Pop-upd de pub qui surgissent constament. - Page 2 - Le Forum de Génération Nouvelles Technologies

angelique · 06/04/2008, 16h07

ok , c'est parfait tout ça

Tu posteras le rapport antivir et celui de kaspersky online quand terminé ^^

bob.seki · 06/04/2008, 17h38

Rapport Antivir (Kaspersky prend son temps...) :

AntiVir PersonalEdition Classic
Report file date: dimanche 6 avril 2008 16:10

Scanning for 1181591 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: ORDINATEUR

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:06:06
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:06:06
ANTIVIR3.VDF : 7.0.3.122 195072 Bytes 05/04/2008 14:06:06
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 06/04/2008 14:06:06
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/04/2008 14:06:06
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 6 avril 2008 16:10

Starting search for hidden objects.
'30182' objects were checked, '0' hidden objects were found.

The scan of running processes will be started
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'cidaemon.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned
Scan process 'E_S4I0T1.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'snmp.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '26' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061394.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061400.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061406.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061412.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061418.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061430.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061436.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061442.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061449.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061455.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061456.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061709.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0061912.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062165.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062166.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062173.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062179.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062185.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062191.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062197.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062203.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0063203.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP166\A0067455.exe
[DETECTION] Is the Trojan horse TR/Obfusgen.A.5424
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\build list.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\hosyypjr.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\hyldznky.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\ikwhfqpm.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\npiqkzbe.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\sdomdozi.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\wdkzzbed.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\xatabhxu.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!

End of the scan: dimanche 6 avril 2008 16:47
Used time: 36:35 min

The scan has been done completely.

2969 Scanning directories
230548 Files were scanned
31 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
31 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
230517 Files not concerned
12750 Archives were scanned
2 Warnings
10 Notes
30182 Objects were scanned with rootkit scan
0 Hidden objects were found

angelique · 06/04/2008, 17h42

ok!

•les points de restaurations infecté ont été supprimés , parfait ^^

•Supprime la "quarantaine d'OTMOveIT , le dossier en gras:

C:\_OTMoveIt

• je lirais ton rapport kaspersky online quand tu l'auras posté ;o)

bob.seki · 06/04/2008, 18h39

Rapport Kaspersky :

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 6:38:11 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 6/04/2008
Kaspersky Anti-Virus database records: 686632
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 39791
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:30:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Papy et Mamy\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Papy et Mamy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Papy et Mamy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Papy et Mamy\Local Settings\Historique\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Papy et Mamy\Local Settings\Historique\History.IE5\MSHist012008040620 080407\index.dat Object is locked skipped
C:\Documents and Settings\Papy et Mamy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Papy et Mamy\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Papy et Mamy\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\0001000F.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP167\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{B07A67 A7-52C4-45A3-80D8-74F5D4704CA1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_e0.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

angelique · 06/04/2008, 19h47

Citation:

Scan Statistics:
Total number of scanned objects: 39791
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:30:26

c'est ok

, tu as juste à desinstalller kaspersky online via ajout\supp de programmes.

Ton soucis d'origine se presente mieux??

bob.seki · 06/04/2008, 20h13

Tout à l'air d'être ok, pour le moment,
pendant le temps du scan en ligne,
pas pop-up de pub, j'en conclus que le pc est de nouveau sain,
il est bien plus rapide aussi, ce qui semble confirmer la désinfection.

Encore merci pour ton aide,
en espérant que cela puisse servir à d'autres.

angelique · 06/04/2008, 20h19

oui c'est ok

@+

06/04/2008, 16h07	#11 (permalink)
angelique Angel¤Helper Date d'inscription: juin 2005 Localisation: bzh 22 Messages: 1 797 Pouvoir de réputation: 113	ok , c'est parfait tout ça Tu posteras le rapport antivir et celui de kaspersky online quand terminé ^^ __________________ ATFCleaner Navilog1 SmitfraudFix sysclean.com lptXXX.zip alcanshorty.bfu egdaccess.bfu BFU toolbar.bfu

06/04/2008, 17h38	#12 (permalink)
bob.seki Débutant Date d'inscription: janvier 2004 Messages: 101 Pouvoir de réputation: 33	Rapport Antivir (Kaspersky prend son temps...) : AntiVir PersonalEdition Classic Report file date: dimanche 6 avril 2008 16:10 Scanning for 1181591 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: ORDINATEUR Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:06:06 ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 14:06:06 ANTIVIR3.VDF : 7.0.3.122 195072 Bytes 05/04/2008 14:06:06 AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 06/04/2008 14:06:06 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/04/2008 14:06:06 AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: C:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: dimanche 6 avril 2008 16:10 Starting search for hidden objects. '30182' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'guardgui.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'cidaemon.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'WLANUTL.exe' - '1' Module(s) have been scanned Scan process 'E_S4I0T1.EXE' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'SMAgent.exe' - '1' Module(s) have been scanned Scan process 'snmp.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'cisvc.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 29 processes with 29 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '26' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061394.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061400.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061406.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061412.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061418.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061430.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061436.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061442.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061449.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061455.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061456.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP160\A0061709.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0061912.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062165.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062166.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062173.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062179.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062185.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062191.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062197.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0062203.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP161\A0063203.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP166\A0067455.exe [DETECTION] Is the Trojan horse TR/Obfusgen.A.5424 [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\build list.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\hosyypjr.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\hyldznky.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\ikwhfqpm.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\npiqkzbe.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\sdomdozi.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\wdkzzbed.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! C:\_OTMoveIt\MovedFiles\04062008_154130\DOCUME~1\P APYET~1\APPLIC~1\SENDPOLLBIND\xatabhxu.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen [INFO] The file was deleted! End of the scan: dimanche 6 avril 2008 16:47 Used time: 36:35 min The scan has been done completely. 2969 Scanning directories 230548 Files were scanned 31 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 31 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 230517 Files not concerned 12750 Archives were scanned 2 Warnings 10 Notes 30182 Objects were scanned with rootkit scan 0 Hidden objects were found __________________ A+ BoB

06/04/2008, 17h42	#13 (permalink)
angelique Angel¤Helper Date d'inscription: juin 2005 Localisation: bzh 22 Messages: 1 797 Pouvoir de réputation: 113	ok! •les points de restaurations infecté ont été supprimés , parfait ^^ •Supprime la "quarantaine d'OTMOveIT , le dossier en gras: C:\_OTMoveIt • je lirais ton rapport kaspersky online quand tu l'auras posté ;o) __________________ ATFCleaner Navilog1 SmitfraudFix sysclean.com lptXXX.zip alcanshorty.bfu egdaccess.bfu BFU toolbar.bfu

06/04/2008, 18h39	#14 (permalink)
bob.seki Débutant Date d'inscription: janvier 2004 Messages: 101 Pouvoir de réputation: 33	Rapport Kaspersky : ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Sunday, April 06, 2008 6:38:11 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 6/04/2008 Kaspersky Anti-Virus database records: 686632 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 39791 Number of viruses found: 0 Number of infected objects: 0 Number of suspicious objects: 0 Duration of the scan process: 01:30:26 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Papy et Mamy\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Papy et Mamy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Papy et Mamy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Papy et Mamy\Local Settings\Historique\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Papy et Mamy\Local Settings\Historique\History.IE5\MSHist012008040620 080407\index.dat Object is locked skipped C:\Documents and Settings\Papy et Mamy\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Papy et Mamy\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Papy et Mamy\ntuser.dat.LOG Object is locked skipped C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped C:\System Volume Information\catalog.wci\0001000F.ci Object is locked skipped C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped C:\System Volume Information\_restore{B8687C25-491C-4B92-A950-D228172F494F}\RP167\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\EventCache\{B07A67 A7-52C4-45A3-80D8-74F5D4704CA1}.bin Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped C:\WINDOWS\system32\config\OSession.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MA P Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DAT A Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_e0.dat Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. __________________ A+ BoB

06/04/2008, 20h13	#16 (permalink)
bob.seki Débutant Date d'inscription: janvier 2004 Messages: 101 Pouvoir de réputation: 33	Tout à l'air d'être ok, pour le moment, pendant le temps du scan en ligne, pas pop-up de pub, j'en conclus que le pc est de nouveau sain, il est bien plus rapide aussi, ce qui semble confirmer la désinfection. Encore merci pour ton aide, en espérant que cela puisse servir à d'autres. __________________ A+ BoB Dernière modification par bob.seki 07/04/2008 à 00h21.

06/04/2008, 20h19	#17 (permalink)
angelique Angel¤Helper Date d'inscription: juin 2005 Localisation: bzh 22 Messages: 1 797 Pouvoir de réputation: 113	oui c'est ok @+ __________________ ATFCleaner Navilog1 SmitfraudFix sysclean.com lptXXX.zip alcanshorty.bfu egdaccess.bfu BFU toolbar.bfu

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email
Modes d'affichage
Mode linéaire Choisir le mode hybride Choisir le mode arborescent

Discussions similaires
Discussion	Auteur	Forum	Réponses	Dernier message
Comment Avoir Le Débit De Sa Connection Constament	planetseb	Connexions_Internet	1	19/10/2003 10h21