Aller au contenu

  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

Analyse de rapport HijackThis

coqempate
 Partager

Messages recommandés

coqempate Member

coqempate

Posté(e)
  • Auteur
Posté(e)

voici le rapport d'antivir Qu'en penses tu?

 

 

 

Avira AntiVir Personal

Report file date: dimanche 18 mai 2008 20:28

 

Scanning for 1266589 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: Dominique

Computer name: TITANIUM

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 30/04/2008 23:58:23

AVSCAN.DLL : 8.1.1.0 53505 Bytes 30/04/2008 23:58:23

LUKE.DLL : 8.1.2.9 151809 Bytes 30/04/2008 23:58:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 30/04/2008 23:58:23

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:26:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:14:42

ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 21:36:03

ANTIVIR3.VDF : 7.0.4.39 197120 Bytes 14/05/2008 21:36:04

Engineversion : 8.1.0.42

AEVDF.DLL : 8.1.0.5 102772 Bytes 30/04/2008 23:58:23

AESCRIPT.DLL : 8.1.0.31 262522 Bytes 14/05/2008 21:36:12

AESCN.DLL : 8.1.0.16 119156 Bytes 14/05/2008 21:36:11

AERDL.DLL : 8.1.0.20 418165 Bytes 30/04/2008 23:58:23

AEPACK.DLL : 8.1.1.4 364918 Bytes 30/04/2008 23:58:23

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 30/04/2008 23:58:23

AEHEUR.DLL : 8.1.0.26 1237366 Bytes 14/05/2008 21:36:10

AEHELP.DLL : 8.1.0.14 115063 Bytes 30/04/2008 23:58:23

AEGEN.DLL : 8.1.0.20 299380 Bytes 14/05/2008 21:36:07

AEEMU.DLL : 8.1.0.6 430451 Bytes 14/05/2008 21:36:06

AECORE.DLL : 8.1.0.28 168310 Bytes 14/05/2008 21:36:05

AVWINLL.DLL : 1.0.0.7 14593 Bytes 30/04/2008 23:58:23

AVPREF.DLL : 8.0.0.1 25857 Bytes 30/04/2008 23:58:23

AVREP.DLL : 7.0.0.1 155688 Bytes 01/05/2007 10:07:44

AVREG.DLL : 8.0.0.0 30977 Bytes 30/04/2008 23:58:23

AVARKT.DLL : 1.0.0.23 307457 Bytes 30/04/2008 23:58:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 30/04/2008 23:58:23

SQLITE3.DLL : 3.3.17.1 339968 Bytes 30/04/2008 23:58:23

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 30/04/2008 23:58:23

NETNT.DLL : 8.0.0.1 7937 Bytes 30/04/2008 23:58:23

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 30/04/2008 23:58:19

RCTEXT.DLL : 8.0.32.0 86273 Bytes 30/04/2008 23:58:19

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: H:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: H:, I:, C:, E:, F:, G:, J:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: dimanche 18 mai 2008 20:28

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned

Scan process 'SetPoint.exe' - '1' Module(s) have been scanned

Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned

Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned

Scan process 'pctsTray.exe' - '1' Module(s) have been scanned

Scan process 'reader_sl.exe' - '1' Module(s) have been scanned

Scan process 'vVX1000.exe' - '1' Module(s) have been scanned

Scan process 'E_FATIAHE.EXE' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned

Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'WgaTray.exe' - '1' Module(s) have been scanned

Scan process 'pctsTray.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned

Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned

Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned

Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'symlcsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

40 processes with 40 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD5

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'H:\'

[iNFO] No virus was found!

Boot sector 'I:\'

[iNFO] No virus was found!

Boot sector 'C:\'

[iNFO] In the drive 'C:\' no data medium is inserted!

Boot sector 'E:\'

[iNFO] In the drive 'E:\' no data medium is inserted!

Boot sector 'F:\'

[iNFO] In the drive 'F:\' no data medium is inserted!

Boot sector 'G:\'

[iNFO] In the drive 'G:\' no data medium is inserted!

Boot sector 'J:\'

[iNFO] In the drive 'J:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '37' files ).

 

 

Starting the file scan:

 

Begin scan in 'H:\'

H:\pagefile.sys

[WARNING] The file could not be opened!

H:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcrst.dll

[WARNING] The file could not be opened!

H:\WINDOWS\Temp\tmp13D.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a08148.qua'!

H:\WINDOWS\Temp\tmp154.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a0814b.qua'!

H:\WINDOWS\Temp\tmp199.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a0814c.qua'!

H:\WINDOWS\Temp\tmp1B.VIR

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a0814e.qua'!

H:\WINDOWS\Temp\tmp2C0.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a08152.qua'!

H:\WINDOWS\Temp\tmp2DC.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a08154.qua'!

H:\WINDOWS\Temp\tmp37C.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a08155.qua'!

H:\WINDOWS\Temp\tmp5E.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a08157.qua'!

H:\WINDOWS\Temp\tmp970.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a08159.qua'!

H:\WINDOWS\Temp\tmpCA.tmp

[DETECTION] Is the Trojan horse TR/Drop.Zlob.JT.2

[NOTE] The file was moved to '48a0815a.qua'!

Begin scan in 'I:\' <Multimédia>

Begin scan in 'C:\'

Search path C:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'F:\'

Search path F:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'G:\'

Search path G:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'J:\'

Search path J:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'D:\'

Search path D:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: dimanche 18 mai 2008 21:22

Used time: 53:56 min

 

The scan has been done completely.

 

7874 Scanning directories

204761 Files were scanned

10 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

10 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

204751 Files not concerned

5184 Archives were scanned

7 Warnings

10 Notes

Lien vers le commentaire
Partager sur d’autres sites

Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Antivir semble avoir fait son travail en mettant en quarantaine les fichiers infectés.

 

Pour ce qui est des fichiers verrouillés, le premier (pagefile.sys) est le fichier de swap de windows et il est normal qu'il soit verrouillé.

L'autre appartient à Norton, et doit avoir été supprimé avec l'utilisation de l'outil de désinstallation,

 

Par contre je vois que la recherche de Rootkit n'est pas activer dans les options du scanner, tu devrais la cocher.

Lien vers le commentaire
Partager sur d’autres sites
coqempate Member

coqempate

Posté(e)
  • Auteur
Posté(e)

voici le rapport fait en mode sans echec

 

 

 

Avira AntiVir Personal

Report file date: dimanche 18 mai 2008 21:58

 

Scanning for 1266589 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Save mode

Username: Dominique

Computer name: TITANIUM

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 30/04/2008 23:58:23

AVSCAN.DLL : 8.1.1.0 53505 Bytes 30/04/2008 23:58:23

LUKE.DLL : 8.1.2.9 151809 Bytes 30/04/2008 23:58:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 30/04/2008 23:58:23

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 22:26:15

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 17:14:42

ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 21:36:03

ANTIVIR3.VDF : 7.0.4.39 197120 Bytes 14/05/2008 21:36:04

Engineversion : 8.1.0.42

AEVDF.DLL : 8.1.0.5 102772 Bytes 30/04/2008 23:58:23

AESCRIPT.DLL : 8.1.0.31 262522 Bytes 14/05/2008 21:36:12

AESCN.DLL : 8.1.0.16 119156 Bytes 14/05/2008 21:36:11

AERDL.DLL : 8.1.0.20 418165 Bytes 30/04/2008 23:58:23

AEPACK.DLL : 8.1.1.4 364918 Bytes 30/04/2008 23:58:23

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 30/04/2008 23:58:23

AEHEUR.DLL : 8.1.0.26 1237366 Bytes 14/05/2008 21:36:10

AEHELP.DLL : 8.1.0.14 115063 Bytes 30/04/2008 23:58:23

AEGEN.DLL : 8.1.0.20 299380 Bytes 14/05/2008 21:36:07

AEEMU.DLL : 8.1.0.6 430451 Bytes 14/05/2008 21:36:06

AECORE.DLL : 8.1.0.28 168310 Bytes 14/05/2008 21:36:05

AVWINLL.DLL : 1.0.0.7 14593 Bytes 30/04/2008 23:58:23

AVPREF.DLL : 8.0.0.1 25857 Bytes 30/04/2008 23:58:23

AVREP.DLL : 7.0.0.1 155688 Bytes 01/05/2007 10:07:44

AVREG.DLL : 8.0.0.0 30977 Bytes 30/04/2008 23:58:23

AVARKT.DLL : 1.0.0.23 307457 Bytes 30/04/2008 23:58:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 30/04/2008 23:58:23

SQLITE3.DLL : 3.3.17.1 339968 Bytes 30/04/2008 23:58:23

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 30/04/2008 23:58:23

NETNT.DLL : 8.0.0.1 7937 Bytes 30/04/2008 23:58:23

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 30/04/2008 23:58:19

RCTEXT.DLL : 8.0.32.0 86273 Bytes 30/04/2008 23:58:19

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: H:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: H:, I:, C:, E:, F:, G:, J:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: All files

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache,

Macro heuristic..................: on

File heuristic...................: medium

Deviating risk categories........: +GAME,+JOKE,+PCK,+SPR,

 

Start of the scan: dimanche 18 mai 2008 21:58

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'pctsTray.exe' - '1' Module(s) have been scanned

Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned

Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

13 processes with 13 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD5

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'H:\'

[iNFO] No virus was found!

Boot sector 'I:\'

[iNFO] No virus was found!

Boot sector 'C:\'

[iNFO] In the drive 'C:\' no data medium is inserted!

Boot sector 'E:\'

[iNFO] In the drive 'E:\' no data medium is inserted!

Boot sector 'F:\'

[iNFO] In the drive 'F:\' no data medium is inserted!

Boot sector 'G:\'

[iNFO] In the drive 'G:\' no data medium is inserted!

Boot sector 'J:\'

[iNFO] In the drive 'J:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '37' files ).

 

 

Starting the file scan:

 

Begin scan in 'H:\'

H:\pagefile.sys

[WARNING] The file could not be opened!

Begin scan in 'I:\' <Multimédia>

Begin scan in 'C:\'

Search path C:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'E:\'

Search path E:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'F:\'

Search path F:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'G:\'

Search path G:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'J:\'

Search path J:\ could not be opened!

Le périphérique n'est pas prêt.

 

Begin scan in 'D:\'

Search path D:\ could not be opened!

Le périphérique n'est pas prêt.

 

 

 

End of the scan: dimanche 18 mai 2008 22:44

Used time: 45:43 min

 

The scan has been done completely.

 

7873 Scanning directories

204779 Files were scanned

0 viruses and/or unwanted programs were found

0 Files were classified as suspicious:

0 files were deleted

0 files were repaired

0 files were moved to quarantine

0 files were renamed

1 Files cannot be scanned

204779 Files not concerned

5183 Archives were scanned

6 Warnings

0 Notes

 

 

Qu'en penses tu??

 

 

Merci j'ai selectionner la recherche de rootkit dans la configuration du scan

 

mais lorque je demarre l'ordi j'ai ce message d'erreur qui apparait, peut être lié à spyware doctor peux tu ?m'aider?

Lien vers le commentaire
Partager sur d’autres sites
Loup blanc Godlike Member

Loup blanc

Posté(e)
Posté(e)

Bonjour,

Pour le message d'erreur, il est effectivement lié à Spyware doctor, il devrait se règler en le réinstallant.

 

Pour le log de Antivir, la seule chose bizarre, c'est qu'aucune des partitions autre que la H ne soit accessible, est-ce que tu sais a quoi correspond la partition C:\, celle-ci au moins devrait être accessible.

Peux-tu faire une capture du gestionnaire de disques (clic droit sur l'icone du poste de travail, puis "gérer", "Gestion des disques") ?

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous pouvez publier maintenant et vous inscrire plus tard. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

×
 Partager
Aller sur la liste des sujets

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...