Aide decriptage rapport anti-virus

Aide decriptage rapport anti-virus - Virus/Spywares - Windows & Software

Marsh Posté le 18-05-2014 à 15:03:12    

Bonjour à tous et d'avance un gros merci pour l'aide toujours aussi efficace de la communauté!
 
Mon padre a du chopper un bon gros virus puisque son ordinateur à sévèrement ralentis ces derniers jours... (Windows 7)
Etant à distance il m'est assez difficile de régler le problème, mais je lui ai fait faire un scan système par Avira Antivirus dont j'aimerais que vous m'aidiez à déchiffrer le rapport ci-dessous parceque mes connaissances s'arretent là... et du coup si vous pouviez m'indiquer une quelconque marche à suivre pour regler le problème... ca serait vraiment top!
 
Encore merci d'avance!
 
Clément
 
Avira Free Antivirus
Report file date: mercredi 14 mai 2014  14:08
 
Scanning for 6827516 virus strains and unwanted programs.
 
The program is running as an unrestricted full version.
Online services are available.
 
Licensee        : Avira AntiVir Personal - Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows 7 Home Premium
Windows version : (Service Pack 1)  [6.1.7601]
Boot mode       : Normally booted
Username        : Système
Computer name   : JEANMICHEL-PC
 
Version information:
BUILD.DAT       : 12.1.9.2500    41420 Bytes  24/06/2013 23:14:00
AVSCAN.EXE      : 12.3.0.48     468256 Bytes  15/11/2012 08:00:37
AVSCAN.DLL      : 12.3.0.15      54736 Bytes  02/05/2012 13:31:39
LUKE.DLL        : 12.3.0.15      68304 Bytes  01/05/2012 23:31:47
AVSCPLR.DLL     : 12.3.0.14      97032 Bytes  01/05/2012 22:13:36
AVREG.DLL       : 12.3.0.17     232200 Bytes  05/07/2012 10:20:50
VBASE000.VDF    : 7.11.70.0   66736640 Bytes  04/04/2013 14:13:11
VBASE001.VDF    : 7.11.74.226  2201600 Bytes  30/04/2013 13:51:43
VBASE002.VDF    : 7.11.80.60   2751488 Bytes  28/05/2013 15:50:12
VBASE003.VDF    : 7.11.85.214  2162688 Bytes  21/06/2013 07:39:15
VBASE004.VDF    : 7.11.91.176  3903488 Bytes  23/07/2013 13:16:13
VBASE005.VDF    : 7.11.98.186  6822912 Bytes  29/08/2013 06:34:31
VBASE006.VDF    : 7.11.139.38 15708672 Bytes  27/03/2014 14:09:23
VBASE007.VDF    : 7.11.145.136  2117120 Bytes  28/04/2014 15:30:08
VBASE008.VDF    : 7.11.145.137     2048 Bytes  28/04/2014 15:30:08
VBASE009.VDF    : 7.11.145.138     2048 Bytes  28/04/2014 15:30:08
VBASE010.VDF    : 7.11.145.139     2048 Bytes  28/04/2014 15:30:08
VBASE011.VDF    : 7.11.145.140     2048 Bytes  28/04/2014 15:30:08
VBASE012.VDF    : 7.11.145.141     2048 Bytes  28/04/2014 15:30:08
VBASE013.VDF    : 7.11.146.20   166912 Bytes  29/04/2014 16:42:36
VBASE014.VDF    : 7.11.146.131   194048 Bytes  01/05/2014 07:54:02
VBASE015.VDF    : 7.11.146.243   167936 Bytes  03/05/2014 13:17:54
VBASE016.VDF    : 7.11.147.97   122368 Bytes  05/05/2014 13:17:53
VBASE017.VDF    : 7.11.147.207   169472 Bytes  06/05/2014 08:50:55
VBASE018.VDF    : 7.11.148.61   174080 Bytes  08/05/2014 08:52:24
VBASE019.VDF    : 7.11.148.149   257024 Bytes  09/05/2014 13:09:41
VBASE020.VDF    : 7.11.148.241   135168 Bytes  12/05/2014 16:42:50
VBASE021.VDF    : 7.11.149.61   139264 Bytes  13/05/2014 21:50:18
VBASE022.VDF    : 7.11.149.62     2048 Bytes  13/05/2014 21:50:18
VBASE023.VDF    : 7.11.149.63     2048 Bytes  13/05/2014 21:50:18
VBASE024.VDF    : 7.11.149.64     2048 Bytes  13/05/2014 21:50:18
VBASE025.VDF    : 7.11.149.65     2048 Bytes  13/05/2014 21:50:19
VBASE026.VDF    : 7.11.149.66     2048 Bytes  13/05/2014 21:50:19
VBASE027.VDF    : 7.11.149.67     2048 Bytes  13/05/2014 21:50:19
VBASE028.VDF    : 7.11.149.68     2048 Bytes  13/05/2014 21:50:19
VBASE029.VDF    : 7.11.149.69     2048 Bytes  13/05/2014 21:50:19
VBASE030.VDF    : 7.11.149.70     2048 Bytes  13/05/2014 21:50:19
VBASE031.VDF    : 7.11.149.120   192512 Bytes  13/05/2014 21:50:53
Engine version  : 8.3.18.20  
AEVDF.DLL       : 8.3.0.4       118976 Bytes  21/03/2014 13:56:24
AESCRIPT.DLL    : 8.1.4.202     528584 Bytes  09/05/2014 08:52:28
AESCN.DLL       : 8.3.0.2       135360 Bytes  21/03/2014 13:56:23
AESBX.DLL       : 8.2.20.24    1409224 Bytes  09/05/2014 08:52:29
AERDL.DLL       : 8.2.0.138     704888 Bytes  02/12/2013 15:30:46
AEPACK.DLL      : 8.4.0.24      778440 Bytes  13/05/2014 21:51:34
AEOFFICE.DLL    : 8.3.0.4       205000 Bytes  18/04/2014 12:44:03
AEHEUR.DLL      : 8.1.4.1054   6697160 Bytes  09/05/2014 08:52:28
AEHELP.DLL      : 8.3.0.0       274808 Bytes  12/03/2014 07:56:21
AEGEN.DLL       : 8.1.7.26      450752 Bytes  18/04/2014 12:44:03
AEEXP.DLL       : 8.4.1.312     569544 Bytes  01/05/2014 07:08:41
AEEMU.DLL       : 8.1.3.2       393587 Bytes  20/07/2012 14:35:55
AECORE.DLL      : 8.3.0.6       241864 Bytes  19/03/2014 13:27:28
AEBB.DLL        : 8.1.1.4        53619 Bytes  05/11/2012 16:43:05
AVWINLL.DLL     : 12.3.0.15      27344 Bytes  01/05/2012 22:59:21
AVPREF.DLL      : 12.3.0.32      50720 Bytes  15/11/2012 08:00:37
AVREP.DLL       : 12.3.0.15     179208 Bytes  01/05/2012 22:13:35
AVARKT.DLL      : 12.3.0.33     209696 Bytes  15/11/2012 08:00:36
AVEVTLOG.DLL    : 12.3.0.15     169168 Bytes  01/05/2012 22:28:49
SQLITE3.DLL     : 3.7.0.1       398288 Bytes  16/04/2012 21:11:02
AVSMTP.DLL      : 12.3.0.32      63480 Bytes  31/07/2012 09:19:05
NETNT.DLL       : 12.3.0.15      17104 Bytes  01/05/2012 23:33:29
RCIMAGE.DLL     : 12.3.0.31    4445944 Bytes  31/07/2012 09:18:57
RCTEXT.DLL      : 12.3.0.32      97056 Bytes  15/11/2012 08:00:34
 
Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Logging.............................: default
Primary action......................: Interactive
Secondary action....................: Ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, D:,  
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended
 
Start of the scan: mercredi 14 mai 2014  14:08
 
Starting master boot sector scan:
Master boot sector HD0
    [INFO]      No virus was found!
 
Start scanning boot sectors:
Boot sector 'C:\'
    [INFO]      No virus was found!
Boot sector 'D:\'
    [INFO]      No virus was found!
 
Starting search for hidden objects.
HKEY_USERS\S-1-5-21-2290406132-3904796435-910176848-1000\Software\Avira\AntiVir Desktop\profDataStr
  [NOTE]      The registry entry is invisible.
Hidden driver
  [NOTE]      A memory modification has been detected, which could potentially be used to hide file access attempts.
 
The scan of running processes will be started
Scan process 'hpqgpc01.exe' - '57' Module(s) have been scanned
Scan process 'hpqbam08.exe' - '30' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '61' Module(s) have been scanned
Scan process 'avscan.exe' - '93' Module(s) have been scanned
Scan process 'avcenter.exe' - '86' Module(s) have been scanned
Scan process 'WDC.exe' - '29' Module(s) have been scanned
Scan process 'KBFiltr.exe' - '18' Module(s) have been scanned
Scan process 'ATKOSD.exe' - '18' Module(s) have been scanned
Scan process 'avgnt.exe' - '89' Module(s) have been scanned
Scan process 'hpwuschd2.exe' - '20' Module(s) have been scanned
Scan process 'DMedia.exe' - '19' Module(s) have been scanned
Scan process 'ATKOSD2.exe' - '25' Module(s) have been scanned
Scan process 'HControlUser.exe' - '18' Module(s) have been scanned
Scan process 'CLMLSvc.exe' - '36' Module(s) have been scanned
Scan process 'ALU.exe' - '56' Module(s) have been scanned
Scan process 'wcourier.exe' - '35' Module(s) have been scanned
Scan process 'AsScrPro.exe' - '32' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '76' Module(s) have been scanned
Scan process 'DTLite.exe' - '36' Module(s) have been scanned
Scan process 'Atouch64.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '46' Module(s) have been scanned
Scan process 'avguard.exe' - '62' Module(s) have been scanned
Scan process 'HControl.exe' - '45' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
Scan process 'GFNEXSrv.exe' - '16' Module(s) have been scanned
Scan process 'ASLDRSrv.exe' - '21' Module(s) have been scanned
 
Starting to scan executable files (registry).
C:\Windows\Sysnative\drivers\sptd.sys
  [WARNING]   The file could not be opened!
The registry was scanned ( '1815' files ).
 
 
Starting the file scan:
 
Begin scan in 'C:\' <OS>
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Being.Entitle2[1].htm
  [0] Archive type: SWC
  --> Object
      [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Chorus2[1].htm
  [0] Archive type: SWC
  --> Object
      [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Disarm-Printer[1].htm
  [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3402.C exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Lame_Eventual2[1].htm
  [0] Archive type: SWC
  --> Object
      [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Lame_Eventual2[2].htm
  [0] Archive type: SWC
  --> Object
      [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\regular[1].htm
  [DETECTION] Contains recognition pattern of the EXP/JS.Expack.DX exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\SLEEVE[1].htm
  [DETECTION] Contains recognition pattern of the EXP/JS.Expack.DX exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\SLEEVE[2].htm
  [DETECTION] Contains recognition pattern of the EXP/JS.Expack.DX exploit
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\YNL[1].pdf
  [0] Archive type: PDF
  --> pdf_form_2.avp
      [DETECTION] Contains recognition pattern of the EXP/Pdfka.EL.835 exploit
Begin scan in 'D:\' <DATA>
 
Beginning disinfection:
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\YNL[1].pdf
  [DETECTION] Contains recognition pattern of the EXP/Pdfka.EL.835 exploit
  [NOTE]      The file was moved to the quarantine directory under the name '56ebb839.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\SLEEVE[2].htm
  [DETECTION] Contains recognition pattern of the EXP/JS.Expack.DX exploit
  [NOTE]      The file was moved to the quarantine directory under the name '4e05979c.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\SLEEVE[1].htm
  [DETECTION] Contains recognition pattern of the EXP/JS.Expack.DX exploit
  [NOTE]      The file was moved to the quarantine directory under the name '1c5acd74.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\regular[1].htm
  [DETECTION] Contains recognition pattern of the EXP/JS.Expack.DX exploit
  [NOTE]      The file was moved to the quarantine directory under the name '7a0b82cf.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Lame_Eventual2[2].htm
  [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
  [NOTE]      The file was moved to the quarantine directory under the name '3fb1affd.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Lame_Eventual2[1].htm
  [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
  [NOTE]      The file was moved to the quarantine directory under the name '40aa9d9c.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Disarm-Printer[1].htm
  [DETECTION] Contains recognition pattern of the EXP/CVE-2011-3402.C exploit
  [NOTE]      The file was moved to the quarantine directory under the name '0c18b1de.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Chorus2[1].htm
  [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
  [NOTE]      The file was moved to the quarantine directory under the name '700cf18f.qua'.
C:\Users\jean michel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\J6JI92OO\Being.Entitle2[1].htm
  [DETECTION] Contains recognition pattern of the EXP/FLASH.Nebefy.Gen exploit
  [NOTE]      The file was moved to the quarantine directory under the name '5d6cdec4.qua'.
 
 
End of the scan: vendredi 16 mai 2014  15:45
Used time: 49:28:05 Hour(s)
 
The scan has been done completely.
 
  33300 Scanned directories
 937181 Files were scanned
      9 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 Files were deleted
      0 Viruses and unwanted programs were repaired
      9 Files were moved to quarantine
      0 Files were renamed
      1 Files cannot be scanned
 937171 Files not concerned
  10694 Archives were scanned
      1 Warnings
     11 Notes
 607265 Objects were scanned with rootkit scan
      2 Hidden objects were found
 
 
 

Reply

Marsh Posté le 18-05-2014 à 15:03:12   

Reply

Marsh Posté le 18-05-2014 à 15:22:25    

Bonjour,
 
Peux tu regarder mon post ici : http://forum.hardware.fr/hfr/Windo [...] 6867_1.htm
 
et poster tes 3 rapports ?

Reply

Marsh Posté le 18-05-2014 à 16:19:54    

Bonjour!
 
Merci pour ce retour, je fais en sorte que mon père fasse ces analyses sur son pc et je reviens vers toi dans quelques jours!!

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed