Téléchargement
illégal
Posez votre question Signaler

Attaque virus

pasterma 106Messages postés 6 août 2008Date d'inscription 2 avril 2011Dernière intervention - Dernière réponse le 3 sept. 2008 à 22:51
Bonjour,
je viens de me faire attaquer par une serie de virus alors que mon rapport hijack precedent était parfait.
pourriez vous jeter un coup d'oeil s'il vous plait.
voici le rapport avira antivirus. qu'en pensez vous??
je vous transmet le rapport malwarebytes et hijack des que possible.
de plus je n'ai plus de fond d'ecran et lorsque je fais un clic droit sur le bureau je n'ai plus l'onglet bureau
est ce grave???
Lire la suite 

Attaque virus »

7 réponses
Réponse
+0
moins plus
amd64 5271Messages postés 17 juillet 2007Date d'inscription 1 février 2012Dernière intervention 3 sept. 2008 à 22:34
tu as l'ere bien infecter.
dans l'attente des raports.

 Ajouter un commentaire
pasterma - 3 sept. 2008 à 22:40
Bonsoir.

merci de ton arrivée aussi rapide.

je viens de poster le rapport d' avira. 5 virus.

le scan de malwarebytes est en cours je le poste des que fini.

merci amd64
Ajouter un commentaire
Réponse
+0
moins plus
pasterma 106Messages postés 6 août 2008Date d'inscription 2 avril 2011Dernière intervention 3 sept. 2008 à 22:36
oupsss j'ai oublié le rapport. pardon



Avira AntiVir Personal
Report file date: mercredi 3 septembre 2008 22:03

Scanning for 1596463 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: JEAN-2929T4VP5R

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.94 2998784 Bytes 31/08/2008 18:53:20
ANTIVIR3.VDF : 7.0.6.111 154112 Bytes 03/09/2008 18:53:14
Engineversion : 8.1.1.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:52
AESCRIPT.DLL : 8.1.0.70 319866 Bytes 03/09/2008 18:53:22
AESCN.DLL : 8.1.0.23 119156 Bytes 16/08/2008 21:20:00
AERDL.DLL : 8.1.1.1 397683 Bytes 03/09/2008 18:53:20
AEPACK.DLL : 8.1.2.1 364917 Bytes 16/08/2008 21:20:00
AEOFFICE.DLL : 8.1.0.23 196987 Bytes 03/09/2008 18:53:18
AEHEUR.DLL : 8.1.0.51 1397111 Bytes 03/09/2008 18:53:18
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:52
AEGEN.DLL : 8.1.0.36 315764 Bytes 19/08/2008 10:56:18
AEEMU.DLL : 8.1.0.7 430452 Bytes 16/08/2008 21:19:54
AECORE.DLL : 8.1.1.11 172406 Bytes 03/09/2008 18:53:16
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 16/08/2008 21:19:52
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 3 septembre 2008 22:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WUAUCLT.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'lphcecej0egac.exe' - '1' Module(s) have been scanned
Scan process 'AVGNT.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'AVGUARD.EXE' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'savedump.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '44' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\phcecej0egac.bmp
[DETECTION] Is the TR/Fakealert.AAF Trojan
[NOTE] The file was moved to '4921ee4a.qua'!
C:\Documents and Settings\jean pierre\Local Settings\Temp\.tt2A.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\jean pierre\Local Settings\Temp\.tt2C.tmp
[DETECTION] Is the TR/FakeScanner.F Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\jean pierre\Local Settings\Temp\.tt1.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\FOUND.000\FILE0001.CHK
[DETECTION] Is the TR/Peed.A.744 Trojan
[NOTE] The file was deleted!
Begin scan in 'D:\'


End of the scan: mercredi 3 septembre 2008 22:24
Used time: 21:41 Minute(s)

The scan has been done completely.

2685 Scanning directories
151660 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
151653 Files not concerned
1515 Archives were scanned
2 Warnings
5 Notes

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
amd64 5271Messages postés 17 juillet 2007Date d'inscription 1 février 2012Dernière intervention 3 sept. 2008 à 22:38
sa m'interesse pas sa .

met le raport hitjackthis.

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
pasterma 106Messages postés 6 août 2008Date d'inscription 2 avril 2011Dernière intervention 3 sept. 2008 à 22:42
tres bien.
je peux lancer hijack pendant que malwarebytes scan le systeme???
il a deja trouve 2 infections

 Ajouter un commentaire
Ajouter un commentaire
Réponse
+0
moins plus
amd64 5271Messages postés 17 juillet 2007Date d'inscription 1 février 2012Dernière intervention 3 sept. 2008 à 22:48
allors attend la fin .
a la fin tu met tout en quarantaine et apres tu clic sur l'onglet quarantaine et tu sup tout et tu ferme.

apres tu lance hitjackthis et tu met le raport ici

 Ajouter un commentaire
pasterma - 3 sept. 2008 à 22:51
re.

malwarebytes est termine. 20 infections supprimées. j'ai redemarré et voici le rapport hijack.

j'ai un ecran bleu sur mon bureau mais j'ai retrouve l'onglet bureau au moins.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:03, on 03/09/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\jean pierre\Bureau\sanner.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: Barre d'outils Texto Web - {4E7BD74F-2B8D-469E-C0FF-FD63A08DBF29} - C:\WINDOWS\DOWNLO~1\textobar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - Conexant - (no file)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
Ajouter un commentaire
Posez votre question
Ce document intitulé « attaque virus » issu de CommentCaMarche (www.commentcamarche.net) est mis à disposition sous les termes de la licence Creative Commons. Vous pouvez copier, modifier des copies de cette page, dans les conditions fixées par la licence, tant que cette note apparaît clairement.
Dossier à la une
5 extensions si vous voulez revenir à l'ancien Facebook