TR/Crypt.XPACK.Gen et pas de scan possible
vazouk
Messages postés
3
Statut
Membre
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
N'étant pas un exemple de surfeur prudent, j'ai pendant tout un temps surfé sans antivirus :(
Mais avec la nouvelle année j'ai pris la résolution d'y remédier et j'ai donc installé avast.
Mon premier scan avast m'a signalé quelques Trojan, mais s'est bloqué sur une alerte: win 32: rootkit-gen.
Je me suis renseigné sur différents forums et comme conseillé j'ai désinstallé avast pour avira antivir.
Et la que fut ma surprise de constater que ce n'était plus l'avis d'infection Rootkit qui apparaissait mais :TR/Crypt.XPACK.Gen , et que le problème restait le même: impossibilité de le mettre en quarantaine, ignorer ou quoi que ce soit, il réapparaissait quelques secondes plus tard à un autre emplacement et le scan antivir n'avancait toujours pas. Visiblement il s'agit d'un virus très malveillant qui échappe aux antivirus, donc j'ai téléchargé hijackthis et voici le résultat du log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:53, on 31/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Laurent\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\expiorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LR2R] C:\PROGRA~1\Softario\Typus\Lr2rE.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
N'étant pas un exemple de surfeur prudent, j'ai pendant tout un temps surfé sans antivirus :(
Mais avec la nouvelle année j'ai pris la résolution d'y remédier et j'ai donc installé avast.
Mon premier scan avast m'a signalé quelques Trojan, mais s'est bloqué sur une alerte: win 32: rootkit-gen.
Je me suis renseigné sur différents forums et comme conseillé j'ai désinstallé avast pour avira antivir.
Et la que fut ma surprise de constater que ce n'était plus l'avis d'infection Rootkit qui apparaissait mais :TR/Crypt.XPACK.Gen , et que le problème restait le même: impossibilité de le mettre en quarantaine, ignorer ou quoi que ce soit, il réapparaissait quelques secondes plus tard à un autre emplacement et le scan antivir n'avancait toujours pas. Visiblement il s'agit d'un virus très malveillant qui échappe aux antivirus, donc j'ai téléchargé hijackthis et voici le résultat du log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:53, on 31/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\Laurent\LOCALS~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\expiorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.be/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://fr.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LR2R] C:\PROGRA~1\Softario\Typus\Lr2rE.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [vamsoft] C:\WINDOWS\system32\vamsoft.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
A voir également:
- TR/Crypt.XPACK.Gen et pas de scan possible
- Scan qr code pc - Guide
- Sfc scan - Guide
- Scan spotify - Guide
- Epsilon scan yaoi - Forum Loisirs / Divertissements
- Scan bd ✓ - Forum Loisirs / Divertissements
4 réponses
slt effectivement tu n'as pas été prudent
pour occuper ta soirée :)
analyse ce fichier sur virus total et colle le rapport https://www.virustotal.com/gui/
C:\WINDOWS\expiorer.exe
__________________
si tu as branché un disque externe (clé...) sur un autre ordi il est aussi touché donc il faudra aussi lui passer usbfix
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
______________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
____________________
puis tente de refaire antivir et colle le rapport ou colle le rapport d'un scan en ligne
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
pour occuper ta soirée :)
analyse ce fichier sur virus total et colle le rapport https://www.virustotal.com/gui/
C:\WINDOWS\expiorer.exe
__________________
si tu as branché un disque externe (clé...) sur un autre ordi il est aussi touché donc il faudra aussi lui passer usbfix
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
______________________
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
____________________
puis tente de refaire antivir et colle le rapport ou colle le rapport d'un scan en ligne
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
voici deja les premiers rapports;
rapport virustotal:
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2008.12.31 -
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 -
Authentium 5.1.0.4 2008.12.31 -
Avast 4.8.1281.0 2008.12.31 -
AVG 8.0.0.199 2008.12.31 -
BitDefender 7.2 2008.12.31 -
CAT-QuickHeal 10.00 2008.12.31 -
ClamAV 0.94.1 2008.12.31 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2008.12.31 -
eSafe 7.0.17.0 2008.12.30 -
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 -
Fortinet 3.117.0.0 2008.12.31 -
GData 19 2008.12.31 -
Ikarus T3.1.1.45.0 2008.12.31 -
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2008.12.31 -
McAfee 5479 2008.12.30 -
McAfee+Artemis 5479 2008.12.30 -
Microsoft 1.4205 2008.12.31 -
NOD32 3725 2008.12.31 -
Panda 9.0.0.4 2008.12.31 -
PCTools 4.4.2.0 2008.12.31 -
Prevx1 V2 2008.12.31 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 -
Sophos 4.37.0 2008.12.31 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.31 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.31 -
Information additionnelle
File size: 70656 bytes
MD5...: 16f769bc1d37cc14e3093b9881cf1691
SHA1..: 46ec3a7e4ee9bfff767f60a1b60296bab991dd3b
SHA256: 8a178830af4b295cf15931a67a16a78f6cf46703a36a81b1a0589b0939ad007b
SHA512: e6434ac13391ca33e0facb4ed7d608b58c2c7db2de0055cc52fc1fb66b34b318
4a65038741d183bb0ba1a8af704841e3fe5a071616f3011e8f08b403f19b09be
ssdeep: 1536:DnwOnbNQKLjWDyy1o5Re0TJUEbooPRrKKRbBw7:DVNQKPWDyDRe0TJltZrp
RbB6
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100739d
timedatestamp.....: 0x41107cc3 (Wed Aug 04 06:05:55 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7748 0x7800 6.28 f0b407bc8332017b79dd7dd8cdc2a0b7
.data 0x9000 0x1ba8 0x800 1.15 3fd82fcc3cf0c0692e0e466248ee3fbf
.rsrc 0xb000 0x8e24 0x9000 5.46 d09295ab175b0ed06a205fc5ebc3275d
( 9 imports )
> comdlg32.dll: PageSetupDlgW, FindTextW, PrintDlgExW, ChooseFontW, GetFileTitleW, GetOpenFileNameW, ReplaceTextW, CommDlgExtendedError, GetSaveFileNameW
> SHELL32.dll: DragFinish, DragQueryFileW, DragAcceptFiles, ShellAboutW
> WINSPOOL.DRV: GetPrinterDriverW, ClosePrinter, OpenPrinterW
> COMCTL32.dll: CreateStatusWindowW
> msvcrt.dll: _XcptFilter, _exit, _c_exit, time, localtime, _cexit, iswctype, _except_handler3, _wtol, wcsncmp, _snwprintf, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsncpy
> ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegCreateKeyW, IsTextUnicode, RegQueryValueExA, RegOpenKeyExA, RegSetValueExW
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetLocalTime, GetUserDefaultLCID, GetDateFormatW, GetTimeFormatW, GlobalLock, GlobalUnlock, GetFileInformationByHandle, CreateFileMappingW, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, GlobalFree, GetLocaleInfoW, LocalFree, LocalAlloc, lstrlenW, LocalUnlock, CompareStringW, LocalLock, FoldStringW, CloseHandle, lstrcpyW, ReadFile, CreateFileW, lstrcmpiW, GetCurrentProcessId, GetProcAddress, GetCommandLineW, lstrcatW, FindClose, FindFirstFileW, GetFileAttributesW, lstrcmpW, MulDiv, lstrcpynW, LocalSize, GetLastError, WriteFile, SetLastError, WideCharToMultiByte, LocalReAlloc, FormatMessageW, GetUserDefaultUILanguage, SetEndOfFile, DeleteFileW, GetACP, UnmapViewOfFile, MultiByteToWideChar, MapViewOfFile, UnhandledExceptionFilter
> GDI32.dll: EndPage, AbortDoc, EndDoc, DeleteDC, StartPage, GetTextExtentPoint32W, CreateDCW, SetAbortProc, GetTextFaceW, TextOutW, StartDocW, EnumFontsW, GetStockObject, GetObjectW, GetDeviceCaps, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SetBkMode, LPtoDP, SetWindowExtEx, SetViewportExtEx, SetMapMode, SelectObject
> USER32.dll: GetClientRect, SetCursor, ReleaseDC, GetDC, DialogBoxParamW, SetActiveWindow, GetKeyboardLayout, DefWindowProcW, DestroyWindow, MessageBeep, ShowWindow, GetForegroundWindow, IsIconic, GetWindowPlacement, CharUpperW, LoadStringW, LoadAcceleratorsW, GetSystemMenu, RegisterClassExW, LoadImageW, LoadCursorW, SetWindowPlacement, CreateWindowExW, GetDesktopWindow, GetFocus, LoadIconW, SetWindowTextW, PostQuitMessage, RegisterWindowMessageW, UpdateWindow, SetScrollPos, CharLowerW, PeekMessageW, EnableWindow, DrawTextExW, CreateDialogParamW, GetWindowTextW, GetSystemMetrics, MoveWindow, InvalidateRect, WinHelpW, GetDlgCtrlID, ChildWindowFromPoint, ScreenToClient, GetCursorPos, SendDlgItemMessageW, SendMessageW, CharNextW, CheckMenuItem, CloseClipboard, IsClipboardFormatAvailable, OpenClipboard, GetMenuState, EnableMenuItem, GetSubMenu, GetMenu, MessageBoxW, SetWindowLongW, GetWindowLongW, GetDlgItem, SetFocus, SetDlgItemTextW, wsprintfW, GetDlgItemTextW, EndDialog, GetParent, UnhookWinEvent, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, IsDialogMessageW, PostMessageW, GetMessageW, SetWinEventHook
( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=16f769bc1d37cc14e3093b9881cf1691' target='_blank'>https://www.symantec.com?md5=16f769bc1d37cc14e3093b9881cf1691</a>
rapport usbfix:
-------------- UsbFix V2.413.8 ---------------
* User : Laurent - ACER-1F614B65C2
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:13:33 le mer. 31/12/2008
* Windows Xp - Internet Explorer 6.0.2900.2180
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\expiorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur fixe
+- Contenu de l'autorun : C:\autorun.inf
;3jwca13KKa3dqr08Ap7sso4c5lksisDse27fJ4sdrKL4od4dww05fDaw1Zl0408laK0J9qlK7qF2rA7kp3k1LlL4
[AutoRun]
;30ilA42ko6psiAw1KefrkakXDweAi2qdSi3jlKLdlFK8SlsId0wlsfrK04L3s43qski23a8ZJ42krka7a934qsk8S7qUak3j4wKqkJ0O
open=e8kj.exe
;4ZqL3Dkwp1a2allfwKsJmDAKDws42o5w3qoea3AKs8aO1k7s39opkiKlw7aH12w2alo0DwqD05osjipLLLkjaiqKK48lCS0iqaAKkwfdK4ikAd1d2s
shell\open\Command=e8kj.exe
;rD0eskKdiw0a9aiwLdA2XlaA4dkp92Dm7Dkja84DdsiDK2ir4oa3Zjkj31wwoikfc
shell\open\Default=1
;ofais8SOsqAa4qwae3di2da3offZr2s1lDiLXd3q
shell\explore\Command=e8kj.exe
;lk8o4l3iKaAJiiaJswal0Flosw3Dwrweo3d2
+- Contenu de l'autorun : D:\autorun.inf
;3jwca13KKa3dqr08Ap7sso4c5lksisDse27fJ4sdrKL4od4dww05fDaw1Zl0408laK0J9qlK7qF2rA7kp3k1LlL4
[AutoRun]
;30ilA42ko6psiAw1KefrkakXDweAi2qdSi3jlKLdlFK8SlsId0wlsfrK04L3s43qski23a8ZJ42krka7a934qsk8S7qUak3j4wKqkJ0O
open=e8kj.exe
;4ZqL3Dkwp1a2allfwKsJmDAKDws42o5w3qoea3AKs8aO1k7s39opkiKlw7aH12w2alo0DwqD05osjipLLLkjaiqKK48lCS0iqaAKkwfdK4ikAd1d2s
shell\open\Command=e8kj.exe
;rD0eskKdiw0a9aiwLdA2XlaA4dkp92Dm7Dkja84DdsiDK2ir4oa3Zjkj31wwoikfc
shell\open\Default=1
;ofais8SOsqAa4qwae3di2da3offZr2s1lDiLXd3q
shell\explore\Command=e8kj.exe
;lk8o4l3iKaAJiiaJswal0Flosw3Dwrweo3d2
+- Contenu de l'autorun : G:\autorun.inf
;3jwca13KKa3dqr08Ap7sso4c5lksisDse27fJ4sdrKL4od4dww05fDaw1Zl0408laK0J9qlK7qF2rA7kp3k1LlL4
[AutoRun]
;30ilA42ko6psiAw1KefrkakXDweAi2qdSi3jlKLdlFK8SlsId0wlsfrK04L3s43qski23a8ZJ42krka7a934qsk8S7qUak3j4wKqkJ0O
open=e8kj.exe
;4ZqL3Dkwp1a2allfwKsJmDAKDws42o5w3qoea3AKs8aO1k7s39opkiKlw7aH12w2alo0DwqD05osjipLLLkjaiqKK48lCS0iqaAKkwfdK4ikAd1d2s
shell\open\Command=e8kj.exe
;rD0eskKdiw0a9aiwLdA2XlaA4dkp92Dm7Dkja84DdsiDK2ir4oa3Zjkj31wwoikfc
shell\open\Default=1
;ofais8SOsqAa4qwae3di2da3offZr2s1lDiLXd3q
shell\explore\Command=e8kj.exe
;lk8o4l3iKaAJiiaJswal0Flosw3Dwrweo3d2
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[19/08/2006 04:32][--a------] C:\AUTOEXEC.BAT
[19/08/2006 04:32][--a------] C:\xrdygg.bat
[08/09/2008 09:53][-r-hs----] C:\jdhc2x2.com
[08/09/2008 09:53][-r-hs----] C:\NTDETECT.COM
[08/09/2008 09:53][-r-hs----] C:\x0.com
[17/07/2006 06:04][-rahs----] C:\boot.ini
[31/12/2008 17:09][-r-hs----] C:\autorun.inf
[31/12/2008 17:14][--a------] C:\UsbFix.txt
[19/08/2006 03:44][--a------] C:\CONFIG.SYS
[19/08/2006 03:44][--a------] C:\hiberfil.sys
[19/08/2006 03:44][--a------] C:\IO.SYS
[19/08/2006 03:44][--a------] C:\MSDOS.SYS
[19/08/2006 03:44][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[11/12/2008 18:13][-r-hs----] D:\xrdygg.bat
[09/12/2008 12:43][-r-hs----] D:\x0.com
[09/12/2008 12:43][-r-hs----] D:\3.com
[09/12/2008 12:43][-r-hs----] D:\jdhc2x2.com
[19/12/2008 09:02][-r-hs----] D:\2w.cmd
[31/12/2008 17:09][-r-hs----] D:\autorun.inf
--------------- [ Lecteur G ] ----------------
G: - Lecteur fixe
+- Listing des fichiers présents :
[11/12/2008 18:13][-r-hs----] G:\xrdygg.bat
[09/12/2008 12:43][-r-hs----] G:\x0.com
[11/12/2008 20:02][-rahs----] G:\MS32DLL.dll.vbs
[19/12/2008 09:02][-r-hs----] G:\2w.cmd
[11/12/2008 20:02][-rahs----] G:\MS32DLL.dll.vbs
[31/12/2008 17:09][-r-hs----] G:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
LR2R=C:\PROGRA~1\Softario\Typus\Lr2rE.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ehTray=C:\WINDOWS\ehome\ehtray.exe
LaunchApp=Alaunch
SkyTel=SkyTel.EXE
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ADMTray.exe="C:\Acer\Empowering Technology\admtray.exe"
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Acer ePower Management=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\Monitor.exe
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
<NO NAME>=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
<NO NAME>=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
<NO NAME>=
Installed=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c0a884a-9604-11dd-8779-0018de255a22}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3abffd03-af2e-11dd-877f-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ebec042-1608-11dd-8768-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eda6f2c-c43e-11dd-8782-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e60d94-d7db-11dc-8759-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e60d94-d7db-11dc-8759-0016d462d3f3}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [09/12/2008 12:43][-r-hs----] C:\WINDOWS\system32\amvo0.dll
Supprimé ! - [30/12/2008 18:08][---------] C:\WINDOWS\system32\kav321.dll
Supprimé ! - [31/12/2008 15:18][-r-hs----] C:\WINDOWS\system32\vamsoft.exe
Supprimé ! - [31/12/2008 15:18][---------] C:\WINDOWS\system32\vbsdfe0.dll
C:\autorun.inf ~> fichier appelé : "C:\e8kj.exe" ( absent ! )
D:\autorun.inf ~> fichier appelé : "D:\e8kj.exe" ( absent ! )
G:\autorun.inf ~> fichier appelé : "G:\e8kj.exe" ( absent ! )
Supprimé ! - [31/12/2008 17:09][-r-hs----] C:\autorun.inf
Supprimé ! - [08/09/2008 09:53][-r-hs----] C:\jdhc2x2.com
Supprimé ! - [09/12/2008 12:43][-r-hs----] C:\x0.com
Supprimé ! - [11/12/2008 18:13][-r-hs----] C:\xrdygg.bat
Supprimé ! - [31/12/2008 17:09][-r-hs----] D:\autorun.inf
Supprimé ! - [19/12/2008 09:02][-r-hs----] D:\2w.cmd
Supprimé ! - [08/09/2008 09:53][-r-hs----] D:\jdhc2x2.com
Supprimé ! - [09/12/2008 12:43][-r-hs----] D:\x0.com
Supprimé ! - [11/12/2008 18:13][-r-hs----] D:\xrdygg.bat
Supprimé ! - [13/12/2008 17:29][-r-hs----] D:\3.com
Supprimé ! - [31/12/2008 17:09][-r-hs----] G:\autorun.inf
Supprimé ! - [19/12/2008 09:02][-r-hs----] G:\2w.cmd
Supprimé ! - [11/12/2008 20:02][-rahs----] G:\MS32DLL.dll.vbs
Supprimé ! - [09/12/2008 12:43][-r-hs----] G:\x0.com
Supprimé ! - [11/12/2008 18:13][-r-hs----] G:\xrdygg.bat
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[19/08/2006 04:32][--a------] C:\AUTOEXEC.BAT
[10/08/2004 19:00][-rahs----] C:\NTDETECT.COM
[17/07/2006 06:04][-rahs----] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
rapport sdfix;
[b]SDFix: Version 1.240 /b
Run by Laurent on mer. 31/12/2008 at 17:52
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
C:\Documents and Settings\Laurent\Local Settings\Temp\aax12B.tmp.exe - Deleted
C:\Documents and Settings\Laurent\Local Settings\Temp\aax66.tmp.exe - Deleted
C:\WINDOWS\expIorer.exe - Deleted
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 18:05:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4fde349]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000164
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files /b:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 19 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 30 Aug 2002 114,688 A.SHR --- "C:\WINDOWS\system32\one2disp.dll"
Sat 29 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished!/b
voila déjà ca, c'est du chinois pour moi, mais je suppose que ca veut dire quelque chose :)
je pars faire la fête donc pour le scan avira, je ne l'aurai que demain :)
mais en tout cas j'ai du désactiver avira guard car il me mettait une alerte pour le meme trojan tout les 10 secondes, comme un sale pop-up, et empechait le scan de l'antivirus... enfin bon, la le scan est en cours donc croisons les doigts..
PS; merci beaucoup pour la réponse rapide!
rapport virustotal:
Antivirus Version Dernière mise à jour Résultat
a-squared 4.0.0.73 2008.12.31 -
AhnLab-V3 2008.12.31.0 2008.12.31 -
AntiVir 7.9.0.45 2008.12.31 -
Authentium 5.1.0.4 2008.12.31 -
Avast 4.8.1281.0 2008.12.31 -
AVG 8.0.0.199 2008.12.31 -
BitDefender 7.2 2008.12.31 -
CAT-QuickHeal 10.00 2008.12.31 -
ClamAV 0.94.1 2008.12.31 -
Comodo 851 2008.12.31 -
DrWeb 4.44.0.09170 2008.12.31 -
eSafe 7.0.17.0 2008.12.30 -
eTrust-Vet 31.6.6284 2008.12.31 -
Ewido 4.0 2008.12.31 -
F-Prot 4.4.4.56 2008.12.30 -
F-Secure 8.0.14470.0 2008.12.31 -
Fortinet 3.117.0.0 2008.12.31 -
GData 19 2008.12.31 -
Ikarus T3.1.1.45.0 2008.12.31 -
K7AntiVirus 7.10.572 2008.12.31 -
Kaspersky 7.0.0.125 2008.12.31 -
McAfee 5479 2008.12.30 -
McAfee+Artemis 5479 2008.12.30 -
Microsoft 1.4205 2008.12.31 -
NOD32 3725 2008.12.31 -
Panda 9.0.0.4 2008.12.31 -
PCTools 4.4.2.0 2008.12.31 -
Prevx1 V2 2008.12.31 -
Rising 21.10.22.00 2008.12.31 -
SecureWeb-Gateway 6.7.6 2008.12.31 -
Sophos 4.37.0 2008.12.31 -
Sunbelt 3.2.1809.2 2008.12.22 -
Symantec 10 2008.12.31 -
TheHacker 6.3.1.4.202 2008.12.30 -
TrendMicro 8.700.0.1004 2008.12.31 -
ViRobot 2008.12.30.1540 2008.12.31 -
VirusBuster 4.5.11.0 2008.12.31 -
Information additionnelle
File size: 70656 bytes
MD5...: 16f769bc1d37cc14e3093b9881cf1691
SHA1..: 46ec3a7e4ee9bfff767f60a1b60296bab991dd3b
SHA256: 8a178830af4b295cf15931a67a16a78f6cf46703a36a81b1a0589b0939ad007b
SHA512: e6434ac13391ca33e0facb4ed7d608b58c2c7db2de0055cc52fc1fb66b34b318
4a65038741d183bb0ba1a8af704841e3fe5a071616f3011e8f08b403f19b09be
ssdeep: 1536:DnwOnbNQKLjWDyy1o5Re0TJUEbooPRrKKRbBw7:DVNQKPWDyDRe0TJltZrp
RbB6
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x100739d
timedatestamp.....: 0x41107cc3 (Wed Aug 04 06:05:55 2004)
machinetype.......: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x7748 0x7800 6.28 f0b407bc8332017b79dd7dd8cdc2a0b7
.data 0x9000 0x1ba8 0x800 1.15 3fd82fcc3cf0c0692e0e466248ee3fbf
.rsrc 0xb000 0x8e24 0x9000 5.46 d09295ab175b0ed06a205fc5ebc3275d
( 9 imports )
> comdlg32.dll: PageSetupDlgW, FindTextW, PrintDlgExW, ChooseFontW, GetFileTitleW, GetOpenFileNameW, ReplaceTextW, CommDlgExtendedError, GetSaveFileNameW
> SHELL32.dll: DragFinish, DragQueryFileW, DragAcceptFiles, ShellAboutW
> WINSPOOL.DRV: GetPrinterDriverW, ClosePrinter, OpenPrinterW
> COMCTL32.dll: CreateStatusWindowW
> msvcrt.dll: _XcptFilter, _exit, _c_exit, time, localtime, _cexit, iswctype, _except_handler3, _wtol, wcsncmp, _snwprintf, exit, _acmdln, __getmainargs, _initterm, __setusermatherr, _adjust_fdiv, __p__commode, __p__fmode, __set_app_type, _controlfp, wcsncpy
> ADVAPI32.dll: RegQueryValueExW, RegCloseKey, RegCreateKeyW, IsTextUnicode, RegQueryValueExA, RegOpenKeyExA, RegSetValueExW
> KERNEL32.dll: GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetLocalTime, GetUserDefaultLCID, GetDateFormatW, GetTimeFormatW, GlobalLock, GlobalUnlock, GetFileInformationByHandle, CreateFileMappingW, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, SetUnhandledExceptionFilter, LoadLibraryA, GetModuleHandleA, GetStartupInfoA, GlobalFree, GetLocaleInfoW, LocalFree, LocalAlloc, lstrlenW, LocalUnlock, CompareStringW, LocalLock, FoldStringW, CloseHandle, lstrcpyW, ReadFile, CreateFileW, lstrcmpiW, GetCurrentProcessId, GetProcAddress, GetCommandLineW, lstrcatW, FindClose, FindFirstFileW, GetFileAttributesW, lstrcmpW, MulDiv, lstrcpynW, LocalSize, GetLastError, WriteFile, SetLastError, WideCharToMultiByte, LocalReAlloc, FormatMessageW, GetUserDefaultUILanguage, SetEndOfFile, DeleteFileW, GetACP, UnmapViewOfFile, MultiByteToWideChar, MapViewOfFile, UnhandledExceptionFilter
> GDI32.dll: EndPage, AbortDoc, EndDoc, DeleteDC, StartPage, GetTextExtentPoint32W, CreateDCW, SetAbortProc, GetTextFaceW, TextOutW, StartDocW, EnumFontsW, GetStockObject, GetObjectW, GetDeviceCaps, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SetBkMode, LPtoDP, SetWindowExtEx, SetViewportExtEx, SetMapMode, SelectObject
> USER32.dll: GetClientRect, SetCursor, ReleaseDC, GetDC, DialogBoxParamW, SetActiveWindow, GetKeyboardLayout, DefWindowProcW, DestroyWindow, MessageBeep, ShowWindow, GetForegroundWindow, IsIconic, GetWindowPlacement, CharUpperW, LoadStringW, LoadAcceleratorsW, GetSystemMenu, RegisterClassExW, LoadImageW, LoadCursorW, SetWindowPlacement, CreateWindowExW, GetDesktopWindow, GetFocus, LoadIconW, SetWindowTextW, PostQuitMessage, RegisterWindowMessageW, UpdateWindow, SetScrollPos, CharLowerW, PeekMessageW, EnableWindow, DrawTextExW, CreateDialogParamW, GetWindowTextW, GetSystemMetrics, MoveWindow, InvalidateRect, WinHelpW, GetDlgCtrlID, ChildWindowFromPoint, ScreenToClient, GetCursorPos, SendDlgItemMessageW, SendMessageW, CharNextW, CheckMenuItem, CloseClipboard, IsClipboardFormatAvailable, OpenClipboard, GetMenuState, EnableMenuItem, GetSubMenu, GetMenu, MessageBoxW, SetWindowLongW, GetWindowLongW, GetDlgItem, SetFocus, SetDlgItemTextW, wsprintfW, GetDlgItemTextW, EndDialog, GetParent, UnhookWinEvent, DispatchMessageW, TranslateMessage, TranslateAcceleratorW, IsDialogMessageW, PostMessageW, GetMessageW, SetWinEventHook
( 0 exports )
ThreatExpert info: <a href='http://www.threatexpert.com/report.aspx?md5=16f769bc1d37cc14e3093b9881cf1691' target='_blank'>https://www.symantec.com?md5=16f769bc1d37cc14e3093b9881cf1691</a>
rapport usbfix:
-------------- UsbFix V2.413.8 ---------------
* User : Laurent - ACER-1F614B65C2
* Outils mis a jours le 27/12/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:13:33 le mer. 31/12/2008
* Windows Xp - Internet Explorer 6.0.2900.2180
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\expiorer.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
D: - Lecteur fixe
G: - Lecteur fixe
+- Contenu de l'autorun : C:\autorun.inf
;3jwca13KKa3dqr08Ap7sso4c5lksisDse27fJ4sdrKL4od4dww05fDaw1Zl0408laK0J9qlK7qF2rA7kp3k1LlL4
[AutoRun]
;30ilA42ko6psiAw1KefrkakXDweAi2qdSi3jlKLdlFK8SlsId0wlsfrK04L3s43qski23a8ZJ42krka7a934qsk8S7qUak3j4wKqkJ0O
open=e8kj.exe
;4ZqL3Dkwp1a2allfwKsJmDAKDws42o5w3qoea3AKs8aO1k7s39opkiKlw7aH12w2alo0DwqD05osjipLLLkjaiqKK48lCS0iqaAKkwfdK4ikAd1d2s
shell\open\Command=e8kj.exe
;rD0eskKdiw0a9aiwLdA2XlaA4dkp92Dm7Dkja84DdsiDK2ir4oa3Zjkj31wwoikfc
shell\open\Default=1
;ofais8SOsqAa4qwae3di2da3offZr2s1lDiLXd3q
shell\explore\Command=e8kj.exe
;lk8o4l3iKaAJiiaJswal0Flosw3Dwrweo3d2
+- Contenu de l'autorun : D:\autorun.inf
;3jwca13KKa3dqr08Ap7sso4c5lksisDse27fJ4sdrKL4od4dww05fDaw1Zl0408laK0J9qlK7qF2rA7kp3k1LlL4
[AutoRun]
;30ilA42ko6psiAw1KefrkakXDweAi2qdSi3jlKLdlFK8SlsId0wlsfrK04L3s43qski23a8ZJ42krka7a934qsk8S7qUak3j4wKqkJ0O
open=e8kj.exe
;4ZqL3Dkwp1a2allfwKsJmDAKDws42o5w3qoea3AKs8aO1k7s39opkiKlw7aH12w2alo0DwqD05osjipLLLkjaiqKK48lCS0iqaAKkwfdK4ikAd1d2s
shell\open\Command=e8kj.exe
;rD0eskKdiw0a9aiwLdA2XlaA4dkp92Dm7Dkja84DdsiDK2ir4oa3Zjkj31wwoikfc
shell\open\Default=1
;ofais8SOsqAa4qwae3di2da3offZr2s1lDiLXd3q
shell\explore\Command=e8kj.exe
;lk8o4l3iKaAJiiaJswal0Flosw3Dwrweo3d2
+- Contenu de l'autorun : G:\autorun.inf
;3jwca13KKa3dqr08Ap7sso4c5lksisDse27fJ4sdrKL4od4dww05fDaw1Zl0408laK0J9qlK7qF2rA7kp3k1LlL4
[AutoRun]
;30ilA42ko6psiAw1KefrkakXDweAi2qdSi3jlKLdlFK8SlsId0wlsfrK04L3s43qski23a8ZJ42krka7a934qsk8S7qUak3j4wKqkJ0O
open=e8kj.exe
;4ZqL3Dkwp1a2allfwKsJmDAKDws42o5w3qoea3AKs8aO1k7s39opkiKlw7aH12w2alo0DwqD05osjipLLLkjaiqKK48lCS0iqaAKkwfdK4ikAd1d2s
shell\open\Command=e8kj.exe
;rD0eskKdiw0a9aiwLdA2XlaA4dkp92Dm7Dkja84DdsiDK2ir4oa3Zjkj31wwoikfc
shell\open\Default=1
;ofais8SOsqAa4qwae3di2da3offZr2s1lDiLXd3q
shell\explore\Command=e8kj.exe
;lk8o4l3iKaAJiiaJswal0Flosw3Dwrweo3d2
--------------- [ Lecteur C ] ----------------
C: - Lecteur fixe
+- Listing des fichiers présents :
[19/08/2006 04:32][--a------] C:\AUTOEXEC.BAT
[19/08/2006 04:32][--a------] C:\xrdygg.bat
[08/09/2008 09:53][-r-hs----] C:\jdhc2x2.com
[08/09/2008 09:53][-r-hs----] C:\NTDETECT.COM
[08/09/2008 09:53][-r-hs----] C:\x0.com
[17/07/2006 06:04][-rahs----] C:\boot.ini
[31/12/2008 17:09][-r-hs----] C:\autorun.inf
[31/12/2008 17:14][--a------] C:\UsbFix.txt
[19/08/2006 03:44][--a------] C:\CONFIG.SYS
[19/08/2006 03:44][--a------] C:\hiberfil.sys
[19/08/2006 03:44][--a------] C:\IO.SYS
[19/08/2006 03:44][--a------] C:\MSDOS.SYS
[19/08/2006 03:44][--a------] C:\pagefile.sys
--------------- [ Lecteur D ] ----------------
D: - Lecteur fixe
+- Listing des fichiers présents :
[11/12/2008 18:13][-r-hs----] D:\xrdygg.bat
[09/12/2008 12:43][-r-hs----] D:\x0.com
[09/12/2008 12:43][-r-hs----] D:\3.com
[09/12/2008 12:43][-r-hs----] D:\jdhc2x2.com
[19/12/2008 09:02][-r-hs----] D:\2w.cmd
[31/12/2008 17:09][-r-hs----] D:\autorun.inf
--------------- [ Lecteur G ] ----------------
G: - Lecteur fixe
+- Listing des fichiers présents :
[11/12/2008 18:13][-r-hs----] G:\xrdygg.bat
[09/12/2008 12:43][-r-hs----] G:\x0.com
[11/12/2008 20:02][-rahs----] G:\MS32DLL.dll.vbs
[19/12/2008 09:02][-r-hs----] G:\2w.cmd
[11/12/2008 20:02][-rahs----] G:\MS32DLL.dll.vbs
[31/12/2008 17:09][-r-hs----] G:\autorun.inf
--------------- [ Registre / Startup ] ----------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe
LR2R=C:\PROGRA~1\Softario\Typus\Lr2rE.exe
Skype="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
igfxtray=C:\WINDOWS\system32\igfxtray.exe
igfxhkcmd=C:\WINDOWS\system32\hkcmd.exe
igfxpers=C:\WINDOWS\system32\igfxpers.exe
ehTray=C:\WINDOWS\ehome\ehtray.exe
LaunchApp=Alaunch
SkyTel=SkyTel.EXE
AzMixerSel=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
SynTPEnh=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
ADMTray.exe="C:\Acer\Empowering Technology\admtray.exe"
eDataSecurity Loader=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
BluetoothAuthenticationAgent=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
IMJPMIG8.1="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
MSPY2002=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
PHIME2002ASync=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
PHIME2002A=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
ePower_DMC=C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
Acer ePower Management=C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
LManager=C:\PROGRA~1\LAUNCH~1\LManager.exe
eRecoveryService=C:\Acer\Empowering Technology\eRecovery\Monitor.exe
LVCOMSX=C:\WINDOWS\system32\LVCOMSX.EXE
LogitechCameraAssistant=C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
LogitechVideo[inspector]=C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
LogitechCameraService(E)=C:\WINDOWS\system32\ElkCtrl.exe /automation
KernelFaultCheck=%systemroot%\system32\dumprep 0 -k
SunJavaUpdateSched="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
QuickTime Task="C:\Program Files\QuickTime\QTTask.exe" -atboottime
iTunesHelper="C:\Program Files\iTunes\iTunesHelper.exe"
AppleSyncNotifier=C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
RTHDCPL=RTHDCPL.EXE
Alcmtr=ALCMTR.EXE
avgnt="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents=
<NO NAME>=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL=
<NO NAME>=
Installed=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI=
<NO NAME>=
Installed=1
NoChange=1
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS=
<NO NAME>=
Installed=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\explore\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\Shell\open\Command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2c0a884a-9604-11dd-8779-0018de255a22}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3abffd03-af2e-11dd-877f-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4ebec042-1608-11dd-8768-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4eda6f2c-c43e-11dd-8782-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e60d94-d7db-11dc-8759-0016d462d3f3}\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e9e60d94-d7db-11dc-8759-0016d462d3f3}\Shell\open\Command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [09/12/2008 12:43][-r-hs----] C:\WINDOWS\system32\amvo0.dll
Supprimé ! - [30/12/2008 18:08][---------] C:\WINDOWS\system32\kav321.dll
Supprimé ! - [31/12/2008 15:18][-r-hs----] C:\WINDOWS\system32\vamsoft.exe
Supprimé ! - [31/12/2008 15:18][---------] C:\WINDOWS\system32\vbsdfe0.dll
C:\autorun.inf ~> fichier appelé : "C:\e8kj.exe" ( absent ! )
D:\autorun.inf ~> fichier appelé : "D:\e8kj.exe" ( absent ! )
G:\autorun.inf ~> fichier appelé : "G:\e8kj.exe" ( absent ! )
Supprimé ! - [31/12/2008 17:09][-r-hs----] C:\autorun.inf
Supprimé ! - [08/09/2008 09:53][-r-hs----] C:\jdhc2x2.com
Supprimé ! - [09/12/2008 12:43][-r-hs----] C:\x0.com
Supprimé ! - [11/12/2008 18:13][-r-hs----] C:\xrdygg.bat
Supprimé ! - [31/12/2008 17:09][-r-hs----] D:\autorun.inf
Supprimé ! - [19/12/2008 09:02][-r-hs----] D:\2w.cmd
Supprimé ! - [08/09/2008 09:53][-r-hs----] D:\jdhc2x2.com
Supprimé ! - [09/12/2008 12:43][-r-hs----] D:\x0.com
Supprimé ! - [11/12/2008 18:13][-r-hs----] D:\xrdygg.bat
Supprimé ! - [13/12/2008 17:29][-r-hs----] D:\3.com
Supprimé ! - [31/12/2008 17:09][-r-hs----] G:\autorun.inf
Supprimé ! - [19/12/2008 09:02][-r-hs----] G:\2w.cmd
Supprimé ! - [11/12/2008 20:02][-rahs----] G:\MS32DLL.dll.vbs
Supprimé ! - [09/12/2008 12:43][-r-hs----] G:\x0.com
Supprimé ! - [11/12/2008 18:13][-r-hs----] G:\xrdygg.bat
--------------- [ Resumé ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[19/08/2006 04:32][--a------] C:\AUTOEXEC.BAT
[10/08/2004 19:00][-rahs----] C:\NTDETECT.COM
[17/07/2006 06:04][-rahs----] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
rapport sdfix;
[b]SDFix: Version 1.240 /b
Run by Laurent on mer. 31/12/2008 at 17:52
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services /b:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files /b:
Trojan Files Found:
C:\Documents and Settings\Laurent\Local Settings\Temp\aax12B.tmp.exe - Deleted
C:\Documents and Settings\Laurent\Local Settings\Temp\aax66.tmp.exe - Deleted
C:\WINDOWS\expIorer.exe - Deleted
Removing Temp Files
[b]ADS Check /b:
[b]Final Check /b:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-31 18:05:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0014a4fde349]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0014a4fde349]
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000164
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services /b:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
[b]Remaining Files /b:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes /b:
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 19 Aug 2006 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Sat 19 Aug 2006 1,024 A..HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Fri 30 Aug 2002 114,688 A.SHR --- "C:\WINDOWS\system32\one2disp.dll"
Sat 29 Nov 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
[b]Finished!/b
voila déjà ca, c'est du chinois pour moi, mais je suppose que ca veut dire quelque chose :)
je pars faire la fête donc pour le scan avira, je ne l'aurai que demain :)
mais en tout cas j'ai du désactiver avira guard car il me mettait une alerte pour le meme trojan tout les 10 secondes, comme un sale pop-up, et empechait le scan de l'antivirus... enfin bon, la le scan est en cours donc croisons les doigts..
PS; merci beaucoup pour la réponse rapide!
..et voici le résultat de l'antivirus;
Avira AntiVir Personal
Report file date: mercredi 31 décembre 2008 18:16
Scanning for 1138943 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACER-1F614B65C2
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 14:58:17
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 14:58:18
ANTIVIR3.VDF : 7.1.1.57 277504 Bytes 31/12/2008 14:58:19
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 31/12/2008 14:58:26
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 31/12/2008 14:58:25
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 31/12/2008 14:58:24
AEHELP.DLL : 8.1.2.0 119159 Bytes 31/12/2008 14:58:22
AEGEN.DLL : 8.1.1.8 323956 Bytes 31/12/2008 14:58:21
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 31/12/2008 14:58:20
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 31 décembre 2008 18:16
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'admtray.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'expiorer.exe' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
66 processes with 66 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '78' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Laurent\Shared\manu chao denia.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[WARNING] The file was ignored!
C:\Documents and Settings\Laurent\Shared\marre des meufs.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49cdb084.qua'!
C:\Documents and Settings\Laurent\Shared\Soldout - For your next girlfriend.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49c7b0c6.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061637.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd6c.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061747.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd8a.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061748.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd8b.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061808.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd96.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061887.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061887.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.a worm
[NOTE] The file was moved to '498bbd9d.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061888.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061888.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.a worm
[NOTE] The file was moved to '48286a6e.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061889.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061889.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.a worm
[NOTE] The file was moved to '498bbd9e.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063258.sys
[DETECTION] Is the TR/Drop.Onlinegames2 Trojan
[NOTE] The file was moved to '498bbdc4.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063260.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a35.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063263.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdc5.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063267.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a36.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063268.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdc7.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063269.dll
[DETECTION] Contains recognition pattern of the WORM/Autorun.cob worm
[NOTE] The file was moved to '498bbdc6.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063270.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a37.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063271.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a38.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP265\A0063273.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdc9.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP265\A0063279.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdca.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063395.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd1.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063400.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a22.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063411.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498bbdd2.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063412.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a23.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063413.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd3.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063414.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd4.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063416.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a25.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063417.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd6.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063418.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd5.qua'!
C:\WINDOWS\system32\haozs0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49cac252.qua'!
C:\WINDOWS\system32\one2disp.dll
[DETECTION] Contains recognition pattern of the WORM/Autorun.cob worm
[NOTE] The file was moved to '49c0c2af.qua'!
C:\WINDOWS\system32\trz125.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49d5c2dd.qua'!
C:\WINDOWS\system32\trz5.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49d5c2de.qua'!
C:\WINDOWS\system32\trz7.tmp
[DETECTION] Contains recognition pattern of the WORM/Autorun.cob worm
[NOTE] The file was moved to '4877128f.qua'!
Begin scan in 'D:\' <ACERDATA>
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061639.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40c.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061750.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40d.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061810.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813fe.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063265.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40e.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP265\A0063275.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813ff.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063397.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40f.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063420.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813e0.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063421.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc410.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063422.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813e1.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063423.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc412.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063424.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc411.qua'!
D:\FOUND.000\FILE0000.CHK
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a7c42a.qua'!
End of the scan: mercredi 31 décembre 2008 20:11
Used time: 1:54:49 Hour(s)
The scan has been done completely.
7668 Scanning directories
328428 Files were scanned
46 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
45 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
328380 Files not concerned
8172 Archives were scanned
3 Warnings
45 Notes
Avira AntiVir Personal
Report file date: mercredi 31 décembre 2008 18:16
Scanning for 1138943 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ACER-1F614B65C2
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 24/12/2008 14:58:17
ANTIVIR2.VDF : 7.1.1.34 2048 Bytes 24/12/2008 14:58:18
ANTIVIR3.VDF : 7.1.1.57 277504 Bytes 31/12/2008 14:58:19
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 10:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 31/12/2008 14:58:26
AESCN.DLL : 8.1.1.5 123251 Bytes 07/11/2008 15:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 11/11/2008 09:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 31/12/2008 14:58:25
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 31/12/2008 14:58:24
AEHELP.DLL : 8.1.2.0 119159 Bytes 31/12/2008 14:58:22
AEGEN.DLL : 8.1.1.8 323956 Bytes 31/12/2008 14:58:21
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 31/12/2008 14:58:20
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 31/07/2008 12:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 31 décembre 2008 18:16
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned
Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'LManager.exe' - '1' Module(s) have been scanned
Scan process 'ePower_DMC.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'eDSloader.exe' - '1' Module(s) have been scanned
Scan process 'admtray.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Monitor.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RegSrvc.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehRecvr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'expiorer.exe' - '1' Module(s) have been scanned
Scan process 'admServ.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'EvtEng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
66 processes with 66 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '78' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Laurent\Shared\manu chao denia.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[WARNING] The file was ignored!
C:\Documents and Settings\Laurent\Shared\marre des meufs.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49cdb084.qua'!
C:\Documents and Settings\Laurent\Shared\Soldout - For your next girlfriend.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49c7b0c6.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061637.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd6c.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061747.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd8a.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061748.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd8b.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061808.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbd96.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061887.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061887.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.a worm
[NOTE] The file was moved to '498bbd9d.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061888.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061888.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.a worm
[NOTE] The file was moved to '48286a6e.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061889.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061889.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.a worm
[NOTE] The file was moved to '498bbd9e.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063258.sys
[DETECTION] Is the TR/Drop.Onlinegames2 Trojan
[NOTE] The file was moved to '498bbdc4.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063260.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a35.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063263.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdc5.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063267.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a36.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063268.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdc7.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063269.dll
[DETECTION] Contains recognition pattern of the WORM/Autorun.cob worm
[NOTE] The file was moved to '498bbdc6.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063270.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a37.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063271.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a38.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP265\A0063273.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdc9.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP265\A0063279.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdca.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063395.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd1.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063400.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a22.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063411.dll
[DETECTION] Is the TR/Vundo.Gen Trojan
[NOTE] The file was moved to '498bbdd2.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063412.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a23.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063413.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd3.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063414.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd4.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063416.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48286a25.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063417.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd6.qua'!
C:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063418.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bbdd5.qua'!
C:\WINDOWS\system32\haozs0.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49cac252.qua'!
C:\WINDOWS\system32\one2disp.dll
[DETECTION] Contains recognition pattern of the WORM/Autorun.cob worm
[NOTE] The file was moved to '49c0c2af.qua'!
C:\WINDOWS\system32\trz125.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49d5c2dd.qua'!
C:\WINDOWS\system32\trz5.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49d5c2de.qua'!
C:\WINDOWS\system32\trz7.tmp
[DETECTION] Contains recognition pattern of the WORM/Autorun.cob worm
[NOTE] The file was moved to '4877128f.qua'!
Begin scan in 'D:\' <ACERDATA>
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061639.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40c.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP263\A0061750.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40d.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0061810.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813fe.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP264\A0063265.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40e.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP265\A0063275.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813ff.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063397.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc40f.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063420.cmd
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813e0.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063421.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc410.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063422.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482813e1.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063423.bat
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc412.qua'!
D:\System Volume Information\_restore{FE9DB679-8B9F-4569-9471-BFCEFDF23881}\RP266\A0063424.com
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '498bc411.qua'!
D:\FOUND.000\FILE0000.CHK
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49a7c42a.qua'!
End of the scan: mercredi 31 décembre 2008 20:11
Used time: 1:54:49 Hour(s)
The scan has been done completely.
7668 Scanning directories
328428 Files were scanned
46 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
45 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
328380 Files not concerned
8172 Archives were scanned
3 Warnings
45 Notes
vire ces fichiers si encore present manuellement
C:\Documents and Settings\Laurent\Shared\manu chao denia.mp3
C:\Documents and Settings\Laurent\Shared\marre des meufs.mp3
C:\Documents and Settings\Laurent\Shared\Soldout - For your next girlfriend.mp3
________________
vire ce qui est en quarantaine dans antivir
___________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________________
mets a jour internet explorer: ici:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_________________________
remets un rapport hijakchits et dis tes soucis actuels
C:\Documents and Settings\Laurent\Shared\manu chao denia.mp3
C:\Documents and Settings\Laurent\Shared\marre des meufs.mp3
C:\Documents and Settings\Laurent\Shared\Soldout - For your next girlfriend.mp3
________________
vire ce qui est en quarantaine dans antivir
___________________
scan avec
MalwareByte's Anti-Malware après mise a jour, en mode normal et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
________________________
mets a jour internet explorer: ici:
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
_________________________
remets un rapport hijakchits et dis tes soucis actuels
