Besoin d'une analyse de rapport Hijackthis
lexlut
Messages postés
11
Statut
Membre
-
lexlut Messages postés 11 Statut Membre -
lexlut Messages postés 11 Statut Membre -
Bonjour,
Après avoir eu le virus msn "ya ta tof" je me suis retrouvé avec pleins de virus, Norton mort, des pub CID et des virus sympatiques genre : Trojan.Win32.DNSChanger.bfo , Trojan.Win32.Dialer.eg , Trojan-Clicker.JS.Linker.m ,Email-Worm.Win32.NetSky.c , Trojan.Win32.Obfuscated.en (rapport de kapaski en ligne). J'ai réussi à ne plus avoir les bugs sur msn mais pour le reste...^^"
J'ai essayé msnfix , spybot search and destroy, SDfix et easy cleaner
bref j'ai fini par utiliser hijackthis et voilà mon rapport, si quelqu'un pouvais me dire quoi supprimer ou quoi faire pour tous ces virus je lui en serai trés trés reconnaissant :)
Après avoir eu le virus msn "ya ta tof" je me suis retrouvé avec pleins de virus, Norton mort, des pub CID et des virus sympatiques genre : Trojan.Win32.DNSChanger.bfo , Trojan.Win32.Dialer.eg , Trojan-Clicker.JS.Linker.m ,Email-Worm.Win32.NetSky.c , Trojan.Win32.Obfuscated.en (rapport de kapaski en ligne). J'ai réussi à ne plus avoir les bugs sur msn mais pour le reste...^^"
J'ai essayé msnfix , spybot search and destroy, SDfix et easy cleaner
bref j'ai fini par utiliser hijackthis et voilà mon rapport, si quelqu'un pouvais me dire quoi supprimer ou quoi faire pour tous ces virus je lui en serai trés trés reconnaissant :)
A voir également:
- Besoin d'une analyse de rapport Hijackthis
- Hijackthis - Télécharger - Antivirus & Antimalwares
- Plan rapport de stage - Guide
- Nouveau tag analysé - Forum Téléphones & tablettes Android
- Analyse composant pc - Guide
- Analyse disque dur - Télécharger - Informations & Diagnostic
5 réponses
Salut !
Il est ou le rapport Hijackthis ( HJT ) ??
Poste aussi le rapport MSNFix qui doit etre enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Il est ou le rapport Hijackthis ( HJT ) ??
Poste aussi le rapport MSNFix qui doit etre enregistré dans le même dossier que MSNFix sous forme date_heure.txt
Arf javais pas vu la forme du rapport pour msnfix voila le bon...
MSNFix 1.696
C:\Documents and Settings\Alex\Bureau\MSNFix\MSNFix
Fix exécuté le 01/04/2008 - 21:32:31,31 By Alex
mode normal
************************ Recherche les fichiers présents
... C:\??????.exe
... C:\log.txt
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\system32\jywsbwr.exe
.. OK ... C:\??????.exe
.. OK ... C:\log.txt
.. OK ... C:\WINDOWS\system32\real.txt
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
.. OK ... C:\WINDOWS\system32\jywsbwr.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\fastboot.exe] 3DCDEF58ECD2D5194CCCDB49DFB8C9E4
[C:\FirstSteps.exe] 0BB3C24BD393A95F4C4A26814F14E6D8
[C:\NAV_Update.exe] 106313C27D9BD2306BC2B4CEFF78A8B0
[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Alex\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01042008_21380943.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
MSNFix 1.696
C:\Documents and Settings\Alex\Bureau\MSNFix\MSNFix
Fix exécuté le 01/04/2008 - 21:32:31,31 By Alex
mode normal
************************ Recherche les fichiers présents
... C:\??????.exe
... C:\log.txt
... C:\WINDOWS\system32\real.txt
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\system32\jywsbwr.exe
.. OK ... C:\??????.exe
.. OK ... C:\log.txt
.. OK ... C:\WINDOWS\system32\real.txt
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
Aucun Fichier trouvé
.. OK ... C:\WINDOWS\system32\jywsbwr.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\fastboot.exe] 3DCDEF58ECD2D5194CCCDB49DFB8C9E4
[C:\FirstSteps.exe] 0BB3C24BD393A95F4C4A26814F14E6D8
[C:\NAV_Update.exe] 106313C27D9BD2306BC2B4CEFF78A8B0
[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Alex\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 01042008_21380943.zip
************************ HKLM\...\Winlogon\Userinit
Userinit = C:\WINDOWS\system32\userinit.exe,
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Fix exécuté le 01/04/2008
Il date un peu ton rapport MSNFix ;-))
Tu n'as aucune protection sur ton pc ...
Télécharge AVIRA Antivir ( performant et gratuit )
Avira antivir PersonalEdition Classic
Installe ANTIVIR...
TUTO D' installation par Malekal
Tuto D'instalation et de mise en Oeuvre
Encore un au cas ou...
Reconnecte toi, fais les mises à jours Antivir... tu seras mieux protégé !
Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
Redémarre en mode sans échec !
Pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
Il date un peu ton rapport MSNFix ;-))
Tu n'as aucune protection sur ton pc ...
Télécharge AVIRA Antivir ( performant et gratuit )
Avira antivir PersonalEdition Classic
Installe ANTIVIR...
TUTO D' installation par Malekal
Tuto D'instalation et de mise en Oeuvre
Encore un au cas ou...
Reconnecte toi, fais les mises à jours Antivir... tu seras mieux protégé !
Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
Assure toi qu'Antivir est bien à jour, vérifie la date d'update.
Redémarre en mode sans échec !
Pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.
- Ouvre Antivir par le menu Démarrer / Programmes
- Cliquez sur l'onglet Scanner.
- Sélectionne Manual Selection
- Sélectionne le disque C
- Lance le scan - Mets en quarantaine tous les éléments détectés.
- Une fois le scan terminé Enregistre le rapport.
Redémarre en mode normal.
Poste le rapport ici.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Bon voilà le scan est fini et aparement il y avait 15 détection et 2 warning je crois.
Voici le rapport :
Avira AntiVir Personal
Report file date: mardi 27 mai 2008 22:39
Scanning for 1294131 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Alex
Computer name: ORDIALEX
Version information:
BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/05/2008 20:29:37
AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/05/2008 20:29:37
LUKE.DLL : 8.1.2.9 151809 Bytes 27/05/2008 20:29:40
LUKERES.DLL : 8.1.2.1 12033 Bytes 27/05/2008 20:29:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:29:42
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 20:29:43
ANTIVIR3.VDF : 7.0.4.101 262144 Bytes 27/05/2008 20:29:44
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 27/05/2008 20:29:45
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 27/05/2008 20:29:45
AESCN.DLL : 8.1.0.18 119156 Bytes 27/05/2008 20:29:45
AERDL.DLL : 8.1.0.20 418165 Bytes 27/05/2008 20:29:45
AEPACK.DLL : 8.1.1.5 364918 Bytes 27/05/2008 20:29:45
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/05/2008 20:29:45
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 27/05/2008 20:29:45
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/05/2008 20:29:45
AEGEN.DLL : 8.1.0.21 303477 Bytes 27/05/2008 20:29:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 27/05/2008 20:29:44
AECORE.DLL : 8.1.0.29 168311 Bytes 27/05/2008 20:29:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/05/2008 20:29:38
AVPREF.DLL : 8.0.0.1 25857 Bytes 27/05/2008 20:29:37
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 27/05/2008 20:29:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 27/05/2008 20:29:36
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/05/2008 20:29:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/05/2008 20:29:41
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/05/2008 20:29:41
NETNT.DLL : 8.0.0.1 7937 Bytes 27/05/2008 20:29:40
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/05/2008 20:29:32
RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/05/2008 20:29:32
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 27 mai 2008 22:39
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\' <53_03_40>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Alex\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/Alex/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> jywsbwr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> jywsbwr.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a87232.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '4880773c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '486c7746.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[DETECTION] Is the Trojan horse TR/Fakealert.EB.1
[NOTE] The file was moved to '487f7756.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '4880774a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.5
[NOTE] The file was moved to '486e774f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C
[NOTE] The file was moved to '48757769.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '486c7759.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae77f0.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\mapi four chic.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ac77e5.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\Start Amen Lies Open.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d77fc.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\bis3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48af7816.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\sta2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d7829.qua'!
C:\Documents and Settings\Martine\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae78c8.qua'!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
[WARNING] The file could not be opened!
End of the scan: mercredi 28 mai 2008 00:16
Used time: 1:37:28 min
The scan has been done completely.
11089 Scanning directories
381218 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
381203 Files not concerned
9311 Archives were scanned
2 Warnings
14 Notes
Encore merci :)
Voici le rapport :
Avira AntiVir Personal
Report file date: mardi 27 mai 2008 22:39
Scanning for 1294131 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Alex
Computer name: ORDIALEX
Version information:
BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/05/2008 20:29:37
AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/05/2008 20:29:37
LUKE.DLL : 8.1.2.9 151809 Bytes 27/05/2008 20:29:40
LUKERES.DLL : 8.1.2.1 12033 Bytes 27/05/2008 20:29:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:29:42
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 20:29:43
ANTIVIR3.VDF : 7.0.4.101 262144 Bytes 27/05/2008 20:29:44
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 27/05/2008 20:29:45
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 27/05/2008 20:29:45
AESCN.DLL : 8.1.0.18 119156 Bytes 27/05/2008 20:29:45
AERDL.DLL : 8.1.0.20 418165 Bytes 27/05/2008 20:29:45
AEPACK.DLL : 8.1.1.5 364918 Bytes 27/05/2008 20:29:45
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/05/2008 20:29:45
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 27/05/2008 20:29:45
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/05/2008 20:29:45
AEGEN.DLL : 8.1.0.21 303477 Bytes 27/05/2008 20:29:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 27/05/2008 20:29:44
AECORE.DLL : 8.1.0.29 168311 Bytes 27/05/2008 20:29:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/05/2008 20:29:38
AVPREF.DLL : 8.0.0.1 25857 Bytes 27/05/2008 20:29:37
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 27/05/2008 20:29:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 27/05/2008 20:29:36
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/05/2008 20:29:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/05/2008 20:29:41
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/05/2008 20:29:41
NETNT.DLL : 8.0.0.1 7937 Bytes 27/05/2008 20:29:40
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/05/2008 20:29:32
RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/05/2008 20:29:32
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 27 mai 2008 22:39
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\' <53_03_40>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Alex\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/Alex/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> jywsbwr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> jywsbwr.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a87232.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '4880773c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '486c7746.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[DETECTION] Is the Trojan horse TR/Fakealert.EB.1
[NOTE] The file was moved to '487f7756.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '4880774a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.5
[NOTE] The file was moved to '486e774f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C
[NOTE] The file was moved to '48757769.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '486c7759.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae77f0.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\mapi four chic.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ac77e5.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\Start Amen Lies Open.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d77fc.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\bis3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48af7816.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\sta2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d7829.qua'!
C:\Documents and Settings\Martine\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae78c8.qua'!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
[WARNING] The file could not be opened!
End of the scan: mercredi 28 mai 2008 00:16
Used time: 1:37:28 min
The scan has been done completely.
11089 Scanning directories
381218 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
381203 Files not concerned
9311 Archives were scanned
2 Warnings
14 Notes
Encore merci :)
Lorsque j'ai redémaré mon PC, une nouvelle analyse s'est déclenchée, n'osant pas l'interrompre je l'ai laissée se finir et voilà le rapport (12 détections et 2warning) . J'essaye de donner le max de renseignements^^
Avira AntiVir Personal
Report file date: mardi 27 mai 2008 22:39
Scanning for 1294131 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Alex
Computer name: ORDIALEX
Version information:
BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/05/2008 20:29:37
AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/05/2008 20:29:37
LUKE.DLL : 8.1.2.9 151809 Bytes 27/05/2008 20:29:40
LUKERES.DLL : 8.1.2.1 12033 Bytes 27/05/2008 20:29:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:29:42
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 20:29:43
ANTIVIR3.VDF : 7.0.4.101 262144 Bytes 27/05/2008 20:29:44
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 27/05/2008 20:29:45
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 27/05/2008 20:29:45
AESCN.DLL : 8.1.0.18 119156 Bytes 27/05/2008 20:29:45
AERDL.DLL : 8.1.0.20 418165 Bytes 27/05/2008 20:29:45
AEPACK.DLL : 8.1.1.5 364918 Bytes 27/05/2008 20:29:45
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/05/2008 20:29:45
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 27/05/2008 20:29:45
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/05/2008 20:29:45
AEGEN.DLL : 8.1.0.21 303477 Bytes 27/05/2008 20:29:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 27/05/2008 20:29:44
AECORE.DLL : 8.1.0.29 168311 Bytes 27/05/2008 20:29:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/05/2008 20:29:38
AVPREF.DLL : 8.0.0.1 25857 Bytes 27/05/2008 20:29:37
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 27/05/2008 20:29:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 27/05/2008 20:29:36
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/05/2008 20:29:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/05/2008 20:29:41
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/05/2008 20:29:41
NETNT.DLL : 8.0.0.1 7937 Bytes 27/05/2008 20:29:40
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/05/2008 20:29:32
RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/05/2008 20:29:32
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 27 mai 2008 22:39
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\' <53_03_40>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Alex\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/Alex/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> jywsbwr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> jywsbwr.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a87232.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '4880773c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '486c7746.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[DETECTION] Is the Trojan horse TR/Fakealert.EB.1
[NOTE] The file was moved to '487f7756.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '4880774a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.5
[NOTE] The file was moved to '486e774f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C
[NOTE] The file was moved to '48757769.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '486c7759.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae77f0.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\mapi four chic.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ac77e5.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\Start Amen Lies Open.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d77fc.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\bis3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48af7816.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\sta2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d7829.qua'!
C:\Documents and Settings\Martine\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae78c8.qua'!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
[WARNING] The file could not be opened!
End of the scan: mercredi 28 mai 2008 00:16
Used time: 1:37:28 min
The scan has been done completely.
11089 Scanning directories
381218 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
381203 Files not concerned
9311 Archives were scanned
2 Warnings
14 Notes
Avira AntiVir Personal
Report file date: mardi 27 mai 2008 22:39
Scanning for 1294131 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Alex
Computer name: ORDIALEX
Version information:
BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/05/2008 20:29:37
AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/05/2008 20:29:37
LUKE.DLL : 8.1.2.9 151809 Bytes 27/05/2008 20:29:40
LUKERES.DLL : 8.1.2.1 12033 Bytes 27/05/2008 20:29:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 20:29:42
ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 20:29:43
ANTIVIR3.VDF : 7.0.4.101 262144 Bytes 27/05/2008 20:29:44
Engineversion : 8.1.0.46
AEVDF.DLL : 8.1.0.5 102772 Bytes 27/05/2008 20:29:45
AESCRIPT.DLL : 8.1.0.33 266618 Bytes 27/05/2008 20:29:45
AESCN.DLL : 8.1.0.18 119156 Bytes 27/05/2008 20:29:45
AERDL.DLL : 8.1.0.20 418165 Bytes 27/05/2008 20:29:45
AEPACK.DLL : 8.1.1.5 364918 Bytes 27/05/2008 20:29:45
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/05/2008 20:29:45
AEHEUR.DLL : 8.1.0.29 1253750 Bytes 27/05/2008 20:29:45
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/05/2008 20:29:45
AEGEN.DLL : 8.1.0.21 303477 Bytes 27/05/2008 20:29:44
AEEMU.DLL : 8.1.0.6 430451 Bytes 27/05/2008 20:29:44
AECORE.DLL : 8.1.0.29 168311 Bytes 27/05/2008 20:29:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/05/2008 20:29:38
AVPREF.DLL : 8.0.0.1 25857 Bytes 27/05/2008 20:29:37
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 27/05/2008 20:29:37
AVARKT.DLL : 1.0.0.23 307457 Bytes 27/05/2008 20:29:36
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/05/2008 20:29:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/05/2008 20:29:41
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/05/2008 20:29:41
NETNT.DLL : 8.0.0.1 7937 Bytes 27/05/2008 20:29:40
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/05/2008 20:29:32
RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/05/2008 20:29:32
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 27 mai 2008 22:39
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '32' files ).
Starting the file scan:
Begin scan in 'C:\' <53_03_40>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Alex\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/Alex/Bureau/Upload_Me/catchme.zip
[1] Archive type: ZIP
--> jywsbwr.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
--> jywsbwr.exe.1
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '48a87232.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08D40306.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '4880773c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\090F76C5.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.1
[NOTE] The file was moved to '486c7746.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AC4064D.exe
[DETECTION] Is the Trojan horse TR/Fakealert.EB.1
[NOTE] The file was moved to '487f7756.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11D03251.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '4880774a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41222D9C.dll
[DETECTION] Contains detection pattern of the dial-up program DIAL/EDGACCESS.5
[NOTE] The file was moved to '486e774f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C9B123C.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C
[NOTE] The file was moved to '48757769.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{1B5D8194-C7DD-49E5-A5B9-411BA2E15EA7}\00000001.URM
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[NOTE] The file was moved to '486c7759.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae77f0.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\mapi four chic.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ac77e5.qua'!
C:\Documents and Settings\Léa\Application Data\Trust close\Start Amen Lies Open.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d77fc.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\bis3.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48af7816.qua'!
C:\Documents and Settings\Léa\Local Settings\Temp\sta2.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '489d7829.qua'!
C:\Documents and Settings\Martine\Application Data\Trust close\fork ace face.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was moved to '48ae78c8.qua'!
C:\WINDOWS\$NtUninstallKB828028$\msasn1.dll
[WARNING] The file could not be opened!
End of the scan: mercredi 28 mai 2008 00:16
Used time: 1:37:28 min
The scan has been done completely.
11089 Scanning directories
381218 Files were scanned
15 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
14 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
381203 Files not concerned
9311 Archives were scanned
2 Warnings
14 Notes
Voila le rapport hijckthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:20, on 27/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\itunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\rsvp.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\FICHIE~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Afficher Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\2.0\CoIEPlg.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\itunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Real camp] C:\DOCUME~1\Alex\APPLIC~1\TRUSTC~1\fork ace face.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-1241922416-2596714312-2748513820-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1241922416-2596714312-2748513820-1006\..\Run: [Real camp] C:\DOCUME~1\Alex\APPLIC~1\TRUSTC~1\fork ace face.exe (User '?')
O4 - HKUS\S-1-5-21-1241922416-2596714312-2748513820-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - https://www.systemrequirementslab.com/cyri
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {34F12AFD-E9B5-492A-85D2-40FA4535BE83} (AxProdInfoCtl Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095454082500
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} - http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{598DDF86-B6DE-4C67-A72D-BA343515E2FC}: NameServer = 81.253.149.9,80.10.246.3
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Alex/LOCALS~1/Temp/msoclip1/01/clip_image002.gif