Je n' y arrive pas

[PhildeNice63]

Ca y est j'ai Antivir via un autre lien...

 

Je fais les 2 rapports et te les transmet aussitôt

 

A+

Amicalement

[PhildeNice63]

Salut Desh,

 

Voila le premier rapport d'Antivir :

 

-----------------------------Quote--------------------------------------------

 

 

 

AntiVir PersonalEdition Classic

Report file date: jeudi 5 juin 2008 21:08

 

Scanning for 835736 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows Vista

Windows version: (plain) [6.0.6000]

Username: Philippe

Computer name: PC-DE-PHILIPPE

 

Version information:

BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 13:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 13:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 16:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42

RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Hard Disks

Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: jeudi 5 juin 2008 21:08

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'VSSVC.exe' - '1' Module(s) have been scanned

Scan process 'sdclt.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'hpqste08.exe' - '1' Module(s) have been scanned

Scan process 'skypePM.exe' - '1' Module(s) have been scanned

Scan process 'HpqToaster.exe' - '1' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned

Scan process 'ehmsas.exe' - '1' Module(s) have been scanned

Scan process 'unsecapp.exe' - '1' Module(s) have been scanned

Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'WkCalRem.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned

Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned

Scan process 'BTTray.exe' - '1' Module(s) have been scanned

Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned

Scan process 'ehtray.exe' - '1' Module(s) have been scanned

Scan process 'Skype.exe' - '1' Module(s) have been scanned

Scan process 'pctsTray.exe' - '1' Module(s) have been scanned

Scan process 'OpWareSE4.exe' - '1' Module(s) have been scanned

Scan process 'wuauclt.exe' - '1' Module(s) have been scanned

Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned

Scan process 'GoogleDesktop.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'rundll32.exe' - '1' Module(s) have been scanned

Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned

Scan process 'WiFiMsg.exe' - '1' Module(s) have been scanned

Scan process 'HPWAMain.exe' - '1' Module(s) have been scanned

Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned

Scan process 'QPService.exe' - '1' Module(s) have been scanned

Scan process 'IAAnotif.exe' - '1' Module(s) have been scanned

Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'sm56hlpr.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'dwm.exe' - '1' Module(s) have been scanned

Scan process 'asghost.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'usnsvc.exe' - '1' Module(s) have been scanned

Scan process 'HPHC_Service.exe' - '1' Module(s) have been scanned

Scan process 'iPodService.exe' - '1' Module(s) have been scanned

Scan process 'WmiPrvSE.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'taskeng.exe' - '1' Module(s) have been scanned

Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned

Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned

Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned

Scan process 'IAANTmon.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SLsvc.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'audiodg.exe' - '0' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsm.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'wininit.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

90 processes with 90 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '32' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\'

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Users\Edouard\Desktop\Preparation-Messenger-Clubic.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was moved to '48ad3f9b.qua'!

Begin scan in 'D:\' <HP_RECOVERY>

 

 

End of the scan: jeudi 5 juin 2008 21:53

Used time: 45:20 min

 

The scan has been done completely.

 

16230 Scanning directories

359816 Files were scanned

0 viruses and/or unwanted programs were found

1 Files were classified as suspicious:

0 files were deleted

0 files were repaired

1 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

359816 Files not concerned

2583 Archives were scanned

3 Warnings

13 Notes

 

-------------------------------------------------------------Unquote------------------------------------------

 

je prépare le suivant avec Avast AS et le transmet.

 

Cordialement

[PhildeNice63]

Rebonsoir Desh,

 

J'ai fait un scan complet avec AVG AS en mode sans echec. Malheureusement je n'avais pas coché l'option faire un rapport à chaque scan donc je n'ai rien d'écrit aprés 45mn d'attente. Le message final a été "Ordinateur clair" ou quelque chose d'approchant.

Il est tard et je recommencerai demain matin avec demande d'un rapport à chaque scan.

 

Bonne soirée A+

Amicalement

 

NB pour ma culture personnelle pourquoi passer en mode sans échec pour faire ce type de scan ?

[Loup blanc]

Bonsoir PhildeNice,

 

Si AVG n'a rien trouvé, inutile de refaire le scan juste pour le rapport.

 

En mode sans échec certains malwares ne sont pas actifs, ils sont donc plus facile à détecter et à virer.

 

 

Finalement tu t'en tires bien, à part le fichier suspect détecté par Antivir sur ton bureau tu n'as rien récolté de méchant en restant sans antivirus.

 

Est-ce que tu sais à quoi correspond ce fichier detecté : Preparation-Messenger-Clubic.exe ?

J'ai beau avoir recherché, je n'ai pas trouvé d'info sur celui-ci.

 

 

Pour ton Infection Magic Control, elle arrive avec l'installation d'un de ces logiciels :

go-astro

GoRecord

HotTVPlayer

MailSkinner

Messenger Skinner

Instant Access

InternetGameBox

Officiale Emule (Version d'Emule modifiée)

Sudoplanet

Webmediaplayer

Et sur le site games-desktop.com

 

Dans ton cas, c'est Sudoplanet qui t'a infecté.

 

Pour éviter ce genre de surprise, n'hésite pas à faire une recherche avant d'installer un logiciel, on trouve facilement des infos sur ceux qui posent des problèmes.

 

Peux-tu aussi prendre un moment pour faire ceci:

J'emprunte son texte à Thanos (je l'ai adapté à ton cas)

Rapporte ton infection pour faire condamner les auteurs sur Malware-Complaints. Pour faire entendre notre voix, nous devons être le plus nombreux possibles, alors n'hésite pas :

- Voir les règles de Malware-Complaints

- Enregistre toi sur le forum à partir du bouton register en haut :

Si tu as plus de 13 ans, choisir : I Agree to these terms and am over or exactly 13 years of age

Si tu as moins, clic sur : I Agree to these terms and am under 13 years of age

 

Après t'être enregistré, tu as sous forme de liste les types d'infection (Look2Me, Smitfraud, SpywareQuake etc..) : http://www.malwarecomplaints.info/viewforu...e115fda8cee41a4

 

Pour toi il s'agit de NaviPromo / Magic.Control / EgdAccess

 

Pour poster un message, clique sur le bouton "post reply" (en bas à gauche) et complête les informations.

 

Si tu as des questions ou des problèmes, n'hésite pas à me demander ici ou à contacter un des modérateurs du forum : Kimberly, AgnesD ou ipl_001.

 

ps: n'hésite pas à témoigner sur Malware Complaints , ca fera réagir les dirigeants et permettra de rendre la toile plus sûre.

Modifié le 5 juin 2008 par Desch

[PhildeNice63]

Bonjour Desh,

 

Merci pour ton aide.

 

Je vais comme tu me l'as demandé témoigner sur Malware complaint.

 

En ce qui concerne Preparation-Messenger-Clubic.exe je pense qu'il s'agit

d'un petit programme installé par un de mes fils pour résoudre

tous les cas de figures des "Rubik's cub".

 

Bien que ce ne soit pas de sa génération en fouillant le grenier il en a trouvé

un ancien et pour le résoudre a installé un petit logiciel trouvé je ne sais pas ou

 

Encore un grand merci pour l'aide, efficace et sereine, apportée.

 

A bientôt bien que je ne sois pas pressé d'attraper d'autres bestioles indésirables

mais je reviendrai peut être car j'aimerai booster un peu ce PC portable qui a 6 mois

et qui me parait de plus en plus lent.

 

Bien amicalement

[Loup blanc]

Bonjour PhildeNice,

 

Merci pour ta contribution à la lutte contre les Malwares

 

Bonne journée.