PBM LOGICIEL MALVEILLANT : rootkit-gen

Apollo · le 20 janvier 2010

Bonsoir,

En vitesse, pas trop le temps ce soir

Vérifie que ta version est bien la 9.0.0.74 et si ce n'est pas le cas, installe la dernière:

http://dlce.antivir.com/package/wks_avira/...personal_fr.exe

Si tu avais des problèmes qui perdurent avec antivir, demande-le leur sur leur forum; ils auront bien une explication à te fournir (je n'utilise pas antivir donc je ne le connais pas plus que ça)

http://forum.avira.com/wbb/index.php?page=...amp;boardID=135

@++

PETITEVAGUEDU35 · le 24 janvier 2010

Bonjour, je te poste mon rapport sur antivir, très tardif car j'ai eu beaucoup de mal à télécharger une version et ses mises à jour.

Avira AntiVir Personal

Report file date: vendredi 22 janvier 2010 17:41

Scanning for 1628133 virus strains and unwanted programs.

Licensee : Avira AntiVir Personal - FREE Antivirus

Serial number : 0000149996-ADJIE-0000001

Platform : Windows XP

Windows version : (Service Pack 3) [5.1.2600]

Boot mode : Normally booted

Username : SYSTEM

Computer name : ACER-38A46E2ACC

Version information:

BUILD.DAT : 9.0.0.415 21609 Bytes 08/11/2009 10:00:00

AVSCAN.EXE : 9.0.3.10 466689 Bytes 13/10/2009 10:26:34

AVSCAN.DLL : 9.0.3.0 40705 Bytes 27/02/2009 09:58:26

LUKE.DLL : 9.0.3.2 209665 Bytes 20/02/2009 10:35:50

LUKERES.DLL : 9.0.2.0 12033 Bytes 27/02/2009 09:58:54

VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 06:35:52

VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 17:05:36

VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 17:07:26

VBASE003.VDF : 7.10.3.2 2048 Bytes 20/01/2010 17:07:26

VBASE004.VDF : 7.10.3.3 2048 Bytes 20/01/2010 17:07:26

VBASE005.VDF : 7.10.3.4 2048 Bytes 20/01/2010 17:07:26

VBASE006.VDF : 7.10.3.5 2048 Bytes 20/01/2010 17:07:26

VBASE007.VDF : 7.10.3.6 2048 Bytes 20/01/2010 17:07:26

VBASE008.VDF : 7.10.3.7 2048 Bytes 20/01/2010 17:07:26

VBASE009.VDF : 7.10.3.8 2048 Bytes 20/01/2010 17:07:28

VBASE010.VDF : 7.10.3.9 2048 Bytes 20/01/2010 17:07:28

VBASE011.VDF : 7.10.3.10 2048 Bytes 20/01/2010 17:07:28

VBASE012.VDF : 7.10.3.11 2048 Bytes 20/01/2010 17:07:28

VBASE013.VDF : 7.10.3.12 2048 Bytes 20/01/2010 17:07:28

VBASE014.VDF : 7.10.3.13 2048 Bytes 20/01/2010 17:07:28

VBASE015.VDF : 7.10.3.14 2048 Bytes 20/01/2010 17:07:28

VBASE016.VDF : 7.10.3.15 2048 Bytes 20/01/2010 17:07:28

VBASE017.VDF : 7.10.3.16 2048 Bytes 20/01/2010 17:07:30

VBASE018.VDF : 7.10.3.17 2048 Bytes 20/01/2010 17:07:30

VBASE019.VDF : 7.10.3.18 2048 Bytes 20/01/2010 17:07:34

VBASE020.VDF : 7.10.3.19 2048 Bytes 20/01/2010 17:07:34

VBASE021.VDF : 7.10.3.20 2048 Bytes 20/01/2010 17:07:34

VBASE022.VDF : 7.10.3.21 2048 Bytes 20/01/2010 17:07:34

VBASE023.VDF : 7.10.3.22 2048 Bytes 20/01/2010 17:07:34

VBASE024.VDF : 7.10.3.23 2048 Bytes 20/01/2010 17:07:34

VBASE025.VDF : 7.10.3.24 2048 Bytes 20/01/2010 17:07:36

VBASE026.VDF : 7.10.3.25 2048 Bytes 20/01/2010 17:07:36

VBASE027.VDF : 7.10.3.26 2048 Bytes 20/01/2010 17:07:36

VBASE028.VDF : 7.10.3.27 2048 Bytes 20/01/2010 17:07:36

VBASE029.VDF : 7.10.3.28 2048 Bytes 20/01/2010 17:07:36

VBASE030.VDF : 7.10.3.29 2048 Bytes 20/01/2010 17:07:38

VBASE031.VDF : 7.10.3.37 119296 Bytes 21/01/2010 17:07:42

Engineversion : 8.2.1.146

AEVDF.DLL : 8.1.1.2 106867 Bytes 08/11/2009 06:38:52

AESCRIPT.DLL : 8.1.3.9 659834 Bytes 21/01/2010 17:09:00

AESCN.DLL : 8.1.3.1 127348 Bytes 21/01/2010 17:08:50

AESBX.DLL : 8.1.1.1 246132 Bytes 08/11/2009 06:38:44

AERDL.DLL : 8.1.3.4 479605 Bytes 21/01/2010 17:08:48

AEPACK.DLL : 8.2.0.5 422262 Bytes 21/01/2010 17:08:42

AEOFFICE.DLL : 8.1.0.38 196987 Bytes 08/11/2009 06:38:38

AEHEUR.DLL : 8.1.0.195 2232695 Bytes 21/01/2010 17:08:32

AEHELP.DLL : 8.1.10.0 237942 Bytes 21/01/2010 17:07:58

AEGEN.DLL : 8.1.1.83 369014 Bytes 21/01/2010 17:07:56

AEEMU.DLL : 8.1.1.0 393587 Bytes 08/11/2009 06:38:26

AECORE.DLL : 8.1.9.5 184693 Bytes 21/01/2010 17:07:46

AEBB.DLL : 8.1.0.3 53618 Bytes 08/11/2009 06:38:20

AVWINLL.DLL : 9.0.0.3 18177 Bytes 12/12/2008 07:48:00

AVPREF.DLL : 9.0.3.0 44289 Bytes 26/08/2009 14:14:04

AVREP.DLL : 8.0.0.3 155905 Bytes 20/01/2009 13:34:30

AVREG.DLL : 9.0.0.0 36609 Bytes 05/12/2008 09:32:10

AVARKT.DLL : 9.0.0.3 292609 Bytes 24/03/2009 14:05:42

AVEVTLOG.DLL : 9.0.0.7 167169 Bytes 30/01/2009 09:37:10

SQLITE3.DLL : 3.6.1.0 326401 Bytes 28/01/2009 14:03:50

SMTPLIB.DLL : 9.2.0.25 28417 Bytes 02/02/2009 07:21:34

NETNT.DLL : 9.0.0.0 11521 Bytes 05/12/2008 09:32:12

RCIMAGE.DLL : 9.0.0.25 2438913 Bytes 15/05/2009 14:40:00

RCTEXT.DLL : 9.0.73.0 86785 Bytes 13/10/2009 11:25:48

Configuration settings for the scan:

Jobname.............................: Complete system scan

Configuration file..................: c:\program files\avira\antivir desktop\sysscan.avp

Logging.............................: low

Primary action......................: interactive

Secondary action....................: ignore

Scan master boot sector.............: on

Scan boot sector....................: on

Boot sectors........................: C:, D:,

Process scan........................: on

Scan registry.......................: on

Search for rootkits.................: on

Integrity checking of system files..: off

Scan all files......................: All files

Scan archives.......................: on

Recursion depth.....................: 20

Smart extensions....................: on

Macro heuristic.....................: on

File heuristic......................: medium

Start of the scan: vendredi 22 janvier 2010 17:41

Starting search for hidden objects.

'53525' objects were checked, '0' hidden objects were found.

The scan of running processes will be started

Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'Monitor.exe' - '1' Module(s) have been scanned

Scan process 'WUAUCLT.EXE' - '1' Module(s) have been scanned

Scan process 'BS-WG-USB.exe' - '1' Module(s) have been scanned

Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned

Scan process 'Launcher.exe' - '1' Module(s) have been scanned

Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'JUSCHED.EXE' - '1' Module(s) have been scanned

Scan process 'QTTask.exe' - '1' Module(s) have been scanned

Scan process 'shwicon2k.exe' - '1' Module(s) have been scanned

Scan process 'QtZgAcer.EXE' - '1' Module(s) have been scanned

Scan process 'EPM-DM.EXE' - '1' Module(s) have been scanned

Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned

Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned

Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned

Scan process 'SynTPLpr.exe' - '1' Module(s) have been scanned

Scan process 'HKCMD.EXE' - '1' Module(s) have been scanned

Scan process 'IGFXTRAY.EXE' - '1' Module(s) have been scanned

Scan process 'Explorer.EXE' - '1' Module(s) have been scanned

Scan process 'update.exe' - '1' Module(s) have been scanned

Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'WMIAPSRV.EXE' - '1' Module(s) have been scanned

Scan process 'WUAUCLT.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'HDPBSSS.EXE' - '1' Module(s) have been scanned

Scan process 'JQS.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'anbmServ.exe' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned

Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned

Scan process 'LSASS.EXE' - '1' Module(s) have been scanned

Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned

Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned

Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned

Scan process 'SMSS.EXE' - '1' Module(s) have been scanned

47 processes with 47 modules were scanned

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

Master boot sector HD2

[iNFO] No virus was found!

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

Starting to scan executable files (registry).

The registry was scanned ( '77' files ).

Starting the file scan:

Begin scan in 'C:\' <ACER>

C:\hiberfil.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\pagefile.sys

[WARNING] The file could not be opened!

[NOTE] This file is a Windows system file.

[NOTE] This file cannot be opened for scanning.

C:\Program Files\idcef.html

[DETECTION] Is the TR/Banker.Lcc.1 Trojan

C:\Program Files\idbb.html

[DETECTION] Is the TR/Banker.LCC Trojan

C:\Program Files\idreal.html

[DETECTION] Is the TR/Banker.Lcc.2 Trojan

C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

C:\System Volume Information\_restore{45BBBFAF-2E74-406D-A62D-5458DC520434}\RP820\A0218874.exe

[DETECTION] Is the TR/Trash.Gen Trojan

C:\System Volume Information\_restore{45BBBFAF-2E74-406D-A62D-5458DC520434}\RP820\A0218875.dll

[DETECTION] Contains recognition pattern of the ADSPY/SaveNow.AZ adware or spyware

Begin scan in 'D:\' <ACERDATA>

Beginning disinfection:

C:\Program Files\idcef.html

[DETECTION] Is the TR/Banker.Lcc.1 Trojan

[NOTE] The file was moved to '4bbcdf4f.qua'!

C:\Program Files\idbb.html

[DETECTION] Is the TR/Banker.LCC Trojan

[NOTE] The file was moved to '4bbbdf4f.qua'!

C:\Program Files\idreal.html

[DETECTION] Is the TR/Banker.Lcc.2 Trojan

[NOTE] The file was moved to '4bcbdf4f.qua'!

C:\Program Files\Messenger Plus! Live\Scripts\SendTo\_sendfile.exe

[DETECTION] Is the TR/Crypt.CFI.Gen Trojan

[NOTE] The file was moved to '4bbedf5e.qua'!

C:\System Volume Information\_restore{45BBBFAF-2E74-406D-A62D-5458DC520434}\RP820\A0218874.exe

[DETECTION] Is the TR/Trash.Gen Trojan

[NOTE] The file was moved to '4b8bdf1b.qua'!

C:\System Volume Information\_restore{45BBBFAF-2E74-406D-A62D-5458DC520434}\RP820\A0218875.dll

[DETECTION] Contains recognition pattern of the ADSPY/SaveNow.AZ adware or spyware

[NOTE] The file was moved to '4fd37514.qua'!

End of the scan: vendredi 22 janvier 2010 18:22

Used time: 36:02 Minute(s)

The scan has been done completely.

7584 Scanned directories

237312 Files were scanned

6 Viruses and/or unwanted programs were found

0 Files were classified as suspicious

0 files were deleted

0 Viruses and unwanted programs were repaired

6 Files were moved to quarantine

0 Files were renamed

2 Files cannot be scanned

237304 Files not concerned

6832 Archives were scanned

2 Warnings

8 Notes

53525 Objects were scanned with rootkit scan

0 Hidden objects were found

Voilà! il y en avait encore!

En tout cas, je te remercie car sans ton aide, je n'aurais pas pu me dépatouiller toute seule...

Apollo · le 24 janvier 2010

Bonsoir,

Installe Explorer 8 , beaucoup plus sécurisé qu'IE6 ou IE7, même si Firefox ou un autre navigateur est utilisé.

Après installation d'IE8:

Pour éviter des problèmes de compatibilité de certains sites web avec IE8, cliquer sur "Page" (ou outils) au-dessus de la page web puis sur Paramètres d'affichage de compatibilité.

Cocher la case "Afficher tous les sites web dans Affichage de compatibilité". Fermer.

-->> Fais ces quelques vérifications de sécurité stp.

---------------------------

Désactiver la Restauration Système.

Démarrer/Tous les programmes/Accessoires/Outils Système/

Cliquer sur Restauration Système.

Cliquer sur "Paramètres de la restauration du système; cocher la case: "Désactiver la Restauration du système sur tous les lecteurs"

Appliquer/OK.

Pour réactiver la Restauration système, suivre le même chemin et décocher la case. Appliquer/OK.

---------------------------------------

Pour désinstaller les outils utilisés:

Télécharger ToolsCleaner! pour enlever les programmes utilisés pendant la procédure.

http://pc-system.fr/TC/ToolsCleaner2.exe

* Enregistrer ToolsCleaner2.exe sur le Bureau.

Sous Vista,Clic-droit > Exécuter en tant qu' Administrateur

* Double-cliquer dessus, puis cliquer sur Recherche --> Le programme va chercher les utilitaires installés

------> Il se peut que la fenêtre devienne blanche pendant le scan, c'est normal !

* Copier-coller le contenu du rapport qui apparait dans la fenêtre blanche.

Lorsque la recherche est terminée ToolsCleaner affiche une liste des différents outils trouvés, cliquez sur "Suppression" afin de les supprimer.

Fermez le programme en cliquant sur "Quitter ".

Postez le rapport qui se trouve ici >>> C:\TCleaner.txt

Options facultatives

A utiliser si vous le souhaitez :

Création d'un nouveau point de restauration (conseillé)

Vidage de la corbeille

Nettoyage de vos fichiers temporaires

Mettre ToolsCleaner2 à la corbeille.

Voilou, tout va bien maintenant?

@++

PETITEVAGUEDU35 · le 25 janvier 2010

bonjour, voici le rapport de ToolsCleaner2:

[ Rapport ToolsCleaner version 2.3.11 (par A.Rothstein & dj QUIOU) ]

--> Recherche:

C:\cleannavi.txt: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !

C:\Documents and Settings\adeline\Bureau\HijackThis.lnk: trouvé !

C:\Program Files\Navilog1: trouvé !

C:\Program Files\Trend Micro\HijackThis: trouvé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: trouvé !

C:\Program Files\Navilog1\Navilog1.bat: trouvé !

---------------------------------

--> Suppression:

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !

C:\Documents and Settings\adeline\Bureau\HijackThis.lnk: supprimé !

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !

C:\Program Files\Navilog1\Navilog1.bat: supprimé !

C:\cleannavi.txt: supprimé !

C:\Program Files\Trend Micro\HijackThis\hijackthis.log: supprimé !

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !

C:\Program Files\Navilog1: supprimé !

C:\Program Files\Trend Micro\HijackThis: supprimé !

Point de restauration crée !

Corbeille vidée!

Fichiers temporaires nettoyés !

Sinon, concernant le reste, il y a toujours une lenteur au démarrage du pc, une sorte de blocage qui dure quelques minutes , ou l'on ne peux avoir accès aux icones du bureau. Cela se débloque sans que je fasse quoi que ce soit et ensuite, plus de soucis après.

Connexion

Pas encore inscrit ?

PBM LOGICIEL MALVEILLANT : rootkit-gen

Messages recommandés

Apollo

PETITEVAGUEDU35

Apollo

PETITEVAGUEDU35

Rejoindre la conversation

En ligne récemment 0 membre est en ligne

Zebulon

Outils en ligne

Naviguer