe Object is locked skipped

C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP34\A0011744.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP34\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{D498CD68-B260-45B4-9FEB-89D5D43B17A1}.crmlog Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{1FB1E3C8-A858-4133-8027-213F984803A9}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped

C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\tmp00004858\tmp00000000 Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

D:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP34\change.log Object is locked skipped

Scan process completed.

BitDefender Log File !!!!!

Product : BitDefender Internet Security 2008

Version : BitDefender UIScanner v.11

Log date : 13:28:52 14/01/2008

Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1200335332_1_02.xml

Scan Paths:Path0000: C:\

Path0001: D:\

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : Yes

Target selection options:Scan registry keys : Yes

Scan cookies : Yes

Scan boot sectors : Yes

Scan memory processes : Yes

Scan archives : Yes

Scan runtime packers : Yes

Scan emails : Yes

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

Target ProcessingDefault action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

Scan engines summaryNumber of virus signatures : 971220

Archive plugins : 41

Email plugins : 6

Scan plugins : 12

Archive plugins : 41

System plugins : 4

Unpack plugins : 7

Overall scan summaryScanned items : 266235

Infected items : 3

Suspicious items : 0

Resolved items : 1

Individual viruses found : 3

Scanned directories : 6362

Scanned boot sectors : 3

Scanned archives : 14898

Input-output errors : 42

Scan time : 00:00:57:30

Files per second : 77

Scanned processes summaryScanned : 34

Infected : 0

Scanned registry keys summaryScanned : 306

Infected : 0

Scanned cookies summaryScanned : 0

Infected : 0

Remaining issues:Object Name Threat Name Final Status

C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP31\A0002673.exe=](NSIS o)=]bzip2_nsis0009=](NSIS g)=]bzip2_nsis0000 Trojan.Zlob.BYP Delete Failed (file was in an archive)

C:\System Volume Information\_restore{5468DB36-2FF3-44DE-B67D-B49088DCAAFF}\RP31\A0002673.exe=](NSIS o)=]bzip2_nsis0000 Trojan.Zlob.BYQ Delete Failed (file was in an archive)

Gof · le 20 janvier 2008

Bonjour Funkytom

Messages: 1

Bienvenue sur les forums de Zebulon.

Quelques liens pour t'aider à commencer :

Les détections révèlent qu'elles sont présentes dans tes points de restauration. Cela ne pose pas de soucis tant que tu ne restaures pas.

Constates tu des disfonctionnements sinon sur ton pc ? Si tout va bien, pour supprimer ces détections, suis la manipulation suivante (sinon ignore ces consignes et rapporte moi ce qui ne va pas).

Je te fais désactiver et réactiver ta restauration système de sorte d'effacer tous tes anciens points de restauration. Suis la manipulation indiquée :

Ne t'inquiète pas, en la réactivant, Windows recréera automatiquement un point de restauration qui sera, lui, propre. Procède comme ceci :

-clic droit sur Poste de travail / Propriétés / onglet Système de restauration
- coche la case "Désactiver le système de restauration..."

- clique sur "Appliquer" puis "oui"

- - redémarre, reviens sur ce panneau

- décoche la case "Désactiver le système de restauration..." pour remettre les choses en place.

- clique sur "Appliquer" puis "Ok"

Pour une aide visuelle, tu peux consulter ce lien de Bruce lee.

A bientôt.

Funkytom · le 30 janvier 2008

Ma restauration systeme etais deja desactivée (je savais meme pas) alors je l ai reactivée.

C est moin pire mais mon pc rame toujours un peu des fois, un processus svchost monte des fois jusqua 20-30 Mo ainsi que vsserv qui monte vers 45-50 Mo mais c est intermittent.

Gof · le 31 janvier 2008

Bonjour Funkytom

Assure toi que ton service Client DNS soit bien arrêté et désactivé. Clique sur ton menu démarrer > exécuter

Tape services.msc et cliquez sur ok
Dans la fenêtre de droite, trouver le service "Client DNS"
Fais un cic droit dessus et sélectionne "Propriétés"
Si le service est démarré, arrête le.
Dans "type de démarrage", clique sur le menu déroulant et sélectionne "désactivé"

Le processus vsserv est lié à BitDefender. Tu ne sembles pas infecté, mais veux tu que l'on fouille un peu pour voir ?

Connexion

Pas encore inscrit ?

Trojan.zlob.byp etc...

Messages recommandés

Funkytom

Gof

Funkytom

Gof

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer