JS:FAKEAV-A[Trj] et autres virus
mumu7s
-
mumu7s -
mumu7s -
Bonjour,
Petite visite chez ma mère pendant les vacances et oh surprise un virus! (elle sait aller sur internet mais ne comprend pas comment ça marche et n'en a d'ailleurs rien à faire...) Bref en allant sur msn elle a cliqué sur un lien marqué "foto" et c'est comme ça que le virus JS:FAKEAV-A[Trj] est arrivé. N'arrivant pas à le supprimer avec Avast, j'ai supprimé Avast et mis Antivir à la place. Dès la fin de l'installation, il m'a detecté d'autres trojans, une bonne partie dans system 32.
Je vous met le rapport.
Avira AntiVir Personal
Report file date: mercredi 31 décembre 2008 13:42
Scanning for 1138943 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MARJORIE
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:28
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:38
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 12:39:28
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 12:39:30
ANTIVIR3.VDF : 7.1.1.57 277504 Bytes 31/12/2008 12:39:34
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:58
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 31/12/2008 12:39:58
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:42
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:40
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:40
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 31/12/2008 12:39:54
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 31/12/2008 12:39:52
AEHELP.DLL : 8.1.2.0 119159 Bytes 31/12/2008 12:39:42
AEGEN.DLL : 8.1.1.8 323956 Bytes 31/12/2008 12:39:40
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:58
AECORE.DLL : 8.1.5.2 172405 Bytes 31/12/2008 12:39:36
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:58
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:16
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 31 décembre 2008 13:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'MgApp.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'soffice.BIN' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'MOUSE32A.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'EoEngine.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'MOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'AVGAS.EXE' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'ADMTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'GUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\lrfwqnz.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c16a21.qua'!
C:\WINDOWS\system32\kkmhebtv.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '49c86a1e.qua'!
C:\WINDOWS\system32\uoxwqd.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '49d36a27.qua'!
C:\WINDOWS\system32\zqvyth.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49d16a2c.qua'!
C:\WINDOWS\system32\xeeqhu.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49c06a25.qua'!
C:\WINDOWS\system32\qavkor.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49d16a26.qua'!
C:\WINDOWS\system32\prbwox.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bd6a3b.qua'!
C:\WINDOWS\system32\jkkhghFx.dll
[DETECTION] Is the TR/Vundo.D.10 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4bba6098.qua'!
C:\WINDOWS\system32\sgpeusxo.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cb6a40.qua'!
C:\WINDOWS\system32\udavpfa.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bc6a40.qua'!
C:\WINDOWS\system32\vavwnne.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d16a41.qua'!
C:\WINDOWS\system32\pkadlyvv.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '49bc6a59.qua'!
C:\WINDOWS\system32\obpkwg.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cb6a5a.qua'!
C:\WINDOWS\system32\mujowb.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c56a70.qua'!
C:\WINDOWS\system32\rjqxsdh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cc6a6b.qua'!
C:\WINDOWS\system32\lzpgvehto.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cb6a7e.qua'!
C:\WINDOWS\system32\ijtgdac.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cf6a70.qua'!
C:\WINDOWS\system32\lzroyau.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cd6a83.qua'!
C:\WINDOWS\system32\yfopljp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ca6a72.qua'!
C:\WINDOWS\system32\pfzxdyksk.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d56a75.qua'!
C:\WINDOWS\system32\mskljxmzw.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c66a84.qua'!
C:\WINDOWS\system32\iufxyh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c16a88.qua'!
C:\WINDOWS\system32\fntsjiajy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cf6a84.qua'!
C:\WINDOWS\system32\nlakpdnp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bc6a84.qua'!
C:\WINDOWS\system32\rpqdqkidn.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cc6a8b.qua'!
C:\WINDOWS\system32\mawtiiwvcj.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d26a7f.qua'!
C:\WINDOWS\system32\asnxiiq.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c96a95.qua'!
C:\WINDOWS\system32\fjhoakdfn.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c36a8d.qua'!
C:\WINDOWS\system32\svuqup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d06a99.qua'!
C:\WINDOWS\system32\qlsuhxr.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ce6a8f.qua'!
C:\WINDOWS\system32\iiefihfox.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c06a8d.qua'!
C:\WINDOWS\system32\crcrsyue.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49be6a96.qua'!
C:\WINDOWS\system32\sagdcqpqug.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c26a86.qua'!
C:\WINDOWS\system32\xmahec.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bc6a92.qua'!
C:\WINDOWS\system32\hsqelam.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49cc6a99.qua'!
C:\WINDOWS\system32\kdhstg.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49c36a8a.qua'!
C:\WINDOWS\system32\knjlxetvh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c56a94.qua'!
C:\WINDOWS\system32\jhwdmnglqh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d26a8f.qua'!
C:\WINDOWS\system32\zwhloiims.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49c36a9e.qua'!
C:\WINDOWS\system32\lstlnkmpl.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cf6a9a.qua'!
C:\WINDOWS\system32\cuidjug.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49c46a9d.qua'!
C:\WINDOWS\system32\htiqfd.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c46a9c.qua'!
C:\WINDOWS\system32\upmunebpz.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c86a99.qua'!
C:\WINDOWS\system32\eslirgtrrh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c76a9c.qua'!
C:\WINDOWS\system32\mdmrpsx.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c86a8d.qua'!
C:\WINDOWS\system32\vvceotgtp.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49be6aa0.qua'!
C:\WINDOWS\system32\addkxpypfv.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49bf6a8e.qua'!
C:\WINDOWS\system32\vpljicsk.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '49c76aa5.qua'!
C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
[DETECTION] Is the TR/Agent.49664.J Trojan
[NOTE] The file was moved to '49cb6baa.qua'!
C:\Documents and Settings\marion\Local Settings\Temporary Internet Files\Content.IE5\1WPUXEOW\apstpldr.dll[1].htm
[DETECTION] Is the TR/Agent.ALPG Trojan
[NOTE] The file was moved to '49ce6cc3.qua'!
C:\Program Files\MessengerSkinner\uninst.exe
[DETECTION] Contains recognition pattern of the DR/NaviPromo.AO.51 dropper
[NOTE] The file was moved to '49c46de7.qua'!
C:\Program Files\Instant Access\Multi\20071224001216\instant access.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '49ce6e4f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP195\A0060295.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f04.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP222\A0068971.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.52786.3 worm
[NOTE] The file was moved to '498b6f79.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP222\A0068994.dll
[DETECTION] Is the TR/Vundo.73216Y.2 Trojan
[NOTE] The file was moved to '48037b82.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069168.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f7d.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069169.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '498b6f7e.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069170.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '48037b87.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069171.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498b6f70.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069172.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48037b89.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069173.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498b6f7f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069174.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b78.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069175.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f81.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069176.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f80.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069177.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b79.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069178.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '498b6f82.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069179.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069180.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f83.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069181.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7c.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069182.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f85.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069183.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7b.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069184.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f84.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069185.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7d.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069186.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7e.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069187.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f87.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069188.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b70.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069189.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f86.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069190.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069191.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f78.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069192.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f89.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069193.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b72.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069194.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8b.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069195.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b74.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069196.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a7f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069197.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a81.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069198.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f7a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069199.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a70.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069200.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a72.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069201.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48e29a74.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069202.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498b6f8a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069203.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a73.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069204.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8c.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069205.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48e29a75.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069206.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8d.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069207.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48e29a76.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069208.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069209.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8e.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069210.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a77.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069211.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a79.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069212.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48e29a68.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069213.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498b6f91.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069214.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '48e29a6a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069216.exe
[DETECTION] Contains recognition pattern of the DR/NaviPromo.AO.51 dropper
[NOTE] The file was moved to '48e29a7b.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069217.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48e29a7d.qua'!
C:\Recycled\Dc214.com
[DETECTION] Contains recognition pattern of the WORM/Rbot.52786.3 worm
[NOTE] The file was moved to '498d6fd7.qua'!
C:\Recycled\Dc215.com
[DETECTION] Contains recognition pattern of the WORM/Rbot.52786.3 worm
[NOTE] The file was moved to '48ea7298.qua'!
Begin scan in 'D:\' <ACERDATA>
End of the scan: mercredi 31 décembre 2008 14:13
Used time: 30:20 Minute(s)
The scan has been done completely.
9485 Scanning directories
352507 Files were scanned
106 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
106 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
352399 Files not concerned
11356 Archives were scanned
3 Warnings
106 Notes
Que faut-il que je fasse en premier? Un rapport Hijack this?
Merci pour votre aide.
Petite visite chez ma mère pendant les vacances et oh surprise un virus! (elle sait aller sur internet mais ne comprend pas comment ça marche et n'en a d'ailleurs rien à faire...) Bref en allant sur msn elle a cliqué sur un lien marqué "foto" et c'est comme ça que le virus JS:FAKEAV-A[Trj] est arrivé. N'arrivant pas à le supprimer avec Avast, j'ai supprimé Avast et mis Antivir à la place. Dès la fin de l'installation, il m'a detecté d'autres trojans, une bonne partie dans system 32.
Je vous met le rapport.
Avira AntiVir Personal
Report file date: mercredi 31 décembre 2008 13:42
Scanning for 1138943 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MARJORIE
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:28
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:38
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 12:39:28
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 12:39:30
ANTIVIR3.VDF : 7.1.1.57 277504 Bytes 31/12/2008 12:39:34
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:58
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 31/12/2008 12:39:58
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:42
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:40
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:40
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 31/12/2008 12:39:54
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 31/12/2008 12:39:52
AEHELP.DLL : 8.1.2.0 119159 Bytes 31/12/2008 12:39:42
AEGEN.DLL : 8.1.1.8 323956 Bytes 31/12/2008 12:39:40
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:58
AECORE.DLL : 8.1.5.2 172405 Bytes 31/12/2008 12:39:36
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:58
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:16
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 31 décembre 2008 13:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'FIREFOX.EXE' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'MgApp.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'soffice.BIN' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'MOUSE32A.EXE' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'MSNMSGR.EXE' - '1' Module(s) have been scanned
Scan process 'EoEngine.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'MOFFICE.EXE' - '1' Module(s) have been scanned
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'AVGAS.EXE' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'ADMTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'CLSched.exe' - '1' Module(s) have been scanned
Scan process 'WMIPRVSE.EXE' - '1' Module(s) have been scanned
Scan process 'WSCNTFY.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'CLMLService.exe' - '1' Module(s) have been scanned
Scan process 'CLMLServer.exe' - '1' Module(s) have been scanned
Scan process 'CLCapSvc.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'GUARD.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
57 processes with 57 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '61' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\lrfwqnz.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c16a21.qua'!
C:\WINDOWS\system32\kkmhebtv.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '49c86a1e.qua'!
C:\WINDOWS\system32\uoxwqd.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '49d36a27.qua'!
C:\WINDOWS\system32\zqvyth.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49d16a2c.qua'!
C:\WINDOWS\system32\xeeqhu.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49c06a25.qua'!
C:\WINDOWS\system32\qavkor.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49d16a26.qua'!
C:\WINDOWS\system32\prbwox.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bd6a3b.qua'!
C:\WINDOWS\system32\jkkhghFx.dll
[DETECTION] Is the TR/Vundo.D.10 Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was moved to '4bba6098.qua'!
C:\WINDOWS\system32\sgpeusxo.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cb6a40.qua'!
C:\WINDOWS\system32\udavpfa.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bc6a40.qua'!
C:\WINDOWS\system32\vavwnne.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d16a41.qua'!
C:\WINDOWS\system32\pkadlyvv.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '49bc6a59.qua'!
C:\WINDOWS\system32\obpkwg.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cb6a5a.qua'!
C:\WINDOWS\system32\mujowb.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c56a70.qua'!
C:\WINDOWS\system32\rjqxsdh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cc6a6b.qua'!
C:\WINDOWS\system32\lzpgvehto.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cb6a7e.qua'!
C:\WINDOWS\system32\ijtgdac.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cf6a70.qua'!
C:\WINDOWS\system32\lzroyau.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cd6a83.qua'!
C:\WINDOWS\system32\yfopljp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ca6a72.qua'!
C:\WINDOWS\system32\pfzxdyksk.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d56a75.qua'!
C:\WINDOWS\system32\mskljxmzw.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c66a84.qua'!
C:\WINDOWS\system32\iufxyh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c16a88.qua'!
C:\WINDOWS\system32\fntsjiajy.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cf6a84.qua'!
C:\WINDOWS\system32\nlakpdnp.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bc6a84.qua'!
C:\WINDOWS\system32\rpqdqkidn.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cc6a8b.qua'!
C:\WINDOWS\system32\mawtiiwvcj.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d26a7f.qua'!
C:\WINDOWS\system32\asnxiiq.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c96a95.qua'!
C:\WINDOWS\system32\fjhoakdfn.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c36a8d.qua'!
C:\WINDOWS\system32\svuqup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d06a99.qua'!
C:\WINDOWS\system32\qlsuhxr.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49ce6a8f.qua'!
C:\WINDOWS\system32\iiefihfox.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c06a8d.qua'!
C:\WINDOWS\system32\crcrsyue.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49be6a96.qua'!
C:\WINDOWS\system32\sagdcqpqug.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c26a86.qua'!
C:\WINDOWS\system32\xmahec.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49bc6a92.qua'!
C:\WINDOWS\system32\hsqelam.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49cc6a99.qua'!
C:\WINDOWS\system32\kdhstg.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49c36a8a.qua'!
C:\WINDOWS\system32\knjlxetvh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c56a94.qua'!
C:\WINDOWS\system32\jhwdmnglqh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49d26a8f.qua'!
C:\WINDOWS\system32\zwhloiims.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49c36a9e.qua'!
C:\WINDOWS\system32\lstlnkmpl.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49cf6a9a.qua'!
C:\WINDOWS\system32\cuidjug.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49c46a9d.qua'!
C:\WINDOWS\system32\htiqfd.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c46a9c.qua'!
C:\WINDOWS\system32\upmunebpz.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c86a99.qua'!
C:\WINDOWS\system32\eslirgtrrh.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c76a9c.qua'!
C:\WINDOWS\system32\mdmrpsx.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '49c86a8d.qua'!
C:\WINDOWS\system32\vvceotgtp.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49be6aa0.qua'!
C:\WINDOWS\system32\addkxpypfv.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49bf6a8e.qua'!
C:\WINDOWS\system32\vpljicsk.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '49c76aa5.qua'!
C:\WINDOWS\$NtServicePackUninstall$\ftp.exe
[DETECTION] Is the TR/Agent.49664.J Trojan
[NOTE] The file was moved to '49cb6baa.qua'!
C:\Documents and Settings\marion\Local Settings\Temporary Internet Files\Content.IE5\1WPUXEOW\apstpldr.dll[1].htm
[DETECTION] Is the TR/Agent.ALPG Trojan
[NOTE] The file was moved to '49ce6cc3.qua'!
C:\Program Files\MessengerSkinner\uninst.exe
[DETECTION] Contains recognition pattern of the DR/NaviPromo.AO.51 dropper
[NOTE] The file was moved to '49c46de7.qua'!
C:\Program Files\Instant Access\Multi\20071224001216\instant access.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '49ce6e4f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP195\A0060295.EXE
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f04.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP222\A0068971.exe
[DETECTION] Contains recognition pattern of the WORM/Rbot.52786.3 worm
[NOTE] The file was moved to '498b6f79.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP222\A0068994.dll
[DETECTION] Is the TR/Vundo.73216Y.2 Trojan
[NOTE] The file was moved to '48037b82.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069168.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f7d.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069169.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '498b6f7e.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069170.dll
[DETECTION] Is the TR/ConHook.D.17 Trojan
[NOTE] The file was moved to '48037b87.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069171.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498b6f70.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069172.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48037b89.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069173.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498b6f7f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069174.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b78.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069175.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f81.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069176.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f80.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069177.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b79.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069178.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '498b6f82.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069179.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069180.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f83.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069181.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7c.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069182.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f85.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069183.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7b.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069184.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f84.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069185.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7d.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069186.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7e.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069187.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f87.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069188.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b70.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069189.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f86.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069190.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b7f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069191.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f78.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069192.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f89.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069193.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b72.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069194.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8b.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069195.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48037b74.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069196.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a7f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069197.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a81.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069198.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f7a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069199.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a70.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069200.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a72.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069201.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48e29a74.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069202.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498b6f8a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069203.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a73.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069204.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8c.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069205.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48e29a75.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069206.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8d.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069207.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48e29a76.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069208.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8f.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069209.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '498b6f8e.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069210.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a77.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069211.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was moved to '48e29a79.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069212.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48e29a68.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069213.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '498b6f91.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069214.exe
[DETECTION] Is the TR/Crypt.PEPM.Gen Trojan
[NOTE] The file was moved to '48e29a6a.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069216.exe
[DETECTION] Contains recognition pattern of the DR/NaviPromo.AO.51 dropper
[NOTE] The file was moved to '48e29a7b.qua'!
C:\System Volume Information\_restore{03F610A5-17ED-4F43-A985-7D9B4A9C3C3D}\RP223\A0069217.exe
[DETECTION] Is the TR/Crypt.CFI.Gen Trojan
[NOTE] The file was moved to '48e29a7d.qua'!
C:\Recycled\Dc214.com
[DETECTION] Contains recognition pattern of the WORM/Rbot.52786.3 worm
[NOTE] The file was moved to '498d6fd7.qua'!
C:\Recycled\Dc215.com
[DETECTION] Contains recognition pattern of the WORM/Rbot.52786.3 worm
[NOTE] The file was moved to '48ea7298.qua'!
Begin scan in 'D:\' <ACERDATA>
End of the scan: mercredi 31 décembre 2008 14:13
Used time: 30:20 Minute(s)
The scan has been done completely.
9485 Scanning directories
352507 Files were scanned
106 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
106 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
352399 Files not concerned
11356 Archives were scanned
3 Warnings
106 Notes
Que faut-il que je fasse en premier? Un rapport Hijack this?
Merci pour votre aide.
A voir également:
- JS:FAKEAV-A[Trj] et autres virus
- Js arrondir - Forum Webmastering
- Please enable js and disable any ad blocker ✓ - Forum Services en ligne
- Js/packed.agent.n ✓ - Forum Virus
- Arrondir js ✓ - Forum Windows
- Isset js ✓ - Forum Javascript
1 réponse
Je met le rapport HijackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:45, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MAGENTIC\bin\MgApp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\marion\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {d6301bae-7c28-a939-5eb4-6dad68084e71} - {17e48086-dad6-4be5-939a-82c7eab1036d} - C:\WINDOWS\system32\kmksgc.dll
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUnOGvu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {FEC3530A-7D00-47A5-8A0D-B9268509CFF7} - C:\WINDOWS\system32\jkkhghFx.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\rqxrxwjr.dll",b
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [yeeukug] "c:\documents and settings\marion\local settings\application data\yeeukug.exe" yeeukug
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O20 - AppInit_DLLs: kmksgc.dll
O20 - Winlogon Notify: wvUnOGvu - C:\WINDOWS\SYSTEM32\wvUnOGvu.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:27:45, on 31/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\EoRezo\EoEngine.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Labtec\Mouse\V3.0\MOUSE32A.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MAGENTIC\bin\MgApp.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\marion\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lo.st#home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {d6301bae-7c28-a939-5eb4-6dad68084e71} - {17e48086-dad6-4be5-939a-82c7eab1036d} - C:\WINDOWS\system32\kmksgc.dll
O2 - BHO: EoBho - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\wvUnOGvu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {FEC3530A-7D00-47A5-8A0D-B9268509CFF7} - C:\WINDOWS\system32\jkkhghFx.dll (file missing)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Labtec\Mouse\V3.0\moffice.exe
O4 - HKLM\..\Run: [320d18a1] rundll32.exe "C:\WINDOWS\system32\rqxrxwjr.dll",b
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [ErrorSafeFree] "C:\Program Files\ErrorSafe Free\uers.exe" /min
O4 - HKCU\..\Run: [Lyad] C:\Program Files\Lyad Messenger\lyad_messenger.exe autostart
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\MAGENTIC\bin\Magentic.exe /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\WANADOO\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [yeeukug] "c:\documents and settings\marion\local settings\application data\yeeukug.exe" yeeukug
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://register3.valueactive.com/323/webolr/OCX/FlashAX.cab
O16 - DPF: {DF1C8E21-4045-4D67-B528-335F1A4F0DE9} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1073_em_XP.cab
O20 - AppInit_DLLs: kmksgc.dll
O20 - Winlogon Notify: wvUnOGvu - C:\WINDOWS\SYSTEM32\wvUnOGvu.dll
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
