Sujet Précédent Sujet Suivant

Pb Erreur chasseur

Résolu
sukky -  
Le sioux Messages postés 4907 Statut Contributeur sécurité -
Bonjour,
j'ai actuellement des problemes avec mon ordi.
- A chaque ouverture de mon ordi, j'ai une fenêtre qui s'affiche concernant "Erreur chasseur"
- J'ai des pbs avec des certificats de sécurité.
Je peux joindre un rapport Hijackthis
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 09:35:52, on 05/02/2002
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Gantet\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: CIEIntegrator Object - {D3B4C621-6024-410B-9F0F-22CBD6981F5E} - C:\Program Files\VirusGarde\Addons\popupg.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Firewall service (FWSvc) - WinSoftware, Ltd. - C:\Program Files\WinAntiVirus Pro 2006\FWSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

43 réponses

Précédent
Réponse 21 / 43
sukky
 
Bonsoir,
Tu trouveras ci-joint le rapport d'Antivir.
cordialement

AntiVir PersonalEdition Classic
Report file date: dimanche 2 décembre 2007 21:17

Scanning for 994689 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Gantet
Computer name: GANTET-HE4BQIIY

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 19:54:01
ANTIVIR2.VDF : 7.0.1.170 311296 Bytes 28/12/2007 19:54:01
ANTIVIR3.VDF : 7.0.1.173 4608 Bytes 28/12/2007 19:54:01
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 02/12/2007 19:54:01
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 02/12/2007 19:54:01
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: G:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: dimanche 2 décembre 2007 21:17

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
15 processes with 15 modules were scanned

Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '24' files ).

Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\SmitfraudFix.zip
[0] Archive type: ZIP
--> SmitfraudFix/Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
--> SmitfraudFix/restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47bc1361.qua'!
C:\Documents and Settings\Damaris\Application Data\winantispyware2006freeinstall_fr[1].exe
[DETECTION] Contains detection pattern of the SPR/Dldr.WinFixer.O.69 program
[INFO] The file was moved to '47c117ae.qua'!
C:\Documents and Settings\Gantet\Application Data\install_fr[1].exe
[DETECTION] Contains detection pattern of the SPR/Dldr.WinFixer.Z.2 program
[INFO] The file was moved to '47c61860.qua'!
C:\Documents and Settings\Gantet\Application Data\setup_fr[1].exe
[DETECTION] Contains detection pattern of the SPR/Dldr.WinFixer.Z.27 program
[INFO] The file was moved to '47c71859.qua'!
C:\Documents and Settings\Gantet\Bureau\SmitfraudFix\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47b519cb.qua'!
C:\Documents and Settings\Gantet\Bureau\SmitfraudFix\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47c619cf.qua'!
C:\Documents and Settings\Gantet\Mes documents\SpywareSecure_trial_setup.exe
[DETECTION] Is the Trojan horse TR/FakeAV.15.B
[INFO] The file was moved to '47cc1b4d.qua'!
C:\Documents and Settings\Gantet\Mes documents\WinAntiVirusPro2006FreeInstall_fr.exe
[DETECTION] Contains detection pattern of the SPR/Dldr.WinFixer.O.12 program
[INFO] The file was moved to '47c11b4b.qua'!
C:\Documents and Settings\Gantet\Mes documents\Smitfraud\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47b51b51.qua'!
C:\Documents and Settings\Gantet\Mes documents\Smitfraud\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47c61b53.qua'!
C:\Program Files\Fichiers communs\ErrorSafe\PCheck.dll
[DETECTION] Contains detection pattern of the SPR/SafeErr.A.6 program
[INFO] The file was moved to '47bb22b4.qua'!
C:\SmitfraudFix\Reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] The file was moved to '47b5273c.qua'!
C:\SmitfraudFix\restart.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Hardoff.A program
[INFO] The file was moved to '47c6273e.qua'!
C:\WINDOWS\Downloaded Program Files\1001 Sex and more.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '478327c8.qua'!
C:\WINDOWS\Downloaded Program Files\3D Studio Max 6 3dsmax.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '477327df.qua'!
C:\WINDOWS\Downloaded Program Files\ACDSee 10.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '479727e0.qua'!
C:\WINDOWS\Downloaded Program Files\Adobe Photoshop 10 crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22804.qua'!
C:\WINDOWS\Downloaded Program Files\Adobe Photoshop 10 full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22807.qua'!
C:\WINDOWS\Downloaded Program Files\Altkins Diet.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72812.qua'!
C:\WINDOWS\Downloaded Program Files\American Idol.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82816.qua'!
C:\WINDOWS\Downloaded Program Files\Arnold Schwarzenegger.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c1281e.qua'!
C:\WINDOWS\Downloaded Program Files\Best Matrix Screensaver new.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c62814.qua'!
C:\WINDOWS\Downloaded Program Files\Britney sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2824.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears and Eminem porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2827.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2829.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears cumshot.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc282c.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears fuck.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc282f.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears full album.mp3.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2832.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2835.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2838.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc283b.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc283e.qua'!
C:\WINDOWS\Downloaded Program Files\Britney Spears.mp3.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2840.qua'!
C:\WINDOWS\Downloaded Program Files\Clone DVD 6.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c2283d.qua'!
C:\WINDOWS\Downloaded Program Files\Cloning.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22841.qua'!
C:\WINDOWS\Downloaded Program Files\Cracks & Warez Archiv.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b4284a.qua'!
C:\WINDOWS\Downloaded Program Files\Dark Angels new.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c5283c.qua'!
C:\WINDOWS\Downloaded Program Files\Dictionary English 2004 - France.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62848.qua'!
C:\WINDOWS\Downloaded Program Files\DivX 8.0 final.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c9284b.qua'!
C:\WINDOWS\Downloaded Program Files\Doom 3 release 2.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22854.qua'!
C:\WINDOWS\Downloaded Program Files\E-Book Archive2.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47952818.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc285c.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem full album.mp3.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc285f.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem Poster.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2861.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2864.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2867.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc286a.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc286d.qua'!
C:\WINDOWS\Downloaded Program Files\Eminem.mp3.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2870.qua'!
C:\WINDOWS\Downloaded Program Files\Full album all.mp3.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bf287a.qua'!
C:\WINDOWS\Downloaded Program Files\Gimp 1.8 Full with Key.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c02871.qua'!
C:\WINDOWS\Downloaded Program Files\Harry Potter 1-6 book.txt.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c5286c.qua'!
C:\WINDOWS\Downloaded Program Files\Harry Potter 5.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c5286f.qua'!
C:\WINDOWS\Downloaded Program Files\Harry Potter all e.book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52871.qua'!
C:\WINDOWS\Downloaded Program Files\Harry Potter e book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52874.qua'!
C:\WINDOWS\Downloaded Program Files\Harry Potter game.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52877.qua'!
C:\WINDOWS\Downloaded Program Files\Harry Potter.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c5287a.qua'!
C:\WINDOWS\Downloaded Program Files\How to hack new.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ca288b.qua'!
C:\WINDOWS\Downloaded Program Files\Internet Explorer 9 setup.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c7288e.qua'!
C:\WINDOWS\Downloaded Program Files\Kazaa Lite 4.0 new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd2883.qua'!
C:\WINDOWS\Downloaded Program Files\Kazaa new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd2886.qua'!
C:\WINDOWS\Downloaded Program Files\Keygen 4 all new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cc288d.qua'!
C:\WINDOWS\Downloaded Program Files\Learn Programming 2004.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42890.qua'!
C:\WINDOWS\Downloaded Program Files\Lightwave 9 Update.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2896.qua'!
C:\WINDOWS\Downloaded Program Files\Magix Video Deluxe 5 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2892.qua'!
C:\WINDOWS\Downloaded Program Files\Matrix.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72895.qua'!
C:\WINDOWS\Downloaded Program Files\Microsoft Office 2003 Crack best.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b628a0.qua'!
C:\WINDOWS\Downloaded Program Files\Microsoft WinXP Crack full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b628a2.qua'!
C:\WINDOWS\Downloaded Program Files\MS Service Pack 6.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '4773288f.qua'!
C:\WINDOWS\Downloaded Program Files\netsky source code.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c728a4.qua'!
C:\WINDOWS\Downloaded Program Files\Norton Antivirus 2005 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c528b1.qua'!
C:\WINDOWS\Downloaded Program Files\Opera 11.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b828b4.qua'!
C:\WINDOWS\Downloaded Program Files\Partitionsmagic 10 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c528a8.qua'!
C:\WINDOWS\Downloaded Program Files\Porno Screensaver britney.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c528b8.qua'!
C:\WINDOWS\Downloaded Program Files\RFC compilation.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47962893.qua'!
C:\WINDOWS\Downloaded Program Files\Ringtones.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128b8.qua'!
C:\WINDOWS\Downloaded Program Files\Ringtones.mp3.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128bb.qua'!
C:\WINDOWS\Downloaded Program Files\Saddam Hussein.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b728b6.qua'!
C:\WINDOWS\Downloaded Program Files\Screensaver2.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c528bb.qua'!
C:\WINDOWS\Downloaded Program Files\Serials edition.txt.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c528bf.qua'!
C:\WINDOWS\Downloaded Program Files\Smashing the stack full.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b428ca.qua'!
C:\WINDOWS\Downloaded Program Files\Star Office 9.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b428d4.qua'!
C:\WINDOWS\Downloaded Program Files\Teen Porn 15.jpg.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b828c8.qua'!
C:\WINDOWS\Downloaded Program Files\The Sims 4 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b828ce.qua'!
C:\WINDOWS\Downloaded Program Files\Ulead Keygen 2004.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b828d5.qua'!
C:\WINDOWS\Downloaded Program Files\Visual Studio Net Crack all.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c628d5.qua'!
C:\WINDOWS\Downloaded Program Files\Win Longhorn re.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128d8.qua'!
C:\WINDOWS\Downloaded Program Files\WinAmp 13 full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128db.qua'!
C:\WINDOWS\Downloaded Program Files\Windows 2000 Sourcecode.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128de.qua'!
C:\WINDOWS\Downloaded Program Files\Windows 2003 crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128e0.qua'!
C:\WINDOWS\Downloaded Program Files\Windows XP crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128e3.qua'!
C:\WINDOWS\Downloaded Program Files\WinXP eBook newest.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c128e5.qua'!
C:\WINDOWS\Downloaded Program Files\XXX hardcore pics.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ab28d7.qua'!
C:\WINDOWS\PCHealth\UploadLB\1001 Sex and more.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47832967.qua'!
C:\WINDOWS\PCHealth\UploadLB\3D Studio Max 6 3dsmax.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '4773297f.qua'!
C:\WINDOWS\PCHealth\UploadLB\ACDSee 10.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47972981.qua'!
C:\WINDOWS\PCHealth\UploadLB\Adobe Photoshop 10 crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c229a4.qua'!
C:\WINDOWS\PCHealth\UploadLB\Adobe Photoshop 10 full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c229a6.qua'!
C:\WINDOWS\PCHealth\UploadLB\Adobe Premiere 10.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c229a9.qua'!
C:\WINDOWS\PCHealth\UploadLB\Ahead Nero 8.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b829af.qua'!
C:\WINDOWS\PCHealth\UploadLB\Altkins Diet.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c729b6.qua'!
C:\WINDOWS\PCHealth\UploadLB\American Idol.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b829b9.qua'!
C:\WINDOWS\PCHealth\UploadLB\Arnold Schwarzenegger.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c129c1.qua'!
C:\WINDOWS\PCHealth\UploadLB\Best Matrix Screensaver new.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c629b6.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29c6.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears and Eminem porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29c8.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29ca.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears cumshot.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29cd.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears fuck.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29cf.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29d1.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29d4.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29d6.qua'!
C:\WINDOWS\PCHealth\UploadLB\Britney Spears.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29d8.qua'!
C:\WINDOWS\PCHealth\UploadLB\Clone DVD 6.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c229d3.qua'!
C:\WINDOWS\PCHealth\UploadLB\Cloning.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c229d5.qua'!
C:\WINDOWS\PCHealth\UploadLB\Cracks & Warez Archiv.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b429dd.qua'!
C:\WINDOWS\PCHealth\UploadLB\Dark Angels new.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c529ce.qua'!
C:\WINDOWS\PCHealth\UploadLB\Dictionary English 2004 - France.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b629d9.qua'!
C:\WINDOWS\PCHealth\UploadLB\DivX 8.0 final.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c929db.qua'!
C:\WINDOWS\PCHealth\UploadLB\Doom 3 release 2.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c229e4.qua'!
C:\WINDOWS\PCHealth\UploadLB\E-Book Archive2.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '479529a5.qua'!
C:\WINDOWS\PCHealth\UploadLB\Eminem blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29e7.qua'!
C:\WINDOWS\PCHealth\UploadLB\Eminem Poster.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29e9.qua'!
C:\WINDOWS\PCHealth\UploadLB\Eminem sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29eb.qua'!
C:\WINDOWS\PCHealth\UploadLB\Eminem Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29ed.qua'!
C:\WINDOWS\PCHealth\UploadLB\Eminem Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29ef.qua'!
C:\WINDOWS\PCHealth\UploadLB\Eminem Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc29f1.qua'!
C:\WINDOWS\PCHealth\UploadLB\Full album all.mp3.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bf29fb.qua'!
C:\WINDOWS\PCHealth\UploadLB\Gimp 1.8 Full with Key.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c029f1.qua'!
C:\WINDOWS\PCHealth\UploadLB\Harry Potter 1-6 book.txt.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c529eb.qua'!
C:\WINDOWS\PCHealth\UploadLB\Harry Potter 5.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c529ee.qua'!
C:\WINDOWS\PCHealth\UploadLB\Harry Potter all e.book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c529f0.qua'!
C:\WINDOWS\PCHealth\UploadLB\Harry Potter e book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c529f2.qua'!
C:\WINDOWS\PCHealth\UploadLB\Harry Potter game.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c529f5.qua'!
C:\WINDOWS\PCHealth\UploadLB\Harry Potter.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c529f6.qua'!
C:\WINDOWS\PCHealth\UploadLB\How to hack new.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ca2a06.qua'!
C:\WINDOWS\PCHealth\UploadLB\Internet Explorer 9 setup.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72a07.qua'!
C:\WINDOWS\PCHealth\UploadLB\Kazaa Lite 4.0 new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd29fd.qua'!
C:\WINDOWS\PCHealth\UploadLB\Kazaa new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd29ff.qua'!
C:\WINDOWS\PCHealth\UploadLB\Keygen 4 all new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cc2a05.qua'!
C:\WINDOWS\PCHealth\UploadLB\Learn Programming 2004.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42a07.qua'!
C:\WINDOWS\PCHealth\UploadLB\Lightwave 9 Update.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2a0d.qua'!
C:\WINDOWS\PCHealth\UploadLB\Magix Video Deluxe 5 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2a07.qua'!
C:\WINDOWS\PCHealth\UploadLB\Matrix.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72a09.qua'!
C:\WINDOWS\PCHealth\UploadLB\Microsoft Office 2003 Crack best.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62a13.qua'!
C:\WINDOWS\PCHealth\UploadLB\Microsoft WinXP Crack full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62a15.qua'!
C:\WINDOWS\PCHealth\UploadLB\MS Service Pack 6.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47732a01.qua'!
C:\WINDOWS\PCHealth\UploadLB\netsky source code.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72a15.qua'!
C:\WINDOWS\PCHealth\UploadLB\Opera 11.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82a23.qua'!
C:\WINDOWS\PCHealth\UploadLB\Partitionsmagic 10 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52a16.qua'!
C:\WINDOWS\PCHealth\UploadLB\Porno Screensaver britney.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52a26.qua'!
C:\WINDOWS\PCHealth\UploadLB\RFC compilation.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47962a00.qua'!
C:\WINDOWS\PCHealth\UploadLB\Ringtones.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a26.qua'!
C:\WINDOWS\PCHealth\UploadLB\Ringtones.mp3.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a28.qua'!
C:\WINDOWS\PCHealth\UploadLB\Saddam Hussein.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b72a22.qua'!
C:\WINDOWS\PCHealth\UploadLB\Screensaver2.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52a27.qua'!
C:\WINDOWS\PCHealth\UploadLB\Serials edition.txt.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52a2b.qua'!
C:\WINDOWS\PCHealth\UploadLB\Smashing the stack full.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42a35.qua'!
C:\WINDOWS\PCHealth\UploadLB\Star Office 9.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42a3e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Teen Porn 15.jpg.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82a31.qua'!
C:\WINDOWS\PCHealth\UploadLB\The Sims 4 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82a36.qua'!
C:\WINDOWS\PCHealth\UploadLB\Ulead Keygen 2004.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82a3c.qua'!
C:\WINDOWS\PCHealth\UploadLB\Visual Studio Net Crack all.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c62a3b.qua'!
C:\WINDOWS\PCHealth\UploadLB\Win Longhorn re.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a3e.qua'!
C:\WINDOWS\PCHealth\UploadLB\WinAmp 13 full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a40.qua'!
C:\WINDOWS\PCHealth\UploadLB\Windows 2000 Sourcecode.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a43.qua'!
C:\WINDOWS\PCHealth\UploadLB\Windows 2003 crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a45.qua'!
C:\WINDOWS\PCHealth\UploadLB\Windows XP crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a47.qua'!
C:\WINDOWS\PCHealth\UploadLB\WinXP eBook newest.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a49.qua'!
C:\WINDOWS\PCHealth\UploadLB\XXX hardcore pics.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ab2a3a.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\1001 Sex and more.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47832a15.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\3D Studio Max 6 3dsmax.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47732a2b.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\ACDSee 10.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47972a2c.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Adobe Photoshop 10 crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22a50.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Adobe Photoshop 10 full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22a51.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Adobe Premiere 10.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22a54.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Ahead Nero 8.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82a5a.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Altkins Diet.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72a61.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\American Idol.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82a65.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Arnold Schwarzenegger.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12a6e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Best Matrix Screensaver new.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c62a65.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a75.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears and Eminem porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a78.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a79.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears cumshot.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a7c.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears fuck.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a7e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a81.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a83.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a86.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Britney Spears.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a88.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Clone DVD 6.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22a85.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Cloning.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22a88.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Cracks & Warez Archiv.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42a90.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Dark Angels new.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52a82.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Dictionary English 2004 - France.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62a8c.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\DivX 8.0 final.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c92a8e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Doom 3 release 2.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22a96.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\E-Book Archive2.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47952a59.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Eminem blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a9b.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Eminem Poster.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a9d.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Eminem sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2a9f.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Eminem Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2aa1.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Eminem Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2aa4.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Eminem Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2aa6.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Gimp 1.8 Full with Key.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c02aa4.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Harry Potter 1-6 book.txt.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52a9e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Harry Potter 5.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52aa1.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Harry Potter all e.book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52aa3.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Harry Potter e book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52aa6.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Harry Potter game.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52aa8.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Harry Potter.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52aaa.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\How to hack new.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ca2aba.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Internet Explorer 9 setup.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72abb.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Kazaa Lite 4.0 new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd2ab0.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Kazaa new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd2ab2.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Keygen 4 all new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cc2ab8.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Learn Programming 2004.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42aba.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Lightwave 9 Update.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2ac0.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Magix Video Deluxe 5 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2aba.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Matrix.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72abd.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Microsoft Office 2003 Crack best.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62ac7.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Microsoft WinXP Crack full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62aca.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\MS Service Pack 6.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47732ab6.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\netsky source code.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72aca.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Opera 11.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82ad7.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Partitionsmagic 10 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52acb.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Porno Screensaver britney.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52adb.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\RFC compilation.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47962ab5.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Ringtones.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12ada.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Saddam Hussein.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b72ad4.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Screensaver2.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52ad8.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Serials edition.txt.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52add.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Smashing the stack full.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42ae7.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Star Office 9.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42af0.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Teen Porn 15.jpg.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82ae3.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\The Sims 4 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82ae8.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Ulead Keygen 2004.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82aee.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Visual Studio Net Crack all.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c62aed.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Win Longhorn re.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12aef.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\WinAmp 13 full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12af2.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Windows 2000 Sourcecode.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12af4.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Windows 2003 crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12af5.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\Windows XP crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12af7.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\WinXP eBook newest.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12afa.qua'!
C:\WINDOWS\PCHealth\UploadLB\Binaries\XXX hardcore pics.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ab2aec.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\1001 Sex and more.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47832ac7.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\3D Studio Max 6 3dsmax.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47732add.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\ACDSee 10.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47972ade.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Adobe Photoshop 10 crack.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22b01.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Adobe Photoshop 10 full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22b03.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Adobe Premiere 10.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22b05.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Ahead Nero 8.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82b0c.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Altkins Diet.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72b12.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\American Idol.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b82b15.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Arnold Schwarzenegger.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c12b1d.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Best Matrix Screensaver new.scr
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c62b11.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b21.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears and Eminem porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b23.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b26.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears cumshot.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b28.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears fuck.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b2b.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b2e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b31.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b33.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Britney Spears.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b35.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Clone DVD 6.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22b30.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Cloning.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22b33.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Cracks & Warez Archiv.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42b3b.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Dark Angels new.pif
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52b2c.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Dictionary English 2004 - France.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62b37.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\DivX 8.0 final.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c92b38.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Doom 3 release 2.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c22b42.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\E-Book Archive2.rtf.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47952b02.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Eminem blowjob.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b44.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Eminem Poster.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b46.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Eminem sex xxx.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b4a.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Eminem Sexy archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b4e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Eminem Song text archive.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b4f.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Eminem Spears porn.jpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47bc2b51.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Gimp 1.8 Full with Key.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c02b50.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Harry Potter 1-6 book.txt.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52b4a.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Harry Potter 5.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52b4d.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Harry Potter all e.book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52b50.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Harry Potter e book.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52b54.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Harry Potter game.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52b56.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Harry Potter.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c52b58.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\How to hack new.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ca2b68.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Internet Explorer 9 setup.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72b69.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Kazaa Lite 4.0 new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd2b5e.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Kazaa new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cd2b60.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Keygen 4 all new.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47cc2b66.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Learn Programming 2004.doc.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b42b68.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Lightwave 9 Update.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2b6f.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Magix Video Deluxe 5 beta.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47ba2b69.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Matrix.mpg.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47c72b6b.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Microsoft Office 2003 Crack best.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO] The file was moved to '47b62b76.qua'!
C:\WINDOWS\PCHealth\UploadLB\Config\Microsoft WinXP Crack full.exe
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AP
[INFO]
0
Réponse 22 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonsoir Sukky

Ba, on aura pas fait cela pour rien lol quel ménage !

Par contre tu n'as pas tout réglé comme demandé Search for rootkits..............: off ...

On va tout d'abord Vider la quarantaine d'Antivir :

* Clique droit sur Antivir dans la barre des taches (en bas a droite) puis "Start Antivir", clique sur l'onglet "Quarantine", clique sur une des lignes des détections qui y sont présentes puis ctrl-a afin de sélectionner l'ensemble du contenu de la quarantaine puis clique sur le symbole poubelle, une fenêtre va s'ouvrir "Are you sure you want to delete the selected object(s) from quarantine". Confirme la suppression par oui.

Cela aurait été bien de re-scanner en mode normal avec la fonction rootkit on...

On continu le nettoyage, on en voit le bout :

Bon, on approfondit le nettoyage, encore un peu de courage , on en voit le bout ;)

Je te conseille d'enregistrer la page en sélectionnant toutes les lignes puis de copier cette sélection dans un fichier texte sur ton PC pour pouvoir appliquer la procédure correctement.
(Note: tu n'auras pas accès à Internet à partir du moment ou te redémarreras en mode sans échec)
Il faut exécuter toutes les étapes, sans interruption, dans l'ordre exact indiqué ci-dessous.
Si un élément te paraît obscur, demande des explications avant de commencer la désinfection

1) Telecharge

-- CCleaner
https://www.ccleaner.com/ccleaner/download
Choisi de préférence la version SLIM-No Toolbar.
Installe-le en prenant soin de décocher les diverses options dont la barre Yahoo et la mise à jour.
Lance CCleaner puis Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures".
Pour les autres paramètres, laisse-le avec ses réglages par défaut.
Ferme le programme pour l’instant.

--la version d'essai d'AVG Anti-Spyware 7.5 depuis http://www.grisoft.com/doc/downloads-products/ww/crp/0?prd=triasw
Installe la puis...Lancer AVG Anti-Spyware.
Clique sur le menu Mise à jour.
Dans le paragraphe Mise à jour manuelle, cliquer sur le bouton Commencer la mise à jour.
Attends la fin de cette mise à jour puis ferme le programme.
Ne pas lancer d'analyse maintenant

2) Redémarre en mode sans échec

Regarde ici si besoin avant ici : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Lance AVG Anti-Spyware 7.5

--Réglages

Clique sur le menu Analyse (de la barre d'outils).
Clique sur l'onglet Paramètres.
Dans Comment réagir? clique sur Actions recommandées et choisir Quarantaine.
Dans Comment faire l'analyse ? et dans Programmes potentiellement dangereux, vérifier que toutes les cases soient cochées.
Dans Rapports cocher "générer un rapport après chaque analyse"

-- Scan
Dans l'onglet Analyse
Clique sur Analyse complète du système.
Important : Ne pas ouvrir de fenêtre, ne pas lancer de programme pendant l'exécution de AVG Anti-Spyware, car cela pourrait interférer avec le processus de recherche.
Cliquer sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.(C:\Programfiles\AVG Antispyware 7.5\Reports)
Ensuite
Très important : A la fin de l'analyse, clique sur " Appliquer toutes les actions"

Puis ferme AVG Anti-Spyware.

4) Suppression de fichiers inutiles avec CCleaner

Lance CCleaner en double-cliquant sur son raccourci sur le bureau.
Puis dans le menu Nettoyeur
Clique sur Analyse (laisser travailler cela peut durer longtemps la 1ere fois)
Clique sur le bouton Lancer le nettoyage.
Clique une seconde fois sur le bouton Lancer le nettoyage puis ferme CCleaner.

5) Rapports

Fais redémarrer le PC en mode normal puis poste en réponse :
* Un nouveau rapport HijackThis
* Le rapport d AVG antispyware 7.5 situé ici C:\Programfiles\AVG Antispyware 7.5\Reports
* Le rapport de Cleanzip qui se trouve ici C:\rapport_clean.txt

Bon courage

@+
0
Réponse 23 / 43
sukky
 
Bonsoir,

Je pense avoir exécuté correctement les instructions, mais :
- Je n'ai pas de rapport d'AVG antispyware : le bouton était grisé.
- Je n'ai pas non plus de rapport de Cleanzip.
- Le rapport de hijacthis est ci-dessous
merci de ton aide

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:54, on 05/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
0
Réponse 24 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonsoir Sukky

Vide la quarantaine d'AVG Antispyware et profites en pour regarder ce qui s'y trouves et dis moi ce que tu y as vu.

* Double-clique sur le raccourci d'AVG Antispyware 7.5 présent sur ton Bureau afin de le lancer, puis clique sur "Infections", clique sur "Tout sélectionner" puis sur "Supprimer définitivement".
Ferme AVG Antispyware.

Comment se porte le PC ?

@ suivre.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 43
sukky
 
La quarantaine d'AVG Antispyware a été vidée.

De mémoir, j'avais 4 ou 5 infections de risque moyen.
Hier soir après t'avoir écrit, j'ai eu une multitude de fenêtres qui se sont ouvertes les unes derrière les autres à toute vitesse.
Je crains d'avoir fait l'objet d'une nouvelle attaque.

Le PC n'est pas encore tout à fait OK
Lorsque j'ouvre ma boite mail sur la poste.net, j'ai toujours l'anomalie : " le certificat de ce site web présente un problème"
j'ai aussi des "mises à jour Java update disponibles"
A part ça, j'ai d'autres problèmes de connexion internet, mais je ne sais pas si tu pourras m'aider...

Merci en tout cas pour tout ce que tu as fait jusque là

Cordialement

Sukky
0
Réponse 26 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonjour Suky

On va voir ce que l'on peut faire, mais pense aussi a m'envoyer
le rapport d'OTMoveIt situé dans C:\_OTMoveIt\MovedFiles (contenu du fichier C:\_OTMoveIt\MovedFiles\********_******.log - les *** sont des chiffres représentant la date et l'heure) demandé poste 18.

Puis :

Navilog d'Il Mafioso option1

Télécharge Navilog1 depuis-ce lien :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau .

Au menu principal, Fais le choix 1
Laisse toi guider et patiente.
Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuies sur une touche le bloc note va s'ouvrir.

--> Copie-colle l'intégralité du rapport dans une réponse.

Referme le bloc note.

Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.

@ suivre
0
Réponse 27 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Après manip message 26 exécutée, a faire également :

Vide la quarantaine d'Antivir

* Clique droit sur Antivir dans la barre des taches (en bas a droite) puis "Start Antivir", clique sur l'onglet "Quarantine", clique sur une des lignes des détections qui y sont présentes puis ctrl-a afin de sélectionner l'ensemble du contenu de la quarantaine puis clique sur le symbole poubelle, une fenêtre va s'ouvrir "Are you sure you want to delete the selected object(s) from quarantine". Confirme la suppression par oui.
Ferme Antivir.

@ +
0
Réponse 28 / 43
sukky
 
Lorsque j'essaie d'installer navilog1.exe , j'ai l'anomalie "a virus or unwanted programm was found "SPR / Tool.Reboot.C " qui apparaît.
Je ne peux pas ni le "delete", ni "deny", ni...

Rapport d'OT Movelt :
C:\Program Files\Fichiers communs\ErreurChasseur\strpmon.exe moved successfully.

Created on 05/02/2002 14:18:03

La quarantaine d'Antivir est vidée
0
Réponse 29 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Oups, C'est vrai qu'Antivir n'aime pas Navilog1, Méa culpa

J'ai oublié de te demander de désactiver Antivir via clique droit dans la barre des taches et en décochant Antivir Guard enable pendant l'exécution de navilog1

Pense a le réactivé une fois le rapport généré.

@ +
0
Réponse 30 / 43
sukky
 
Rapport Navilog :

Search Navipromo version 3.3.8 commencé le 06/01/2007 à 8:50:00,31

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\WINDOWS ***

*** Recherche dossiers dans C:\Program Files ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Recherche dossiers dans "C:\Documents and Settings\Gantet\application data" ***

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\hqeoaplvcb.dat
C:\WINDOWS\system32\hqeoaplvcb.exe

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans "C:\Documents and Settings\Gantet\local settings\application data" *

*** Recherche fichiers ***

C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :

2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

wyonhoizi.dat trouvé !
wyonhoizi_nav.dat trouvé !
hznlrh.exe trouvé !
wyonhoizi.exe trouvé !

* Dans "C:\Documents and Settings\Gantet\local settings\application data" :

3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :

*** Analyse terminée le 06/01/2007 à 9:04:11,59 ***
0
Réponse 31 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Tu es infecté par Navipromo, on va t'en débarrasser :

Navilog1 option2

Double clique sur le raccourci Navilog1 présent sur ton bureau

Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais le toi même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le bloc note va s'ouvrir.
Sauvegarde le rapport sur ton bureau de manière à le retrouver.
Referme le bloc note. Ton bureau va réapparaître

PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Cliques en haut à gauche sur fichiers et choisis "exécuter"
Tapes explorer et valides. Cela te fera apparaître ton bureau

--> Poste le rapport de Navilog1 en réponse ainsi qu un nouvel HijackThis et dis moi si tu constates des améliorations.

@ suivre
0
Réponse 32 / 43
sukky
 
Clean Navipromo version 3.3.8 commencé le 06/01/2007 à 9:20:54,54

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 11.12.2007 à 18h00 par IL-MAFIOSO

Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique

*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\hqeoaplvcb.dat réalisée avec succès !
Copie C:\WINDOWS\system32\hqeoaplvcb.exe réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\hqeoaplvcb.dat supprimé !
C:\WINDOWS\system32\hqeoaplvcb.exe supprimé !

** 2ème passage avec résultats Catchme **

* Dans C:\WINDOWS\system32 *

C:\WINDOWS\prefetch\hqeoaplvcb*.pf trouvé !
Copie C:\WINDOWS\prefetch\hqeoaplvcb*.pf réalisée avec succès !
C:\WINDOWS\prefetch\hqeoaplvcb*.pf supprimé !

* Dans "C:\Documents and Settings\Gantet\local settings\application data" *

*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

* Suppression dans "C:\Documents and Settings\Gantet\local settings\application data" *

*** Suppression dossiers dans C:\WINDOWS ***

*** Suppression dossiers dans C:\Program Files ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***

*** Suppression dossiers dans "C:\Documents and Settings\Gantet\application data" ***

*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***

*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Gantet\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :

* Dans C:\WINDOWS\system32 *

wyonhoizi.dat trouvé !
Copie wyonhoizi.dat réalisée avec succès !
wyonhoizi.dat supprimé !

wyonhoizi_nav.dat trouvé !
Copie wyonhoizi_nav.dat réalisée avec succès !
wyonhoizi_nav.dat supprimé !

hznlrh.exe trouvé !
Copie hznlrh.exe réalisée avec succès !
hznlrh.exe supprimé !

wyonhoizi.exe trouvé !
Copie wyonhoizi.exe réalisée avec succès !
wyonhoizi.exe supprimé !

wyonhoizi_navps.dat trouvé !
Copie wyonhoizi_navps.dat réalisée avec succès !
wyonhoizi_navps.dat supprimé !

C:\WINDOWS\prefetch\wyonhoizi*.pf trouvé !
Copie C:\WINDOWS\prefetch\wyonhoizi*.pf réalisée avec succès !
C:\WINDOWS\prefetch\wyonhoizi*.pf supprimé !

* Dans "C:\Documents and Settings\Gantet\local settings\application data" *

*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok

*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 06/01/2007 à 9:25:00,09 ***

Rapport Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29:59, on 06/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\AstSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.boursorama.com/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\AstSrv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MATLAB Server (matlabserver) - Unknown owner - C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
0
Réponse 33 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Tu as oublié de me répondre a cela :

et dis moi si tu constates des améliorations. terminé plus de pubs intempestives ce coup^la ;)

Supprime Navilog1 du PC

- Via Démarrer / Paramètres / Panneau de config puis Ajout/suppression des programmes , navigue jusqu'a Navilog1 puis clique sur "Supprimer"

Supprime également le dossier C:\Program Files\Navilog1

Remarques :

A noter que l adware Navipromo/ magic control s installe avec
* Instant access
* Go-astro
* GoRecord
* HotTVPlayer
* MailSkinner
* Messenger Skinner
* Instant Access
* InternetGameBox
* Sudoplanet
*WebMediaplayer (ne provenant pas du site : http://www.azertysite.new.fr/qui est sain)

Et aussi en surfant sur le site www.games-desktop.com (n'y allez pas)

@ suivre.
0
Réponse 34 / 43
sukky
 
La navigation est beaucoup plus rapide. Merci beaucoup !!!
J'ai néammoins encore un pb de certificat de sécurité sur la Poste.net.
Peux tu le résoudre STP
Merci

Sukky
0
Réponse 35 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Ok, c est cool ;)

Ferme Internet Explorer (s il était ouvert) puis Démarrer/panneau de configuration/options Internet
- onglet "Contenu" puis onglet "Certificats" et si tu trouves ceci, en particulier dans "éditeurs approuvés", mais regarde ailleurs :
electronic-group
egroup
Montorgueil
VIP
"Sunny Day Design Ltd"
Tu les supprimes.

@ suivre.
0
Réponse 36 / 43
sukky
 
j'ai effectivement supprimé :
Montorgueil
"Sunny Day Design Ltd"

Mais j'ai toujours un pb de certificat de sécurité sur la Poste.net.

Cordialement

Sukky
0
Réponse 37 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Re

Ok, bien joué, par co,tre pour la poste, je ne vois pas, il faudra peut etre recréer un sujet sur Windows pour cela, une fois que l'on aura fini tous les 2 :

1) ToolsCleaner de A.Rothstein

On va supprimer toutes les traces des logiciels que nous avons utilisés qui traitent des infections spécifiques et ceci grâce a ToolsCleaner de A.Rothstein

Télécharge le http://pagesperso-orange.fr/AceRothstein/ToolsCleaner2.exe sur ton Bureau.
* Double-clique sur ToolsCleaner2.bat et laisse le travailler
* Clique sur Recherche et laisse le scan se terminer.
* Clique sur Suppression pour finaliser.
* Tu peux, si tu le souhaites, te servir des Options facultatives.
* Clique sur Quitter, pour que le rapport puisse se créer.

--> Poste moi Le rapport de ToolsCleaner ( qui se trouve à la racine de ton disque dur (C:\TCleaner.txt )

2) Scan en ligne chez Bitdefender

* Fais un scan antivirus en ligne https://www.bitdefender.fr/ avec IE et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

Aide toi de ce Tuto (merci Morgane) http://pageperso.aol.fr/loraline60/bitdefender_scan.htm

Poste en réponse le rapport de scan qui se trouve ici C:\windows\bdoscan8\scanres.txt ou scanres.html</gras>

@ suivre car il restera des conseils de sécurité a appliquer.
0
Réponse 38 / 43
sukky
 
-->- Recherche:

C:\OtMoveIt.exe: trouvé !
C:\HJTInstall.exe: trouvé !
C:\SmitFraudfix: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\Gantet\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\Gantet\Bureau\SmitFraudfix: trouvé !
C:\Documents and Settings\Gantet\Bureau\SmitfraudFix\SmitFraudfix: trouvé !
C:\Documents and Settings\Gantet\Mes documents\Smitfraud\SmitFraudfix: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !
C:\RECYCLER\S-1-5-21-602162358-583907252-725345543-1004\Dc2\SmitFraudfix: trouvé !

---------------------------------
-->- Suppression:

C:\OtMoveIt.exe: supprimé !
C:\HJTInstall.exe: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\Gantet\Bureau\HijackThis.lnk: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\SmitFraudfix: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\Gantet\Bureau\SmitFraudfix: supprimé !
C:\Documents and Settings\Gantet\Mes documents\Smitfraud\SmitFraudfix: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !
C:\RECYCLER\S-1-5-21-602162358-583907252-725345543-1004\Dc2\SmitFraudfix: supprimé !

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Sat, Jan 06, 2007 - 13:08:04

--------------------------------------------------------------------------------

Info d'analyse

Fichiers scannés
272923

Infectés Fichiers
0

Virus Détectés

Aucun virus trouvé.

--------------------------------------------------------------------------------

Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
0
Réponse 39 / 43
sukky
 
BitDefender Online Scanner

Rapport d'analyse généré à: __CRT_DATETIME__

Voie d'analyse: __SCANPATH__

Statistiques

Temps
__TIME__

Fichiers
__FILES__

Directoires
__FOLDERS__

Secteurs de boot
__BOOTS__

Archives
__ARCHIVES__

Paquets programmes
__PACKED__

Résultats

Virus identifiés
__VIRUSES__

Fichiers infectés
__INFFILES__

Fichiers suspects
__SUSFILES__

Avertissements
__WARNINGS__

Désinfectés
__DISINFECTED__

Fichiers effacés
__DELETED__

Info sur les moteurs

Définition virus
__VIRUSDEFS__

Version des moteurs
__ENGBUILD__

Analyse des plugins
__SCANPLUGINS__

Archive des plugins
__ARCHPLUGINS__

Unpack des plugins
__UNPACKPLUGINS__

E-mail plugins
__EMAILPLUGINS__

Système plugins
__SYSPLUGINS__

Paramètres d'analyse

Première action
__FIRSTACT__

Seconde Action
__SECACT__

Heuristique
__HEURISTICS__

Acceptez les avertissements
__ENABLEWARNINGS__

Extensions analysées
__EXT__

Excludez les extensions
__EXCLUDEEXT__

Analyse d'emails
__SCANEMAILS__

Analyse des Archives
__SCANARCHIVES__

Analyser paquets programmes
__SCANPACKED__

Analyse des fichiers
__SCANFILES__

Analyse de boot
__SCANBOOT__

Fichier analysé
Statut

__SINGLEFILE__
0
Réponse 40 / 43
Le sioux Messages postés 4907 Statut Contributeur sécurité 496
 
Bonsoir Suky

C'est tout bon, il restera des conseils de sécurité a appliquer.

Je te donne cela dans un prochain poste.

@ suivre.
0

Discussions similaires

Erreur 3005 sur France TV
Cambodgil -
JeanPierre -

6 réponses
Problème streaming France 2
95 indomptable -
robmat2005 -

1 réponse
Erreur Upes 1025
ejb971 -
MPMP10 -

1 réponse
Comment supprimer un contact
Lilou -
Lilou -

2 réponses
Erreur de lecture sur iptv smarters
Bogs -
bazfile -

1 réponse