[resolu]Demande d'aide sur mon Rapport HijackThis

[wooncat]

salut,

 

Incrist depuis hier je tiens a vous remercier des réponse que j'ai pu obtenir surtout angélique avec le faux positif d'avast qui pose de gros problème j'ai faillit tombé dans le panneau avec avast.

 

j'aimerais simplement qu'on m'aide à interpréter l'analyse de HijackThis (il est certainement surpuissant mais pas facile à décriper)... il se trouve qu'il y a six mois j'ai du commettre une bourde avec et effacer un win32 sans que cela me pose de gros soucis aujourd'hui.

 

On me demande simplement de déplacer deux fois de suite ma musique qui ne fait pas partie de la bibliothèque WMA, ou au bout d'un quart d'heure il me mets un message d'erreur de lecture mais si je ne le ferme pas Médiaplayer continue a lire facilement..., aussi quand je veux déplacer un fichier il me le demande deux fois...) je pense pas que se soit trop grave (plutôt gênant) Cependant je ne peux plus installer certain logiciel notamment les mise à jour de protection windows, et ni beaucoup d'open source.

Outlook n'est pas utilisable...

 

Je veux pas faire de boulette avec HijackThis, je crois surtout quand je démarre mon pc je lance des logiciels qui n'ont pas à se lancer.

 

merci de vos réponses claires,

 

woon

[angelique]

wooncat

 

Tu n'as pas à poster dans un sujet deja en cours , crées ton propre sujet!!!! celui ci sera deleted quand tu en auras pris connaissance.

[JLVIVI]

Avast n'est pas réactif, il bloque rien!! tu as lu le comparatif ??

http://forum.malekal.com/viewtopic.php?f=45&t=3528

 

Avast t'a protégé des saloperies que tu as choppé????? cqfd

 

 

 

Tu ne dois pas connaitre les bonnes personnes en terme de sécurité informatique, vers,virus,trojans!!!!

 

Poste les rapports demandés ;o)

 

 

OK, j'ai lu le comparatif, je suis convaincu !

Je fais les manip ce soir et te poste les rapports.

 

Merci,

Jean-Luc.

[JLVIVI]

Tu as bien bossé mais c'est pas fini , il reste 2\3 trucs à corriger

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\icogdaxj.dll
C:\WINDOWS\BM4b134963.xml
C:\WINDOWS\system32\alaslrvc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4200261-FD62-41C9-ADCB-28C2CD7ECBFB}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48207aff]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

 

• vire avast pour antivir , installe le , met à jour[patiente \o/], et réalise un scan , poste le rapport d'antivir , il va couiner sur la quarantaine de ComboFix [c:\qoobox] , quarantaine .

 

Lien de telechargement d'antivir :: http://dl1.avgate.net/down/windows/antivir...n_winu_en_h.exe

 

Pourquoi » http://forum.malekal.com/viewtopic.php?f=45&t=3528

 

tuto » http://forum.malekal.com/viewtopic.php?f=45&t=4192

 

 

Contenu du Scan ComboFix.txt:

 

ComboFix 08-06-10.5 - Jean-Luc VIGNOLI 2008-06-17 0:43:24.3 - NTFSx86

Endroit: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\ComboFix.exe

Command switches used :: C:\Documents and Settings\Jean-Luc VIGNOLI\Bureau\CFScript.txt

* Création d'un nouveau point de restauration

 

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!

 

FILE ::

C:\WINDOWS\BM4b134963.xml

C:\WINDOWS\system32\alaslrvc.dll

C:\WINDOWS\system32\icogdaxj.dll

.

 

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))

.

 

C:\Documents and Settings\Claire\err.log

C:\Documents and Settings\Etienne\err.log

C:\Documents and Settings\Etienne\ResErrors.log

C:\Documents and Settings\Invité\err.log

C:\Documents and Settings\Invité\ResErrors.log

C:\Documents and Settings\Jean-Luc VIGNOLI\err.log

C:\Documents and Settings\Jean-Luc VIGNOLI\ResErrors.log

C:\Documents and Settings\Lucie\err.log

C:\WINDOWS\BM4b134963.xml

C:\WINDOWS\Downloaded Program Files\USDR6V_0001_N19M2604NetInstaller.exe

C:\WINDOWS\system32\icogdaxj.dll

 

.

((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-05-16 to 2008-06-16 ))))))))))))))))))))))))))))))))))))

.

 

2008-06-11 23:12 . 2008-06-11 23:12 <REP> d-------- C:\Documents and Settings\Invité

2008-06-11 23:12 . <REP> C:\Documents and Settings\InvitÚ\Local Settings

2008-06-11 23:12 . <REP> C:\Documents and Settings\InvitÚ\Local Settings

2008-06-10 22:46 . 2008-06-10 22:46 <REP> d-------- C:\Documents and Settings\Claire\Application Data\ScanSoft

2008-06-10 22:43 . 2008-06-10 22:49 <REP> d-------- C:\Documents and Settings\Claire\Application Data\Canon

2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys

2008-06-10 21:07 . 2008-04-14 17:52 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

2008-06-09 22:55 . 2008-06-09 22:55 <REP> d-------- C:\Program Files\Trend Micro

2008-06-03 02:28 . 2008-06-03 02:28 364 --a------ C:\WINDOWS\system32\MRT.INI

2008-05-25 22:48 . 2008-05-25 22:48 <REP> d-------- C:\Program Files\Alwil Software

2008-05-24 01:00 . 2008-05-24 01:00 46,592 --a------ C:\Documents and Settings\Jean-Luc VIGNOLI\fopn.sys

2008-05-23 23:37 . 2008-05-23 23:37 <REP> d-------- C:\Program Files\Lavasoft

2008-05-23 23:37 . 2008-05-23 23:39 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft

2008-05-23 22:52 . 2008-06-17 00:46 1,409 --a------ C:\WINDOWS\QTFont.for

2008-05-21 02:06 . 2008-05-21 02:06 <REP> d-------- C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\TuneUp Software

2008-05-21 02:06 . 2008-05-21 02:06 354,560 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe

2008-05-21 02:06 . 2008-04-04 14:51 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll

2008-05-21 02:05 . 2008-05-25 18:21 <REP> d-------- C:\Program Files\TuneUp Utilities 2008

2008-05-21 02:05 . 2008-05-21 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2008-05-21 02:03 . 2008-05-23 23:35 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

2008-05-19 21:35 . 2008-05-19 21:36 <REP> d-------- C:\Program Files\Fichiers communs\Adobe

2008-05-19 21:21 . 2008-06-17 00:46 54,156 --ah----- C:\WINDOWS\QTFont.qfn

2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

 

.

(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))

.

2008-06-16 21:40 --------- d-----w C:\Program Files\Mozilla Thunderbird

2008-06-16 17:36 --------- d-----w C:\Program Files\IrfanView

2008-06-11 19:22 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\Canon

2008-05-25 23:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy

2008-05-25 00:25 --------- d-----w C:\Program Files\Dictionnaire

2008-05-20 23:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

2008-05-19 19:33 --------- d-----w C:\Documents and Settings\Jean-Luc VIGNOLI\Application Data\AdobeUM

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys

2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll

2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll

2008-05-03 15:42 --------- d-----w C:\Program Files\Google

2008-04-29 09:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys

2008-04-29 09:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys

2008-04-29 09:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys

2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll

2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe

2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe

2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe

2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll

2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\msjint40.dll

2008-03-25 04:51 194,144 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys

2008-03-20 08:09 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys

2006-05-29 14:40 7,296,000 ----a-w C:\Program Files\mozilla firefox\plugins\libvlc.dll

.

 

((((((((((((((((((((((((((((( snapshot@2008-06-11_23.12.17.21 )))))))))))))))))))))))))))))))))))))))))

.

- 2008-06-11 21:07:55 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-16 22:48:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat

+ 2008-06-16 22:48:54 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_73c.dat

.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

REGEDIT4

*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 07:00 15360]

"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]

"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-21 23:47 32768]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 04:10 55824 C:\WINDOWS\KHALMNPR.Exe]

"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]

"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2005-12-07 11:26 489472]

"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2005-12-07 11:33 73728]

"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 18:22 262144]

"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-20 20:24 77824]

"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 01:19 79224]

 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 07:00 15360]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]

c:\program files\fichiers communs\logitech\bluetooth\LBTWlgn.dll 2007-11-15 11:10 72208 c:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTWLgn.dll

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

 

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]

R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]

R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-05 07:00]

R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-05-21 02:06]

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

UxTuneUp

 

.

Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'

"2008-06-16 22:48:33 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"

- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe

.

**************************************************************************

 

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2008-06-17 00:49:09

Windows 5.1.2600 Service Pack 2 NTFS

 

Balayage processus cach‚s ...

 

Balayage cach‚ autostart entries ...

 

Balayage des fichiers cach‚s ...

 

Scan termin‚ avec succŠs

Les fichiers cach‚s: 0

 

**************************************************************************

.

------------------------ Other Running Processes ------------------------

.

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\Program Files\Fichiers communs\Logitech\LVMVFM\LVPrcSrv.exe

C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Hercules\WiFi Station\WiFiStation.exe

C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

C:\Program Files\Popit\PopitNG.exe

.

**************************************************************************

.

Temps d'accomplissement: 2008-06-17 0:54:12 - machine was rebooted

ComboFix-quarantined-files.txt 2008-06-16 22:54:06

ComboFix2.txt 2008-06-11 21:33:54

ComboFix3.txt 2008-06-11 21:12:41

 

Pre-Run: 77,905,838,080 octets libres

Post-Run: 77,897,347,072 octets libres

 

164 --- E O F --- 2008-06-10 21:03:23

[JLVIVI]

Tu as bien bossé mais c'est pas fini , il reste 2\3 trucs à corriger

 

• ouvre ton bloc note[executer--notepad] et copies/colles le contenu du cadre ci dessous:

 

File::
C:\WINDOWS\system32\icogdaxj.dll
C:\WINDOWS\BM4b134963.xml
C:\WINDOWS\system32\alaslrvc.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C4200261-FD62-41C9-ADCB-28C2CD7ECBFB}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\48207aff]

 

[*]Va en haut de la page et clique sur le menu"Fichier" , une liste apparait=>

[*]Choisis "Enregistrer sous" et choisis "Bureau"

[*]Dans le champs "Nom du fichier" en bas de page donne le nom suivant:CFScript en fichier .txt

[*]Clique sur le bouton "Enregistrer" à droite du champs "nom du fichier"

[*]Quitte le Bloc Notes.

[*]Fait un glisser/déposer de ce fichier CFScript.txt sur le fichier ComboFix.exe comme sur la capture

 

 

 

 

* suis les instructions

* Patiente le temps du scan.Le bureau va disparaitre à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

* Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

* Si le fichier n'apparait pas, il se trouve ici > C:\ComboFix.txt

 

• telecharge sur ton bureau:

 

- AtfCleaner --> http://www.atribune.org/ccount/click.php?id=1

 

ATF Cleaner

Double-clique ATF-Cleaner.exe afin de lancer le programme.

Sous l'onglet Main, choisis : Select All

Clique sur le bouton Empty Selected, patiente le temp du nettoyage, ok

Si tu utilises le navigateur Firefox :

Clique Firefox au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Si tu utilises le navigateur Opera :

Clique Opera au haut et choisis : Select All

Clique le bouton Empty Selected

NOTE : Si tu veux conserver tes mots de passe sauvegardés, clique No à l'invite.

Clique Exit, du menu prinicipal, afin de fermer le programme.

 

 

• vire avast pour antivir , installe le , met à jour[patiente \o/], et réalise un scan , poste le rapport d'antivir , il va couiner sur la quarantaine de ComboFix [c:\qoobox] , quarantaine .

 

Lien de telechargement d'antivir :: http://dl1.avgate.net/down/windows/antivir...n_winu_en_h.exe

 

Pourquoi » http://forum.malekal.com/viewtopic.php?f=45&t=3528

 

tuto » http://forum.malekal.com/viewtopic.php?f=45&t=4192

 

 

Rapport d'AntiVir:

 

 

 

Avira AntiVir Personal

Report file date: mardi 17 juin 2008 01:23

 

Scanning for 1337442 virus strains and unwanted programs.

 

Licensed to: Avira AntiVir PersonalEdition Classic

Serial number: 0000149996-ADJIE-0001

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Boot mode: Normally booted

Username: SYSTEM

Computer name: JEAN-LUC

 

Version information:

BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00

AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56

AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37

LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23

LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34

ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58

ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 23:17:59

ANTIVIR3.VDF : 7.0.4.204 78336 Bytes 16/06/2008 23:17:59

Engineversion : 8.1.0.55

AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21

AESCRIPT.DLL : 8.1.0.40 266618 Bytes 16/06/2008 23:18:08

AESCN.DLL : 8.1.0.21 119156 Bytes 16/06/2008 23:18:07

AERDL.DLL : 8.1.0.20 418165 Bytes 16/06/2008 23:18:07

AEPACK.DLL : 8.1.1.5 364918 Bytes 16/06/2008 23:18:06

AEOFFICE.DLL : 8.1.0.18 192890 Bytes 16/06/2008 23:18:05

AEHEUR.DLL : 8.1.0.30 1253750 Bytes 16/06/2008 23:18:04

AEHELP.DLL : 8.1.0.15 115063 Bytes 16/06/2008 23:18:02

AEGEN.DLL : 8.1.0.28 307572 Bytes 16/06/2008 23:18:02

AEEMU.DLL : 8.1.0.6 430451 Bytes 16/06/2008 23:18:01

AECORE.DLL : 8.1.0.31 168310 Bytes 16/06/2008 23:18:00

AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53

AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47

AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49

AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23

AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31

SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02

SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39

NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10

RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25

RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

 

Configuration settings for the scan:

Jobname..........................: Complete system scan

Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: on

Scan boot sector.................: on

Boot sectors.....................: C:, D:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: mardi 17 juin 2008 01:23

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'PopitNG.exe' - '1' Module(s) have been scanned

Scan process 'ZDWlan.exe' - '1' Module(s) have been scanned

Scan process 'WiFiStation.exe' - '1' Module(s) have been scanned

Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned

Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'qttask.exe' - '1' Module(s) have been scanned

Scan process 'ElkCtrl.exe' - '1' Module(s) have been scanned

Scan process 'CameraAssistant.exe' - '1' Module(s) have been scanned

Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'MediaServerService.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'aawservice.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

33 processes with 33 modules were scanned

 

Starting master boot sector scan:

Master boot sector HD0

[iNFO] No virus was found!

Master boot sector HD1

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD2

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD3

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

Master boot sector HD4

[iNFO] No virus was found!

[WARNING] Le périphérique n'est pas prêt.

 

Start scanning boot sectors:

Boot sector 'C:\'

[iNFO] No virus was found!

Boot sector 'D:\'

[iNFO] No virus was found!

 

Starting to scan the registry.

The registry was scanned ( '29' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <ACER>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f6c8.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro2.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f6d9.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro3.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f6e6.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro4.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f701.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro5.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f707.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro6.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f70f.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro7.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f718.qua'!

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinsoftwareWinAntiVirusPro9.zip

[DETECTION] Contains suspicious code GEN/PwdZIP

[NOTE] The fund was classified as suspicious.

[NOTE] The file was moved to '48c4f719.qua'!

C:\QooBox\Quarantine\C\WA6P\Quar\undzdwqa.vir

[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.7

[NOTE] The file was moved to '48bafb00.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\ajcowrxw.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48b9fafd.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\axpqeirt.exe.vir

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '48c6fb0b.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\bukxosco.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c1fb08.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\chjscycv.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.93184

[NOTE] The file was moved to '48c0fafc.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\eatocwxi.exe.vir

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '48cafaf5.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\egeueeer.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.107520

[NOTE] The file was moved to '48bbfafb.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\eggbhbup.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48bdfafc.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\egpcyfim.exe.vir

[DETECTION] Is the Trojan horse TR/PrivacySet.A

[NOTE] The file was moved to '48c6fafc.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\ewppmsgh.exe.vir

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '48c6fb0c.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\fkscfoar.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c9fb00.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\gjclywtr.exe.vir

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '48b9fb00.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\gnbjccun.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48b8fb04.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\hlkimssy.exe.vir

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '48c1fb02.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\icogdaxj.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c5fafa.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\jkngmraf.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.108544.3

[NOTE] The file was moved to '48c4fb02.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\jwxwsdxi.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48cefb0f.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\kkyefodu.exe.vir

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '48cffb03.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\lwgdivda.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.106496.1

[NOTE] The file was moved to '48bdfb0f.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\mmtmshuc.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48cafb06.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\nmxhtmmx.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48cefb06.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\qctiaoae.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.104448.2

[NOTE] The file was moved to '48cafafc.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\syvocias.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48ccfb13.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\tcdoswyc.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48bafafd.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\tnrjfagq.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c8fb08.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\tsntpalx.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c4fb0e.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\vndfkojv.exe.vir

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '48bafb09.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\wvyjfiw.exe.vir

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[NOTE] The file was moved to '48cffb11.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\yclejsuu.dll.vir

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c2faff.qua'!

C:\QooBox\Quarantine\C\WINDOWS\system32\yxbrklbx.dll.vir

[DETECTION] Is the Trojan horse TR/Mondera.108544

[NOTE] The file was moved to '48b8fb14.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP298\A0063044.exe

[DETECTION] Is the Trojan horse TR/Dropper.Gen

[NOTE] The file was moved to '4886fadf.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP325\A0064915.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886faff.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP327\A0065070.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb03.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP327\A0065109.exe

[DETECTION] Is the Trojan horse TR/FakeAV.14

[NOTE] The file was moved to '4886fb05.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP327\A0065189.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb07.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP330\A0065419.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb0d.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP331\A0065477.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb10.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065580.exe

[DETECTION] Is the Trojan horse TR/FakeAV.14

[NOTE] The file was moved to '4886fb12.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065690.exe

[DETECTION] Is the Trojan horse TR/Fakealert.FB.14

[NOTE] The file was moved to '4886fb16.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065718.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb18.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065739.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1d91.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0065740.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb1a.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP332\A0066867.dll

[DETECTION] Is the Trojan horse TR/Vundo.enl.1

[NOTE] The file was moved to '4886fb1b.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP334\A0067351.dll

[DETECTION] Is the Trojan horse TR/Mondera.97280.2

[NOTE] The file was moved to '4886fb24.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067610.exe

[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen

[NOTE] The file was moved to '4886fb2c.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067611.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1da5.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067612.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '4886fb2e.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067613.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb2d.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067615.dll

[DETECTION] Is the Trojan horse TR/Mondera.93184

[NOTE] The file was moved to '493d1da6.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067616.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '4886fb2f.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067617.dll

[DETECTION] Is the Trojan horse TR/Mondera.107520

[NOTE] The file was moved to '493d1db8.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067618.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1da7.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067619.exe

[DETECTION] Is the Trojan horse TR/PrivacySet.A

[NOTE] The file was moved to '4886fb20.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067620.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '493d1da9.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067621.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb31.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067622.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '493d1dba.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067623.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb33.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067624.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '493d1dbc.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067625.dll

[DETECTION] Is the Trojan horse TR/Mondera.108544.3

[NOTE] The file was moved to '4886fb30.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067626.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1db9.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067627.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '4886fb32.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067628.dll

[DETECTION] Is the Trojan horse TR/Mondera.106496.1

[NOTE] The file was moved to '493d1dbb.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067629.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb35.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067631.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1dbe.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067632.dll

[DETECTION] Is the Trojan horse TR/Mondera.104448.2

[NOTE] The file was moved to '4886fb37.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067633.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1db0.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067634.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb34.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067635.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1dbd.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067636.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb36.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067637.exe

[DETECTION] Is the Trojan horse TR/Lowzones.SG

[NOTE] The file was moved to '4886fb39.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067638.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '493d1db2.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP336\A0067639.dll

[DETECTION] Is the Trojan horse TR/Mondera.108544

[NOTE] The file was moved to '4886fb3b.qua'!

C:\System Volume Information\_restore{6C3CAB59-F87E-46DF-A7BC-F3653627E50C}\RP339\A0067921.dll

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '4886fb3c.qua'!

C:\WINDOWS\system32\eosfrg.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c9fc51.qua'!

C:\WINDOWS\system32\nnyobp.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48cffc61.qua'!

C:\WINDOWS\system32\vekldohj.exe

[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen

[NOTE] The file was moved to '48c1fc65.qua'!

Begin scan in 'D:\' <ACERDATA>

 

 

End of the scan: mardi 17 juin 2008 01:51

Used time: 28:20 min

 

The scan has been done completely.

 

6964 Scanning directories

227536 Files were scanned

76 viruses and/or unwanted programs were found

8 Files were classified as suspicious:

0 files were deleted

0 files were repaired

84 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

227460 Files not concerned

7325 Archives were scanned

6 Warnings

84 Notes

[angelique]

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide la:

 

ComboFix /u

 

=patiente le temps de la desinstallation

 

supprime si toujours exinstant c:\qoobox , c:\bug , c:\combofix

 

• vide la quarantaine d'antivir

 

• reposte un nouveau rapport HijackThis pour verification que tout est ok , ton pc doit aller mieux n'est ce pas??

[JLVIVI]

• desinstalle ComboFix en copiant_collant la ligne ci dessous dans executer et valide la:

 

ComboFix /u

 

=patiente le temps de la desinstallation

 

supprime si toujours exinstant c:\qoobox , c:\bug , c:\combofix

 

• vide la quarantaine d'antivir

 

• reposte un nouveau rapport HijackThis pour verification que tout est ok , ton pc doit aller mieux n'est ce pas??

 

 

Bonjour,

 

Voici mon rapport HijackThis après avoir fait ce que tu m'as demandé ci-dessus:

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 00:32:14, on 18/06/2008

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16674)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\LVCOMSX.EXE

C:\Program Files\Logitech\Video\CameraAssistant.exe

C:\WINDOWS\system32\ElkCtrl.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe

C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE

O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE

O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe

O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect

O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: PopitNG.lnk = C:\Program Files\Popit\PopitNG.exe

O4 - Global Startup: WiFi Station.lnk = ?

O4 - Global Startup: Wireless 802.11g USB Adapter.lnk = C:\Program Files\Wireless 802.11g USB Adapter\ZDWlan.exe

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Ouvrir l'image dans &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~2\Office\1036\phdintl.dll/phdContext.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\Yahoo!\Common\yhexbmesfr.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_uni_dd_final.cab

O18 - Protocol: offline-8876480 - {2AD13338-F38C-450F-8775-EC89DE4D4D90} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\Acer\Acer eConsole\MediaServerService.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe

O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Fichiers communs\Logitech\Bluetooth\LBTServ.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

 

--

End of file - 8247 bytes

 

 

C'est sûr que mon PC va beaucoup mieux !! Merci beaucoup. J'arrive sans problème à ouvrir Yahoo! Mail, et je surfe très rapidement sur Internet.

 

Une petite question s'il-te-plaît:

Quand j'ai lancé mon PC ce soir, j'ai vu apparaître un Popup "Avira AntiVir", mais ensuite il a disparu et je n'avais pas dans les icônes de la barre des tâches le "parapluie rouge", contrairement à hier soir. Est-ce normal ? AntiVir est-il bien lancé ?

 

Dis-moi bien si cette fois-ci mon PC est bien nettoyé de toute cochonnerie...

A bientôt, et encore merci pour tout,

 

Jean-Luc.

[JLVIVI]

Angélique,

Il me reste encore un truc un peu pénible sur mon PC, qui se produisait déjà avant toutes nos manip et qui continue toujours: c'est l'apparition du popup ci-dessous à chaque ouverture de session:

 

Windows - Pas de disque

Exception Processing Message c0000013 Parameters 75afbf9c 4 75afbf9c 75afbf9c

 

Et je dois cliquer 8 fois de suite sur "Annuler" ou "Continuer" pour que le popup disparaisse.

[angelique]

•

Quand j'ai lancé mon PC ce soir, j'ai vu apparaître un Popup "Avira AntiVir", mais ensuite il a disparu et je n'avais pas dans les icônes de la barre des tâches le "parapluie rouge", contrairement à hier soir. Est-ce normal ? AntiVir est-il bien lancé ?

 

Tu dois avoir ces 3 processus dans ton gestionnaire de tache [executer--- taskmgr ], ce qui prouve le bon fonctionnement d'antivir

 

avguard.exe

avgnt.exe

sched.exe

 

• relance HijackThis " do a system scan only" , coche les lignes ci dessous et clic fixchecked:

 

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab

 

===> clic fixchecked

 

supprime la sauvegarde d'HijackThis : C:\Program Files\Trend Micro\HijackThis\backups

 

•

Il me reste encore un truc un peu pénible sur mon PC, qui se produisait déjà avant toutes nos manip et qui continue toujours: c'est l'apparition du popup ci-dessous à chaque ouverture de session:

 

Windows - Pas de disque

Exception Processing Message c0000013 Parameters 75afbf9c 4 75afbf9c 75afbf9c

 

Et je dois cliquer 8 fois de suite sur "Annuler" ou "Continuer" pour que le popup disparaisse.

 

c'est apparemment dû à une mise à jour de Microsoft ou à quicktime(je te l'ai fais supprimer au boot du pc,donc tu verras au prochain reboot), ou à une mauvaise reconnaissance d'une lettre de lecteur (diskette, carte SD...), certains disent de desactiver le lecteur diskette dans le gestionnaire de peripherique.

 

Sinon ton pc est propre.

[JLVIVI]

•

 

Tu dois avoir ces 3 processus dans ton gestionnaire de tache [executer--- taskmgr ], ce qui prouve le bon fonctionnement d'antivir

 

avguard.exe

avgnt.exe

sched.exe

 

• relance HijackThis " do a system scan only" , coche les lignes ci dessous et clic fixchecked:

 

O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://cdn.downloadcontrol.com/files/insta...eInstall_fr.cab

 

===> clic fixchecked

 

supprime la sauvegarde d'HijackThis : C:\Program Files\Trend Micro\HijackThis\backups

 

•

 

c'est apparemment dû à une mise à jour de Microsoft ou à quicktime(je te l'ai fais supprimer au boot du pc,donc tu verras au prochain reboot), ou à une mauvaise reconnaissance d'une lettre de lecteur (diskette, carte SD...), certains disent de desactiver le lecteur diskette dans le gestionnaire de peripherique.

 

Sinon ton pc est propre.

 

 

Bonsoir Angélique,

 

ça y est, c'est tout bon, tu es vraiment géniale !!

 

Depuis que j'ai supprimé Quicktime du boot du PC comme tu me l'as indiqué ci-dessus, je n'ai plus le popup Windows.

Et AntiVir se charge bien à chaque démarrage de mon PC avec le parapluie rouge dans la zone des tâches actives. J'ai aussi vérifié que les 3 processus .exe que tu m'as indiqués tournent bien.

 

Encore merci beaucoup pour tout et @+.