> Tous les forums > Forum Sécurité
 PC se plante ecran bleuSujet résolu
Ajouter un message à la discussion
Page : [1] 
Page 1 sur 1
sunny374
  Posté le 10/06/2010 @ 11:58 
Aller en bas de la page 
Petit astucien

Bonjour,

J'ai le pc d'un ami qui a un problème.

Qd je l'ai reçu il s'allumait, me demandait de démarrer avec ou sans échec, le logo windows xp apparaissait, un écran bleu d'une seconde et le pc restartait et ceci sans arrêt. J'ai retiré le HDD pour le tester dans un autre pc et il fonctionnait , je le réinstalle dans le pc original et voilà que celui redémarre...

J'installe F secure et fait un scan en ligne : rien.

J'installe Antivir et fait un scan et là il me trouve un fichier TR/downloader >Gen was found dans des endroits différents, puis j'ai parfois une alerte avec une fenêtre Microsoft security essentials qui s'ouvre qui me dit avoir détecté une menace potentielle et me demande de cliquer sur " nettoyer l'ordinateur".

Je vous joins un hijackthis, merci de votre aide...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:40:48, on 10/06/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Belgium Identity Card\beid35gui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Program Files\Avira\AntiVir Desktop\avscan.exe
C:\WINDOWS\System32\vssvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents\Maman\Téléchargements\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files\DVDVideoSoftTB\tbDVD1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [beid] "C:\Program Files\Belgium Identity Card\beid35gui.exe" /startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Démarrage rapide de HP Photosmart Premier.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Fichiers communs\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe

--
End of file - 7744 bytes

Publicité
sunny374
 Posté le 10/06/2010 à 12:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

voici le rapport avntir :



Avira AntiVir Personal
Report file date: jeudi 10 juin 2010 10:20

Scanning for 2200434 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JEANLUCGALAND

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 11:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 17:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 08:06:47
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 08:06:49
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 08:06:49
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 08:06:50
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 08:06:50
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 08:06:50
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 08:06:50
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 08:06:50
VBASE013.VDF : 7.10.7.225 2048 Bytes 02/06/2010 08:06:50
VBASE014.VDF : 7.10.8.6 136704 Bytes 07/06/2010 08:06:50
VBASE015.VDF : 7.10.8.7 2048 Bytes 07/06/2010 08:06:50
VBASE016.VDF : 7.10.8.8 2048 Bytes 07/06/2010 08:06:50
VBASE017.VDF : 7.10.8.9 2048 Bytes 07/06/2010 08:06:50
VBASE018.VDF : 7.10.8.10 2048 Bytes 07/06/2010 08:06:50
VBASE019.VDF : 7.10.8.11 2048 Bytes 07/06/2010 08:06:50
VBASE020.VDF : 7.10.8.12 2048 Bytes 07/06/2010 08:06:50
VBASE021.VDF : 7.10.8.13 2048 Bytes 07/06/2010 08:06:50
VBASE022.VDF : 7.10.8.14 2048 Bytes 07/06/2010 08:06:50
VBASE023.VDF : 7.10.8.15 2048 Bytes 07/06/2010 08:06:51
VBASE024.VDF : 7.10.8.16 2048 Bytes 07/06/2010 08:06:51
VBASE025.VDF : 7.10.8.17 2048 Bytes 07/06/2010 08:06:51
VBASE026.VDF : 7.10.8.18 2048 Bytes 07/06/2010 08:06:51
VBASE027.VDF : 7.10.8.19 2048 Bytes 07/06/2010 08:06:51
VBASE028.VDF : 7.10.8.20 2048 Bytes 07/06/2010 08:06:51
VBASE029.VDF : 7.10.8.21 2048 Bytes 07/06/2010 08:06:51
VBASE030.VDF : 7.10.8.22 2048 Bytes 07/06/2010 08:06:51
VBASE031.VDF : 7.10.8.30 107520 Bytes 09/06/2010 08:06:51
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 10/06/2010 08:06:56
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 10/06/2010 08:06:55
AESCN.DLL : 8.1.6.1 127347 Bytes 10/06/2010 08:06:55
AESBX.DLL : 8.1.3.1 254324 Bytes 10/06/2010 08:06:56
AERDL.DLL : 8.1.4.6 541043 Bytes 10/06/2010 08:06:55
AEPACK.DLL : 8.2.1.1 426358 Bytes 19/03/2010 11:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 10/06/2010 08:06:54
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 10/06/2010 08:06:54
AEHELP.DLL : 8.1.11.5 242038 Bytes 10/06/2010 08:06:53
AEGEN.DLL : 8.1.3.10 377205 Bytes 10/06/2010 08:06:53
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/06/2010 08:06:52
AECORE.DLL : 8.1.15.3 192886 Bytes 10/06/2010 08:06:52
AEBB.DLL : 8.1.1.0 53618 Bytes 10/06/2010 08:06:52
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 11:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 11:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 11:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 11:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 11:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 08:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 11:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 13:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 13:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: jeudi 10 juin 2010 10:20

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'avscan.exe' - '68' Module(s) have been scanned
Scan process 'avcenter.exe' - '60' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '42' Module(s) have been scanned
Scan process 'HPWUCli.exe' - '100' Module(s) have been scanned
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avgnt.exe' - '43' Module(s) have been scanned
Scan process 'sched.exe' - '45' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'wuauclt.exe' - '35' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '73' Module(s) have been scanned
Scan process 'iPodService.exe' - '28' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '100' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '61' Module(s) have been scanned
Scan process 'ctfmon.exe' - '23' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '62' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '28' Module(s) have been scanned
Scan process 'beid35gui.exe' - '69' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '24' Module(s) have been scanned
Scan process 'RunDll32.exe' - '37' Module(s) have been scanned
Scan process 'msseces.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '19' Module(s) have been scanned
Scan process 'Explorer.EXE' - '97' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'UpdateCenterService.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '36' Module(s) have been scanned
Scan process 'nTuneService.exe' - '84' Module(s) have been scanned
Scan process 'NBService.exe' - '43' Module(s) have been scanned
Scan process 'jqs.exe' - '80' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '31' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '22' Module(s) have been scanned
Scan process 'spoolsv.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '40' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '173' Module(s) have been scanned
Scan process 'MsMpEng.exe' - '63' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '57' Module(s) have been scanned
Scan process 'services.exe' - '38' Module(s) have been scanned
Scan process 'winlogon.exe' - '69' Module(s) have been scanned
Scan process 'csrss.exe' - '12' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1731' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Pierre\Local Settings\Temp\jar_cache7349909728375336027.tmp
[0] Archive type: ZIP
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> AppletPanel.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH Trojan
--> Main.class
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
Begin scan in 'D:\' <Donnees>

Beginning disinfection:
C:\Documents and Settings\Pierre\Local Settings\Temp\jar_cache7349909728375336027.tmp
[DETECTION] Is the TR/Dldr.Java.Agent.AH.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f8367aa.qua'.


End of the scan: jeudi 10 juin 2010 12:47
Used time: 1:41:39 Hour(s)

The scan has been done completely.

11110 Scanned directories
381022 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
381020 Files not concerned
3957 Archives were scanned
0 Warnings
1 Notes
345493 Objects were scanned with rootkit scan
2 Hidden objects were found

nardino
 Posté le 10/06/2010 à 13:40 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour

Commence donc par désinstaller un des deux antivirus.

Vide les fichier temp et les caches des tes navigateurs.

Les toolbars sont -elles indispensables ?

Tu peux les désinstaller, elle ne servent que leur créateur.

@+



Modifié par nardino le 10/06/2010 13:44
sunny374
 Posté le 10/06/2010 à 14:52 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

voilà c'est fait

nardino
 Posté le 10/06/2010 à 23:49 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonsoir

Constates-tu encore des anomalies de fonctionnement ?

@+

sunny374
 Posté le 11/06/2010 à 08:46 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
Petit astucien

bjr,

oui et j'ai refait un scan antivir qui me trouve tjs un TR/Downloader Gen' dans C systeme volume information A0049133.exe

voici le rapport:

Avira AntiVir Personal
Report file date: jeudi 10 juin 2010 22:36

Scanning for 2200434 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : JEANLUCGALAND

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 19/04/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 01/04/2010 11:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 07/03/2010 17:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 19/11/2009 18:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 20/01/2010 16:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 26/01/2010 15:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 05/03/2010 10:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 15/04/2010 08:06:47
VBASE006.VDF : 7.10.7.218 2294784 Bytes 02/06/2010 08:06:49
VBASE007.VDF : 7.10.7.219 2048 Bytes 02/06/2010 08:06:49
VBASE008.VDF : 7.10.7.220 2048 Bytes 02/06/2010 08:06:50
VBASE009.VDF : 7.10.7.221 2048 Bytes 02/06/2010 08:06:50
VBASE010.VDF : 7.10.7.222 2048 Bytes 02/06/2010 08:06:50
VBASE011.VDF : 7.10.7.223 2048 Bytes 02/06/2010 08:06:50
VBASE012.VDF : 7.10.7.224 2048 Bytes 02/06/2010 08:06:50
VBASE013.VDF : 7.10.7.225 2048 Bytes 02/06/2010 08:06:50
VBASE014.VDF : 7.10.8.6 136704 Bytes 07/06/2010 08:06:50
VBASE015.VDF : 7.10.8.7 2048 Bytes 07/06/2010 08:06:50
VBASE016.VDF : 7.10.8.8 2048 Bytes 07/06/2010 08:06:50
VBASE017.VDF : 7.10.8.9 2048 Bytes 07/06/2010 08:06:50
VBASE018.VDF : 7.10.8.10 2048 Bytes 07/06/2010 08:06:50
VBASE019.VDF : 7.10.8.11 2048 Bytes 07/06/2010 08:06:50
VBASE020.VDF : 7.10.8.12 2048 Bytes 07/06/2010 08:06:50
VBASE021.VDF : 7.10.8.13 2048 Bytes 07/06/2010 08:06:50
VBASE022.VDF : 7.10.8.14 2048 Bytes 07/06/2010 08:06:50
VBASE023.VDF : 7.10.8.15 2048 Bytes 07/06/2010 08:06:51
VBASE024.VDF : 7.10.8.16 2048 Bytes 07/06/2010 08:06:51
VBASE025.VDF : 7.10.8.17 2048 Bytes 07/06/2010 08:06:51
VBASE026.VDF : 7.10.8.18 2048 Bytes 07/06/2010 08:06:51
VBASE027.VDF : 7.10.8.19 2048 Bytes 07/06/2010 08:06:51
VBASE028.VDF : 7.10.8.20 2048 Bytes 07/06/2010 08:06:51
VBASE029.VDF : 7.10.8.21 2048 Bytes 07/06/2010 08:06:51
VBASE030.VDF : 7.10.8.22 2048 Bytes 07/06/2010 08:06:51
VBASE031.VDF : 7.10.8.30 107520 Bytes 09/06/2010 08:06:51
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 10/06/2010 08:06:56
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 10/06/2010 08:06:55
AESCN.DLL : 8.1.6.1 127347 Bytes 10/06/2010 08:06:55
AESBX.DLL : 8.1.3.1 254324 Bytes 10/06/2010 08:06:56
AERDL.DLL : 8.1.4.6 541043 Bytes 10/06/2010 08:06:55
AEPACK.DLL : 8.2.1.1 426358 Bytes 19/03/2010 11:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 10/06/2010 08:06:54
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 10/06/2010 08:06:54
AEHELP.DLL : 8.1.11.5 242038 Bytes 10/06/2010 08:06:53
AEGEN.DLL : 8.1.3.10 377205 Bytes 10/06/2010 08:06:53
AEEMU.DLL : 8.1.2.0 393588 Bytes 10/06/2010 08:06:52
AECORE.DLL : 8.1.15.3 192886 Bytes 10/06/2010 08:06:52
AEBB.DLL : 8.1.1.0 53618 Bytes 10/06/2010 08:06:52
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14/01/2010 11:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 14/01/2010 11:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 18/02/2010 15:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 01/04/2010 11:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 01/04/2010 11:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 01/04/2010 11:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 26/01/2010 08:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28/01/2010 11:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16/03/2010 14:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 19/02/2010 13:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 09/04/2010 13:14:29

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: jeudi 10 juin 2010 22:36

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\RNG\seed
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '39' Module(s) have been scanned
Scan process 'dllhost.exe' - '59' Module(s) have been scanned
Scan process 'dllhost.exe' - '44' Module(s) have been scanned
Scan process 'vssvc.exe' - '47' Module(s) have been scanned
Scan process 'avscan.exe' - '68' Module(s) have been scanned
Scan process 'RegistryReviver.exe' - '70' Module(s) have been scanned
Scan process 'msiexec.exe' - '38' Module(s) have been scanned
Scan process 'avcenter.exe' - '65' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '73' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '100' Module(s) have been scanned
Scan process 'iPodService.exe' - '28' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '62' Module(s) have been scanned
Scan process 'wuauclt.exe' - '35' Module(s) have been scanned
Scan process 'ctfmon.exe' - '23' Module(s) have been scanned
Scan process 'avgnt.exe' - '43' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '62' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '28' Module(s) have been scanned
Scan process 'beid35gui.exe' - '69' Module(s) have been scanned
Scan process 'HPWuSchd2.exe' - '15' Module(s) have been scanned
Scan process 'RunDll32.exe' - '37' Module(s) have been scanned
Scan process 'jusched.exe' - '19' Module(s) have been scanned
Scan process 'Explorer.EXE' - '98' Module(s) have been scanned
Scan process 'alg.exe' - '32' Module(s) have been scanned
Scan process 'UpdateCenterService.exe' - '23' Module(s) have been scanned
Scan process 'svchost.exe' - '38' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '37' Module(s) have been scanned
Scan process 'nTuneService.exe' - '84' Module(s) have been scanned
Scan process 'avshadow.exe' - '25' Module(s) have been scanned
Scan process 'NBService.exe' - '43' Module(s) have been scanned
Scan process 'jqs.exe' - '80' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '31' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '32' Module(s) have been scanned
Scan process 'avguard.exe' - '54' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'sched.exe' - '44' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '22' Module(s) have been scanned
Scan process 'spoolsv.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '37' Module(s) have been scanned
Scan process 'svchost.exe' - '31' Module(s) have been scanned
Scan process 'svchost.exe' - '167' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '53' Module(s) have been scanned
Scan process 'lsass.exe' - '57' Module(s) have been scanned
Scan process 'services.exe' - '26' Module(s) have been scanned
Scan process 'winlogon.exe' - '77' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1730' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{0A061B22-DA74-47E7-A597-D965D39FF7C8}\RP289\A0049133.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
Begin scan in 'D:\' <Donnees>

Beginning disinfection:
C:\System Volume Information\_restore{0A061B22-DA74-47E7-A597-D965D39FF7C8}\RP289\A0049133.exe
[DETECTION] Is the TR/Downloader.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4f407fad.qua'.


End of the scan: vendredi 11 juin 2010 08:43
Used time: 1:07:25 Hour(s)

The scan has been done completely.

10908 Scanned directories
369195 Files were scanned
1 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
1 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
369194 Files not concerned
3911 Archives were scanned
0 Warnings
1 Notes
344352 Objects were scanned with rootkit scan
2 Hidden objects were found

nardino
 Posté le 12/06/2010 à 18:34 
Aller en bas de la page Revenir au message précédent Revenir en haut de la page
  Grand Maître astucien

Bonjour

Il ne s'agit pas d'une anomalie de fonctionnement.

Cette détection est sans danger tant que l'on ne touche pas aux points de restauration.

J'attends toujours la fin du coup pour nettoyer ceux-ci et créer un point sain.

Il vaut mieux une roue de secours que pas de roue du tout.

Donc tu ne constates rien d'autre d'anoprmal.

Tu peux vider la quarantaine de Antivir.

Désactive la restauration système comme indiqué sur ce lien :
https://forum.pcastuces.com/desactiver_la_restauration_systeme-f31s7.htm
Et réactive-la pour recréer automatiquement un point sain de toute infection.

Passe la question en résolu.

Clique sur les liens dans ma signature et lis les articles.
Fais-les connaitre autour de toi.

@+

Page : [1] 
Page 1 sur 1

Vous devez être connecté pour participer à la discussion.
Cliquez ici pour vous identifier.

Vous n'avez pas de compte ? Créez-en un gratuitement !
Recevoir PC Astuces par e-mail


La Lettre quotidienne +226 000 inscrits
Avec l'actu, des logiciels, des applis, des astuces, des bons plans, ...

Les bonnes affaires
Une fois par semaine, un récap des meilleurs offres.

Les fonds d'écran
De jolies photos pour personnaliser votre bureau. Une fois par semaine.

Les nouveaux Bons Plans
Des notifications pour ne pas rater les bons plans publiés sur le site.

Les bons plans du moment PC Astuces

Tous les Bons Plans
122,65 €Alimentation modulaire Corsair RM750X 80+ Gold à 122,65 €
Valable jusqu'au 18 Septembre

Amazon propose actuellement l'alimentation modulaire Corsair RM750X à 122,65 € livrée gratuitement. Cette alimentation de 750W est certifiée 80+ Gold et est garantie 10 ans. Entièrement modulaire, vous pourrez brancher uniquement les câbles (fournis) dont vous avez besoin. On la trouve ailleurs à partir de 150 €. 


> Voir l'offre
-30%La semaine Dim: -30% sur une sélection de sous vêtements homme et femme
Valable jusqu'au 20 Septembre

C'est la semaine Dim chez Amazon avec jusqu'à 30% de remise immédiate sur une sélection de sous vêtements homme et femme.


> Voir l'offre
1199,99 €Ultrabook Lenovo Yoga S7 Pro 14 pouces (2.8K, Ryzen 7 5800H, 16 Go RAM, SSD 512 Go) à 1199,99 €
Valable jusqu'au 18 Septembre

Darty fait fait une vente flash sur l'ordinateur portable Lenovo Yoga S7 Pro 14ACH5 proposé à 1199,99 € au lieu de 1699,99 €. Ce portable est bien équipé avec son écran 14 pouces OLED de résolution 2.8K (2880x1800), son processeur AMD Ryzen 7 5800H, ses 16 Go de RAM, son SSD de 512 Go, sa carte graphique intégrée Vega 8. Il possède le Bluetooth 5.1 et le WiFi 802.1 ax, 1 ports USB 3.2, 2 port USB C 3.2, une caméra HD. L'autonomie annoncée est de 14h et la charge rapide permet de le ramener à 50% de sa capacité en seulement 30 minutes. Il pèse 1,39 kg et tourne sous Windows 10.


> Voir l'offre

Sujets relatifs
Ecran bleu de la mort. J'ai peur que tout plante
mon pc plante redemarre et met un ecran bleu
Ordi plante / ecran bleu
msn qui plante avec un joli ecran bleu...
Ecran Bleu
Ecran bleu
Crash écran bleu
Crash Dump écran bleu
Ecran bleu des que j'ouvre une video.
Ecran bleu intempestif
Plus de sujets relatifs à PC se plante ecran bleu
 > Tous les forums > Forum Sécurité