Virus
micke
-
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
jlpjlp Messages postés 52399 Statut Contributeur sécurité -
Bonjour,
j ai un virus arrivé par msn une photo, ai essayé de l'effacer, plus présente sur l'ordinateur et au redémarrage avast me retrouve 2 fichiers malveillants dual(1).jpg virus win32.agent-lw besoin de votre aide merci de votre réponse
j ai un virus arrivé par msn une photo, ai essayé de l'effacer, plus présente sur l'ordinateur et au redémarrage avast me retrouve 2 fichiers malveillants dual(1).jpg virus win32.agent-lw besoin de votre aide merci de votre réponse
A voir également:
- Virus
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Virus informatique - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Undisclosed-recipients virus - Guide
7 réponses
slt
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
----------------------
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_______________________
ensuite:
scan avec des antiespions (en mode sans échec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
----------
AVG antispyxare
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
--------------
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
________________
si ca persiste
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
----------------------
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_______________________
ensuite:
scan avec des antiespions (en mode sans échec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
----------
AVG antispyxare
https://www.01net.com/telecharger/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
--------------
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
________________
si ca persiste
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
slt
refais ca et colle les rapports cette fois pour tout,
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
----------------------
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_______________________
ensuite:
scan avec des antiespions (en mode sans échec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
----------
AVG antispyxare
https://www.01net.com/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
-------------
utilise aussi pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
___________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
http://kerio.probb.fr/tuto-Clean-h37.html
--------------
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
________________
remplace avast par antivir plus efficace:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
_______________
si ca persiste
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
refais ca et colle les rapports cette fois pour tout,
Télécharge MSNFix de Laurent
http://sosvirus.changelog.fr/MSNFix.zip
Décompresse-le et double clic sur le fichier MSNFix.bat.
- Exécute l'option R.
--Si l'infection est détectée, exécute l'option N
- Sauvegarde ce rapport puis fais un copier/coller de ce rapport sur le forum.
Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
----------------------
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
_______________________
ensuite:
scan avec des antiespions (en mode sans échec):
spybot :
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm
----------
AVG antispyxare
https://www.01net.com/
Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html
->Relance AVG AS -> "Analyse" ->"Paramètres"
Sous la question "Comment réagir ?" :
-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"
Si un fichier est infecté en fin d'analyse
->Clique sur "Appliquer toutes les actions "
->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".
->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici
-------------
utilise aussi pour supprimer tes traces
CCLEANER: (lance un nettoyage et répare erreurs) sans la barre yahoo
https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html
___________
Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.
• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
http://kerio.probb.fr/tuto-Clean-h37.html
--------------
colle le rapport d'un scan en ligne
avec un des suivants:
bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
Panda en ligne :
http://pandasoftware.fr
________________
remplace avast par antivir plus efficace:
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
_______________
si ca persiste
colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
manuel :
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html
Bonjour,
voila le rapport de mssfixMSNFix 1.540
C:\MSNFix\MSNFix
Fix exécuté le 11/10/2007 - 16:50:30,00 By Mickael CORBEAUX
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Nokia_19_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\LBTWiz.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\LBTWiz.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\GlobFXSaver.scr] BD742150206234827D5C0E51DFC8AD11
[C:\MsgPlus-363.exe] 14E418C8BB7193F01C28D7AEAC573026
[C:\MsgPlusLive-423.exe] 8C946703BD73392CB7625CFFD3E81ACD
[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\MICKAE~1\BUREAU\Upload_Me.zip [/b] sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 11102007_16562771.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
voila le rapport de mssfixMSNFix 1.540
C:\MSNFix\MSNFix
Fix exécuté le 11/10/2007 - 16:50:30,00 By Mickael CORBEAUX
mode normal
************************ Recherche les fichiers présents
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Nokia_19_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED
************************ Recherche les dossiers présents
Aucun dossier trouvé
************************ Suppression des fichiers
/!\ ... C:\WINDOWS\LBTWiz.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\WINDOWS\LBTWiz.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\WINDOWS\GlobFXSaver.scr] BD742150206234827D5C0E51DFC8AD11
[C:\MsgPlus-363.exe] 14E418C8BB7193F01C28D7AEAC573026
[C:\MsgPlusLive-423.exe] 8C946703BD73392CB7625CFFD3E81ACD
[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\MICKAE~1\BUREAU\Upload_Me.zip [/b] sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 11102007_16562771.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Bonjour,
et voila le rapport de sdfix
SDFix: Version 1.107
Run by Mickael CORBEAUX on 11/10/2007 at 17:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe"="C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe:*:Enabled:eMule"
"C:\\eMule\\emule.exe"="C:\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe"="C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\eMule\\eMule.exe"="D:\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"D:\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Digital Imaging\\bin\\hposid01.exe"="D:\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\LBTWiz.exe"="C:\\WINDOWS\\LBTWiz.exe:*:Disabled:LBTWiz"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 23 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Sep 2007 1,024 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046971.sys"
Thu 27 Sep 2007 1,024 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0047020.sys"
Mon 19 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
j attent de t nouvelle et merci encore
et voila le rapport de sdfix
SDFix: Version 1.107
Run by Mickael CORBEAUX on 11/10/2007 at 17:09
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe"="C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe:*:Enabled:eMule"
"C:\\eMule\\emule.exe"="C:\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe"="C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\eMule\\eMule.exe"="D:\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"D:\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Digital Imaging\\bin\\hposid01.exe"="D:\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\LBTWiz.exe"="C:\\WINDOWS\\LBTWiz.exe:*:Disabled:LBTWiz"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 23 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 27 Sep 2007 1,024 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046971.sys"
Thu 27 Sep 2007 1,024 A..H. --- "C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0047020.sys"
Mon 19 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
j attent de t nouvelle et merci encore
Bonjour,
AntiVir PersonalEdition Classic
Report file date: samedi 13 octobre 2007 12:02
Scanning for 878005 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MICKAEL
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:56
ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 10:01:36
ANTIVIR3.VDF : 7.0.0.83 158720 Bytes 12/10/2007 10:01:36
AVEWIN32.DLL : 7.6.0.23 2753024 Bytes 13/10/2007 10:01:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 13 octobre 2007 12:02
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'NTVDM.EXE' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'SISTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'mssysmgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '38' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Mickael CORBEAUX\Mes documents\Ma musique\dossier chaton\-FULL ALBUM- Mon Paradis. Christophe Maé (Roi Soleil)(1).zip
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[INFO] The file was moved to '47659b32.qua'!
C:\Documents and Settings\Mickael CORBEAUX\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/MICKAE~1/BUREAU/Upload_Me/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> DOCUME~1/MICKAE~1/BUREAU/Upload_Me/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '477c9b6f.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046905.EXE
[DETECTION] Contains detection pattern of the worm WORM/SdBot.403456
[INFO] The file was moved to '47409d61.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046917.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d64.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046918.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d67.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046919.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d6b.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046920.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d7d.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046921.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d81.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046922.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d92.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046923.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d99.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046924.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d9d.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046925.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046926.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] A backup was created as '47409db0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046928.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.403456
[INFO] The file was renamed to 'A0046928.exe.VIR'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP298\A0049392.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409dc9.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP298\A0049394.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409dcb.qua'!
C:\MSNFix\MSNFix\11102007_16562771.zip
[0] Archive type: ZIP
--> backup/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47419dd9.qua'!
C:\SDFix\backups_old1\backups.zip
[0] Archive type: ZIP
--> backups/eraseme_40455.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_32828.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_56286.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_80262.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_81822.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_00501.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_66824.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_20313.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_73267.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_44424.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/usnsvc.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.403456
[INFO] The file was moved to '47739e11.qua'!
Begin scan in 'D:\' <ACERDATA>
End of the scan: samedi 13 octobre 2007 12:33
Used time: 30:48 min
The scan has been done completely.
4991 Scanning directories
271536 Files were scanned
31 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
16 files were moved to quarantine
1 files were renamed
2 Files cannot be scanned
271505 Files not concerned
6947 Archives were scanned
2 Warnings
0 Notes
AntiVir PersonalEdition Classic
Report file date: samedi 13 octobre 2007 12:02
Scanning for 878005 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MICKAEL
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:16
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 13:26:56
ANTIVIR2.VDF : 7.0.0.57 446464 Bytes 07/10/2007 10:01:36
ANTIVIR3.VDF : 7.0.0.83 158720 Bytes 12/10/2007 10:01:36
AVEWIN32.DLL : 7.6.0.23 2753024 Bytes 13/10/2007 10:01:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:02
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:22
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 13 octobre 2007 12:02
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'notepad.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'hpqSTE08.exe' - '1' Module(s) have been scanned
Scan process 'NTVDM.EXE' - '1' Module(s) have been scanned
Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned
Scan process 'SISTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'mssysmgr.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
31 processes with 31 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '38' files ).
Starting the file scan:
Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Mickael CORBEAUX\Mes documents\Ma musique\dossier chaton\-FULL ALBUM- Mon Paradis. Christophe Maé (Roi Soleil)(1).zip
[0] Archive type: ZIP
--> Setup.exe
[DETECTION] Contains detection pattern of the worm WORM/P2P.Kapucen.Gen
[INFO] The file was moved to '47659b32.qua'!
C:\Documents and Settings\Mickael CORBEAUX\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/MICKAE~1/BUREAU/Upload_Me/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> DOCUME~1/MICKAE~1/BUREAU/Upload_Me/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '477c9b6f.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046905.EXE
[DETECTION] Contains detection pattern of the worm WORM/SdBot.403456
[INFO] The file was moved to '47409d61.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046917.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d64.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046918.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d67.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046919.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d6b.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046920.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d7d.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046921.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d81.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046922.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d92.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046923.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d99.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046924.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409d9d.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046925.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was deleted!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046926.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] A backup was created as '47409db0.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP294\A0046928.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.403456
[INFO] The file was renamed to 'A0046928.exe.VIR'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP298\A0049392.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409dc9.qua'!
C:\System Volume Information\_restore{EADA2B13-36AE-4518-A8C2-3D8B7D759571}\RP298\A0049394.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47409dcb.qua'!
C:\MSNFix\MSNFix\11102007_16562771.zip
[0] Archive type: ZIP
--> backup/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '47419dd9.qua'!
C:\SDFix\backups_old1\backups.zip
[0] Archive type: ZIP
--> backups/eraseme_40455.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_32828.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_56286.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_80262.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_81822.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_00501.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_66824.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_20313.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_73267.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/eraseme_44424.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backups/usnsvc.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.403456
[INFO] The file was moved to '47739e11.qua'!
Begin scan in 'D:\' <ACERDATA>
End of the scan: samedi 13 octobre 2007 12:33
Used time: 30:48 min
The scan has been done completely.
4991 Scanning directories
271536 Files were scanned
31 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
2 files were deleted
0 files were repaired
16 files were moved to quarantine
1 files were renamed
2 Files cannot be scanned
271505 Files not concerned
6947 Archives were scanned
2 Warnings
0 Notes
dans démarrer puis PANNEAU DE CONFIGURATION puis AJOUT SUPPRESSION DE PROGRAMME
cherche quelque chose comme CID et msn plus et desinstalle les si present
si tu doit réinstaller msn plus fait le sans les sponsor surtout
___________________
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\GlobFXSaver.scr
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
idem avec:
C:\MsgPlus-363.exe
C:\MsgPlusLive-423.exe
si suspects tu les vires en allant dans pposte de travail puis C...
puis fais le reste
cherche quelque chose comme CID et msn plus et desinstalle les si present
si tu doit réinstaller msn plus fait le sans les sponsor surtout
___________________
Vas sur le site https://virusscan.jotti.org/
- Clic en haut à droite sur "Parcourir", navigue dans les dossiers et sélectionne ce fichier :
C:\WINDOWS\GlobFXSaver.scr
- Clic sur submit toujours en haut à droite
- Le scan va se lancer, ça va prendre un petit instant
- En bas, tu as le résultat du scan, copie/colle le résultat complet du scan ici.
Aide : https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId662799
idem avec:
C:\MsgPlus-363.exe
C:\MsgPlusLive-423.exe
si suspects tu les vires en allant dans pposte de travail puis C...
puis fais le reste
Bonjour,
VOILA LE RAPPOR DE VIRUSJotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: GlobFXSaver.scr
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: bd742150206234827d5c0e51dfc8ad11
Packers detected: -
Bit9 reports: File not found
Scanner results
Scan taken on 11 Oct 2007 17:43:53 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Powered by
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: Otsdj_v1.75.008_FULL_crk.rar (MD5: fdc7efcda8c28f6ad6e57d4718091e6f, size: 10089484 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir TR/Crypt.XDR.Gen
ArcaVir X
Avast Win32:Trojan-gen. {UPX!}
AVG Antivirus Generic6.OIT
BitDefender Trojan.Small.AEQ
ClamAV Trojan.Downloader.Zlob-545
CPsecure X
Dr.Web Trojan.Popuper
F-Prot Antivirus security risk or a "backdoor" program
F-Secure Anti-Virus Trojan-Downloader.Win32.Zlob.bcl
Fortinet W32/Zlob.BCR!tr.dldr
Kaspersky Anti-Virus Trojan-Downloader.Win32.Zlob.bcl
NOD32 Win32/TrojanDownloader.Zlob.AMV
Norman Virus Control X
Panda Antivirus Generic
Rising Antivirus X
Sophos Antivirus Troj/Zlob-Gen
VirusBuster Trojan.DR.Zlob.Gen!Pac13
VBA32 X
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Page generated by JTPL
Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org> CAN
VOILA LE RAPPOR DE VIRUSJotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: GlobFXSaver.scr
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: bd742150206234827d5c0e51dfc8ad11
Packers detected: -
Bit9 reports: File not found
Scanner results
Scan taken on 11 Oct 2007 17:43:53 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Powered by
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: Otsdj_v1.75.008_FULL_crk.rar (MD5: fdc7efcda8c28f6ad6e57d4718091e6f, size: 10089484 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir TR/Crypt.XDR.Gen
ArcaVir X
Avast Win32:Trojan-gen. {UPX!}
AVG Antivirus Generic6.OIT
BitDefender Trojan.Small.AEQ
ClamAV Trojan.Downloader.Zlob-545
CPsecure X
Dr.Web Trojan.Popuper
F-Prot Antivirus security risk or a "backdoor" program
F-Secure Anti-Virus Trojan-Downloader.Win32.Zlob.bcl
Fortinet W32/Zlob.BCR!tr.dldr
Kaspersky Anti-Virus Trojan-Downloader.Win32.Zlob.bcl
NOD32 Win32/TrojanDownloader.Zlob.AMV
Norman Virus Control X
Panda Antivirus Generic
Rising Antivirus X
Sophos Antivirus Troj/Zlob-Gen
VirusBuster Trojan.DR.Zlob.Gen!Pac13
VBA32 X
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Page generated by JTPL
Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org> CAN
Bonjour,
VOILA LE 2EMEJotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: MsgPlus-363.exe
Status: OK
MD5: 14e418c8bb7193f01c28d7aeac573026
Packers detected: -
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 11 Oct 2007 17:51:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Powered by
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: FtpServer.exe (MD5: 7c9f5b5fb2c6797a3e41c7798dd66e23, size: 131072 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus Win32/Kenfa
BitDefender Packer.PEArmor.A
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus Mal/EncPk-U
VirusBuster X
VBA32 X
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Page generated by JTPL
Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org>
VOILA LE 2EMEJotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: MsgPlus-363.exe
Status: OK
MD5: 14e418c8bb7193f01c28d7aeac573026
Packers detected: -
Bit9 reports: No threat detected (more info)
Scanner results
Scan taken on 11 Oct 2007 17:51:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Powered by
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: FtpServer.exe (MD5: 7c9f5b5fb2c6797a3e41c7798dd66e23, size: 131072 bytes), detected by:
Scanner Malware name
A-Squared X
AntiVir X
ArcaVir X
Avast X
AVG Antivirus Win32/Kenfa
BitDefender Packer.PEArmor.A
ClamAV X
CPsecure X
Dr.Web X
F-Prot Antivirus X
F-Secure Anti-Virus X
Fortinet X
Kaspersky Anti-Virus X
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus Mal/EncPk-U
VirusBuster X
VBA32 X
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Page generated by JTPL
Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org>
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
C:\System Volume Information\_restore
ca c''est ta restauration systeme
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre) puis réactive la
_______________
recolle un rapport hijackthis
et un scan antivir
ca c''est ta restauration systeme
désactive la restauration système pour purger les virus qui seraient dedans (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis paramètre) puis réactive la
_______________
recolle un rapport hijackthis
et un scan antivir
SDFix: Version 1.107
Run by Mickael CORBEAUX on 10/10/2007 at 14:04
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Dummy:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_40455.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_32828.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_56286.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_80262.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_81822.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_00501.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_66824.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_20313.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_73267.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_44424.exe - Deleted
C:\WINDOWS\Nokia_19_jpg.zip - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
C:\WINDOWS\usnsvc.exe - Deleted
Folder C:\Program Files\Fichiers communs\Carlson - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe"="C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe:*:Enabled:eMule"
"C:\\eMule\\emule.exe"="C:\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe"="C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\eMule\\eMule.exe"="D:\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"D:\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Digital Imaging\\bin\\hposid01.exe"="D:\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\LBTWiz.exe"="C:\\WINDOWS\\LBTWiz.exe:*:Disabled:LBTWiz"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 3 Oct 2007 561,152 ..SHR --- "C:\WINDOWS\LBTWiz.exe"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 23 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 19 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
Bonjour,
SDFix: Version 1.107
Run by Mickael CORBEAUX on 10/10/2007 at 14:04
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
C:\WINDOWS\system32\Microsoft\backup.ftp Found
C:\WINDOWS\system32\Microsoft\backup.tftp Found
Checking files:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
Dummy:
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Files copied to SDFix\Backups
Restoring files if backups are found
Final Check:
Genuine:
C:\WINDOWS\system32\Microsoft\backup.ftp
C:\WINDOWS\system32\Microsoft\backup.tftp
C:\WINDOWS\system32\ftp.exe
C:\WINDOWS\system32\tftp.exe
C:\WINDOWS\system32\dllcache\ftp.exe
C:\WINDOWS\system32\dllcache\tftp.exe
Dummy:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Trojan Files Found:
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_40455.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_32828.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_56286.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_80262.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_81822.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_00501.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_66824.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_20313.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_73267.exe - Deleted
C:\DOCUME~1\MICKAE~1\LOCALS~1\Temp\eraseme_44424.exe - Deleted
C:\WINDOWS\Nokia_19_jpg.zip - Deleted
C:\WINDOWS\system32\autorun.ini - Deleted
C:\WINDOWS\system32\Microsoft\backup.ftp - Deleted
C:\WINDOWS\system32\Microsoft\backup.tftp - Deleted
C:\WINDOWS\usnsvc.exe - Deleted
Folder C:\Program Files\Fichiers communs\Carlson - Removed
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe"="C:\\Documents and Settings\\Mickael CORBEAUX\\Bureau\\emule.exe:*:Enabled:eMule"
"C:\\eMule\\emule.exe"="C:\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe"="C:\\Program Files\\AOL\\Active Virus Shield\\avp.exe:*:Enabled:Active Virus Shield"
"C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe"="C:\\Program Files\\HomePlayer1.5\\HomePlayer.exe:*:Enabled:HomePlayer"
"C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe"="C:\\Program Files\\Fichiers communs\\MAGIX Shared\\UPnPService\\UPnPService.exe:LocalSubNet:Enabled:Magix UPnP Service"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"D:\\eMule\\eMule.exe"="D:\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"D:\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"D:\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"D:\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"D:\\Digital Imaging\\bin\\hposid01.exe"="D:\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"D:\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"D:\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"D:\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"D:\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"D:\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"D:\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"D:\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\\WINDOWS\\LBTWiz.exe"="C:\\WINDOWS\\LBTWiz.exe:*:Disabled:LBTWiz"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files:
---------------
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes:
Wed 3 Oct 2007 561,152 ..SHR --- "C:\WINDOWS\LBTWiz.exe"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTICDMK7.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMPEG2.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIMP3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIFCD3.dll"
Wed 2 Nov 2005 1,024 ...HR --- "C:\WINDOWS\system32\NTIBUN4.dll"
Sat 23 Sep 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 19 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
ET VOIJotti's malware scan 2.99-TRANSITION_TO_3.00-R1
File to upload & scan:
Service
Service load: 0% 100%
File: MsgPlusLive-423.exe
Status: OK(Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: 8c946703bd73392cb7625cffd3e81acd
Packers detected: -
Bit9 reports: Not analyzed yet (more info)
Scanner results
Scan taken on 11 Oct 2007 17:57:58 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Rising Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
Powered by
Disclaimer
This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.
Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.
Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.
Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.
Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.
Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all!
--------------------------------------------------------------------------------
Statistics
Last file scanned at least one scanner reported something about: TibiaAutoSetup_1_15_0.rar (MD5: d0b59b93a709e37faae0afd67e11933b, size: 2987494 bytes), detected by:
Scanner Malware name
A-Squared Trojan-Dropper.Win32.Agent.bnk
AntiVir SPR/Ardamax.K.Gen
ArcaVir X
Avast Win32:Agent-LWO
AVG Antivirus Ardamax.LA
BitDefender Application.Keylogger.Ardamax.G
ClamAV Trojan.Dropper-2518
CPsecure Troj.Spy.W32.Ardamax.T
Dr.Web X
F-Prot Antivirus W32/Trojan.BWMD
F-Secure Anti-Virus Trojan-Spy.Win32.Ardamax.t
Fortinet X
Kaspersky Anti-Virus Trojan-Spy.Win32.Ardamax.t
NOD32 X
Norman Virus Control X
Panda Antivirus X
Rising Antivirus X
Sophos Antivirus X
VirusBuster X
VBA32 Trojan-Dropper.Win32.Agent.bnk
You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
We are not affiliated with any third parties that conduct tests using this service.
Frequently asked questions - Feedback - Privacy policy
Page generated by JTPL
Copyright © 2004-2007 Jordi Bosveld <jotti@jotti.org> LA LE 3eme
voici le rapport de clean 13/10/2007 a 11:42:23,21
*** Recherche des fichiers dans C:
*** Recherche des fichiers dans C:\WINDOWS\
*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\bdod.bin FOUND
*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\PartyGaming\" FOUND
*** Fin du rapport !
.zip