Forums d'entraide informatique - Les forums de PCW

Version complète : Scann avec Avira Antivir
Vous consultez actuellement la version basse qualité d'un document. Voir la version complète avec le bon formatage.
Pages : 1 2
Bonsoir à tous ^^

C'est ici ma première question que je pose ( et c'est aussi pour cela que je suis venu sur ce forum ^^ ), j'ai un problème ( enfin je crois que c'en est un ) avec quelques virus sur mon ordinateur. Déjà la première difficulté c'est d'expliquer mon problème m'y connaissant peu dans les antivirus ^^ Ensuite, j'ai effectué un scan le 27/03/09 ( d'après Avira ) et au début de scan j'ai remarqué qu'au bout de quelques secondes, mon antivirus détecte 2 fichiers "warnings" puis à la fin 4. En regardant à quoi cela correspondait, j'ai vu que j'avais 2 trojans et 2 fichiers qui sont exactement les mêmes et qui correspondent à des fichiers cachés sur mozilla je crois ( à la fin de "l'adresse" il y'a marqué CACHE_001 et donc je sais pas trop ce que c'est. Donc j'ai mis les 4 en quarantaine et ce soir, en relançant un scan, encore une fois au début, l'antivirus me disait que il y avait 2 fichiers warnings et à la fin du scan, il y'en avait finalement 3. Et quand j'ai regardé quels fichiers s'était, il s'agissait des 2 trojans que j'avais mis en quarantaine. Donc je comprend pas tout Undecided Voilà le rapport du scan au cas où :

Avira AntiVir Personal
Report file date: mardi 14 avril 2009 19:21

Scanning for 1349339 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HDD-F67A511D2ED

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 09:39:02
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:52:23
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:09:57
ANTIVIR2.VDF : 7.1.3.0 1330176 Bytes 01/04/2009 16:43:22
ANTIVIR3.VDF : 7.1.3.45 198656 Bytes 14/04/2009 08:22:21
Engineversion : 8.2.0.138
AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 18:04:29
AESCRIPT.DLL : 8.1.1.73 373114 Bytes 04/04/2009 16:52:59
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 16:52:58
AERDL.DLL : 8.1.1.3 438645 Bytes 07/11/2008 17:24:29
AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 16:52:57
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 12:09:25
AEHEUR.DLL : 8.1.0.114 1700214 Bytes 04/04/2009 16:52:57
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 12:09:25
AEGEN.DLL : 8.1.1.33 340340 Bytes 04/04/2009 16:52:55
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 17:36:14
AECORE.DLL : 8.1.6.7 176502 Bytes 04/04/2009 16:52:55
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 17:36:11
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 09/10/2008 17:01:50
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 14 avril 2009 19:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned
Scan process 'vialogsv.exe' - '1' Module(s) have been scanned
Scan process 'vmnat.exe' - '1' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'fsssvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'fsui.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'raid_tool.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!


End of the scan: mardi 14 avril 2009 21:16
Used time: 1:55:26 Hour(s)

The scan has been done completely.

7701 Scanning directories
550769 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
550766 Files not concerned
2651 Archives were scanned
3 Warnings
0 Notes

Et une impression d'écran des 4 virus ( enfin si on peut dire ça comme ça ) :
Image: sans_t11.jpg
On voit pas grand chose mais bon, je sais que les 2 trojans sont des malwares je crois.

Voilà ^^ Merci d'avance si vous pouvez m'aider parce que là, je comprends rien ^^ Bonne soirée et encore merci d'avance Wink
Bonsoir Robby33 et bienvenue

As-tu essayé de vider tes répertoires temporaires avec CCleaner ?

Tuto : http://www.pcinfo-web.com/tutoriaux/22-1...leaner.php
Bonjour ^^

Alors voilà, je viens à l'instant de vider mes répertoires temporaires avec CCleaner seulement, par rapport au tutoriel, je suis bloqué au niveau de "Réparer les erreurs sélectionnées". Que dois-je faire ?
J'ai oublié aussi de préciser que j'ai téléchargé la version 2.18.878 alors que la version donnée dans le tuto est la 2.02.527, je ne sais pas si cela change quelque chose Confused ( j'ai téléchargé ma version sur un autre site qui n'était pas donné ).

Edit : Finalement j'ai trouvé et j'ai pu finir de vider les répertoires temporaires ^^ Que dois-je faire ensuite ?
Bonsoir à toi

Robby33 a écrit :J'ai oublié aussi de préciser que j'ai téléchargé la version 2.18.878 alors que la version donnée dans le tuto est la 2.02.527, je ne sais pas si cela change quelque chose Confused ( j'ai téléchargé ma version sur un autre site qui n'était pas donné ).
Oui mais ce n'est pas grave, c'est très régulièrement mis à jour ^^

Maintenant, vérifie si ton antivirus trouve encore des trojans Smile
Bonsoir ^^

L'analyse vient de finir et toujours 3 warnings de trouvés par l'antivirus Confused Et quand je regarde dans "overview* => "events" et que je regarde les détections, se sont toujours les 2 trojans. Soit ils sont coriaces, soit je suis pas doué, soit j'ai pas de chance ^^
Dans ton screen au dessus c'est la zone de quarantaine, vides la zone de quarantaine Wink

Et les 3 fichiers Warnings c'est normal, ça le fait chez tous ceux qui ont Antivir, cela vient de ces fichiers :

C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!

hiberfil.sys = Fichier utilisé pour la veille prolongée
pagefile.sys = Fichier d'échange
atapi.sys = Driver pour lecteurs de CD
D'accord ok ^^ Pour vider les fichier je clique sur la petite corbeille c'est ça ?
(15-04-2009 21:30 PM)Robby33 a écrit : [ -> ]D'accord ok ^^ Pour vider les fichier je clique sur la petite corbeille c'est ça ?

Pour vider la quarantaine d'antivir ? Oui bien sûr Wink
Bonjour ^^

Voilà c'est fait, j'ai tout vidé Wink Et je viens de lancer un nouveau scan pour voir si j'avais encore des virus ^^
Merci beaucoup

EDit : Avec un peu de retard voilà le rapport du dernier scan ^^ Je crois que il n'y a plus de virus mais j'ne suis pas sûr ^^

Avira AntiVir Personal
Report file date: vendredi 17 avril 2009 20:43

Scanning for 1355524 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: HDD-F67A511D2ED

Version information:
BUILD.DAT : 8.2.0.347 16934 Bytes 16/03/2009 14:45:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 26/11/2008 09:39:02
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 10:52:23
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 18:09:57
ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 09:12:51
ANTIVIR3.VDF : 7.1.3.68 14336 Bytes 17/04/2009 09:12:51
Engineversion : 8.2.0.143
AEVDF.DLL : 8.1.1.0 106868 Bytes 30/01/2009 18:04:29
AESCRIPT.DLL : 8.1.1.75 373113 Bytes 15/04/2009 08:21:53
AESCN.DLL : 8.1.1.10 127348 Bytes 04/04/2009 16:52:58
AERDL.DLL : 8.1.1.3 438645 Bytes 07/11/2008 17:24:29
AEPACK.DLL : 8.1.3.12 397687 Bytes 04/04/2009 16:52:57
AEOFFICE.DLL : 8.1.0.36 196987 Bytes 27/02/2009 12:09:25
AEHEUR.DLL : 8.1.0.116 1708407 Bytes 15/04/2009 08:21:52
AEHELP.DLL : 8.1.2.2 119158 Bytes 27/02/2009 12:09:25
AEGEN.DLL : 8.1.1.34 340340 Bytes 15/04/2009 08:21:50
AEEMU.DLL : 8.1.0.9 393588 Bytes 15/10/2008 17:36:14
AECORE.DLL : 8.1.6.9 176500 Bytes 15/04/2009 08:21:50
AEBB.DLL : 8.1.0.3 53618 Bytes 15/10/2008 17:36:11
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.3 155905 Bytes 17/04/2009 09:12:52
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: vendredi 17 avril 2009 20:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wlcomm.exe' - '1' Module(s) have been scanned
Scan process 'devldr32.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'vmnetdhcp.exe' - '1' Module(s) have been scanned
Scan process 'vialogsv.exe' - '1' Module(s) have been scanned
Scan process 'vmnat.exe' - '1' Module(s) have been scanned
Scan process 'vmware-authd.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'fsssvc.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'fsui.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'raid_tool.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'soundman.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
43 processes with 43 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '58' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\atapi.sys
[WARNING] The file could not be opened!


End of the scan: vendredi 17 avril 2009 22:44
Used time: 2:01:48 Hour(s)

The scan has been done completely.

7414 Scanning directories
534289 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
534286 Files not concerned
2344 Archives were scanned
3 Warnings
0 Notes

Voilà ^^
Pages : 1 2
URLs de référence