Pb virus ou/et trojan [MSN]
Marty1024
Messages postés
4
Statut
Membre
-
rivitna -
rivitna -
Bonjour,
J'ai un souci qui me prend la tête depuis le début de la journée suite à l'ouverture de msn messenger où depuis mon pc est infecté de toute part et je ne sais plus comment faire sachant que je ne sais pas interpréter le rapport MSNFix et Hijackthis. Du coup, si je ne trouve pas d'aide, je crains devoir en venir au formatage pur et simple du disque mais franchement j'espère ne pas avoir à le faire :-S
Je remercie toute personne qui viendrait à mon secour ;-)
Voici le rapport MSNFix :
MSNFix 1.571
C:\MSNFix
Fix exécuté le 10/11/2007 - 16:31:16.98 By Bullet-Teath
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\PROGRA~1\Insider\Insider.exe
... C:\3d3t4t8n7l.exe
... C:\er-1-1148.exe
... C:\or-1-1148.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\ccSvcHst.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\Nokia_19_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\Dance_dec_jpg.zip is INFECTED
[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\Insider\
... C:\PROGRA~1\WinAble\
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
/!\ ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\er-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
.. OK ... C:\WINDOWS\LBTWiz.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\er-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Program Files\Fichiers communs\Carlson\
/!\ ... C:\PROGRA~1\Insider\
.. OK ... C:\PROGRA~1\WinAble\
.. OK ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\ir-1-1148.exe] 15D7688E41BB73AA73F32CBE7B3B9FF9
[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\BULLET~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10112007_163657.71.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Et voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:55, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
J'ai un souci qui me prend la tête depuis le début de la journée suite à l'ouverture de msn messenger où depuis mon pc est infecté de toute part et je ne sais plus comment faire sachant que je ne sais pas interpréter le rapport MSNFix et Hijackthis. Du coup, si je ne trouve pas d'aide, je crains devoir en venir au formatage pur et simple du disque mais franchement j'espère ne pas avoir à le faire :-S
Je remercie toute personne qui viendrait à mon secour ;-)
Voici le rapport MSNFix :
MSNFix 1.571
C:\MSNFix
Fix exécuté le 10/11/2007 - 16:31:16.98 By Bullet-Teath
mode normal
************************ Recherche les fichiers présents
... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
... C:\Program Files\Fichiers communs\Carlson\carlton
... C:\PROGRA~1\Insider\Insider.exe
... C:\3d3t4t8n7l.exe
... C:\er-1-1148.exe
... C:\or-1-1148.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\ccSvcHst.exe
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\LBTWiz.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\Nokia_19_jpg.zip
... C:\WINDOWS\system32\microsoft\backup.ftp
... C:\WINDOWS\system32\microsoft\backup.tftp
... C:\WINDOWS\Dance_dec_jpg.zip
... C:\WINDOWS\Nokia_19_jpg.zip
************************ MSNCHK ***** /!\ beta test /!\
[!] C:\WINDOWS\Dance_dec_jpg.zip is INFECTED
[!] C:\WINDOWS\Nokia_19_jpg.zip is INFECTED
************************ Recherche les dossiers présents
... C:\Program Files\Fichiers communs\Carlson\
... C:\PROGRA~1\Insider\
... C:\PROGRA~1\WinAble\
... C:\Temp\
************************ Suppression des fichiers
.. OK ... C:\DOCUME~1\ALLUSE~1\MENUDM~1\carlton
.. OK ... C:\Program Files\Fichiers communs\Carlson\carlton
/!\ ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\er-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
.. OK ... C:\WINDOWS\LBTWiz.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
.. OK ... C:\WINDOWS\system32\microsoft\backup.ftp
.. OK ... C:\WINDOWS\system32\microsoft\backup.tftp
.. OK ... C:\er-1-1148.exe
.. OK ... C:\or-1-1148.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\3d3t4t8n7l.exe
.. OK ... C:\WINDOWS\Dance_dec_jpg.zip
.. OK ... C:\WINDOWS\Nokia_19_jpg.zip
************************ Suppression des dossiers
.. OK ... C:\Program Files\Fichiers communs\Carlson\
/!\ ... C:\PROGRA~1\Insider\
.. OK ... C:\PROGRA~1\WinAble\
.. OK ... C:\Temp\
************************ Nettoyage du registre
Les fichiers encore présents seront supprimés au prochain redémarrage
************************ Suppression des fichiers
.. OK ... C:\PROGRA~1\Insider\Insider.exe
.. OK ... C:\WINDOWS\ccSvcHst.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
************************ Fichiers suspects
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention
[C:\ir-1-1148.exe] 15D7688E41BB73AA73F32CBE7B3B9FF9
[color=#FF0000][b]==>[/b][/color] SVP merci d'envoyer le fichier [b] C:\DOCUME~1\BULLET~1\Bureau\Upload_Me.zip [/b] sur http://upload.changelog.fr
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 10112007_163657.71.zip
------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------
--------------------------------------------- END ---------------------------------------------
Et voici le rapport Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:46:55, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
A voir également:
- Pb virus ou/et trojan [MSN]
- Virus mcafee - Accueil - Piratage
- Telecharger msn - Télécharger - Messagerie
- Msn messenger - Télécharger - Messagerie
- Softonic virus ✓ - Forum Virus
- Virus facebook demande d'amis - Accueil - Facebook
6 réponses
Bonjour,
essayez le scanner Dr.Web gratuit:
https://free.drweb.com/
Il est compatible Norton et Avast qui sont deja installes.
Faites d'abord le scan express, ensuite - le scan complet.
Vous avez un peu trop d'antivirus sur votre PC, a mon avis.
Bon courage!
essayez le scanner Dr.Web gratuit:
https://free.drweb.com/
Il est compatible Norton et Avast qui sont deja installes.
Faites d'abord le scan express, ensuite - le scan complet.
Vous avez un peu trop d'antivirus sur votre PC, a mon avis.
Bon courage!
Heu... Pour tout vous dire j'ai déjà désinstallé norton et avast pour les remplaver par Antivir qui est en ce moment meme en cours de scan.
Voili, voilou ;-)
Voili, voilou ;-)
Alors! Le rapport Hijackit n'est plus correcte:)
Bon scan avec Antivir!
Essayez toujours CureIt! de Dr.Web - il a un outil antirootkit qui peut etre tres efficace.
Bon scan avec Antivir!
Essayez toujours CureIt! de Dr.Web - il a un outil antirootkit qui peut etre tres efficace.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici le rapport d'Antivir après un scan complet :
AntiVir PersonalEdition Classic
Report file date: samedi 10 novembre 2007 18:25
Scanning for 923375 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MARTY
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 05/11/2007 17:22:59
ANTIVIR3.VDF : 7.0.0.197 104960 Bytes 09/11/2007 17:22:59
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 10/11/2007 17:22:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 10 novembre 2007 18:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'GBTray.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NOPDB.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'NPROTECT.EXE' - '1' Module(s) have been scanned
Scan process 'GHOSTS~2.EXE' - '1' Module(s) have been scanned
Scan process 'GBPoll.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '26' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4762ea06.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07907116.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.JZ
[INFO] The file was moved to '476eea75.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08F21711.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Stration.C.6
[INFO] The file was moved to '477bea79.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15AC2E6C.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '4776ea79.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E3782E.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '477aea7b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15FE4812.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '477bea80.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\162115EA.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '4767ea81.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16383BD1.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.L
[INFO] The file was moved to '4768ea82.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164239C6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4769ea82.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164C37BB.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.H1
[INFO] The file was moved to '4769ea83.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\165635B1.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.H1
[INFO] The file was moved to '476aea83.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16635DA2.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Small.DBX
[INFO] The file was moved to '476bea84.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\166D5B98.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Small.DBX
[INFO] The file was moved to '46eb6fb5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1683017E.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.J
[INFO] The file was moved to '476dea84.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16B47748.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.J
[INFO] The file was moved to '4777ea85.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171662DD.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4766ea86.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17207238.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4767ea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17345CBC.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4768ea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\174104AE.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4769ea88.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\174758A7.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '46e96fb9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17A04646.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4776ea88.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17BD4025.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4777ea89.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17D71009.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4779ea89.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\180B2FCF.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4765ea8b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\183C2599.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.AA.2
[INFO] The file was moved to '4768ea8b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185D4975.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.AA.2
[INFO] The file was moved to '476aea8c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E3442B0.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4768ea99.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\220230B0.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4765ea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2295120F.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C903AB4.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea98.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313C13C6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '46e86fb8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31FB08EB.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '477bea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32C95E09.tmp
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.N
[INFO] The file was moved to '4778ea89.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\340F2911.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '46e56fbc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F17414.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '477bea8d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47143CCC.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4766ea8f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A97626B.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea99.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C5D52FA.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476aea9c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\526C49E6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476bea8b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54C22B1E.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4778ea8e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57094466.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4765ea91.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64C8219A.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4778ea8f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6633560B.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4768ea91.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CBC089C.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.JZ
[INFO] The file was moved to '4777ea9f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73926D3C.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea8f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\756742D9.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AB
[INFO] The file was moved to '476bea91.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78116BE3.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4766ea95.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4C1781.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4769eaa1.qua'!
C:\Documents and Settings\Bullet-Teath\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/er-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/or-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a1eb29.qua'!
C:\Documents and Settings\Bullet-Teath\Local Settings\Temporary Internet Files\Content.IE5\Q94XSZ0P\17PHolmes[2].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4785ebe8.qua'!
C:\MSNFix\10112007_163657.71.zip
[0] Archive type: ZIP
--> backup/3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> backup/carlton
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> backup/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> backup/er-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/or-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4766ecf9.qua'!
C:\Program Files\eMule\Incoming\[App ITA] Windows XP Professional SP2 (MAGGIO 2007) activation crack key serial keygen patch.zip
[0] Archive type: ZIP
--> Patch.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47a5ed97.qua'!
C:\SSV\Supssv.bat
[DETECTION] Contains suspicious code HEUR/Trojan.DIRKiller
[INFO] The file was moved to '47a5fab5.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP515\A0414049.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769ffc4.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP515\A0414050.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769ffc5.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP515\A0414399.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769ffd0.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP516\A0414418.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '4769ffd5.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP516\A0414447.dll
[DETECTION] Contains detection pattern of a probably damaged sample CC/UKMalw.NA
[INFO] The file was moved to '4769ffe7.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414725.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fff7.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414726.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46148b60.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414727.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '4769fff8.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414728.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46148b61.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414729.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fffa.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414730.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '4769fff9.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414731.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '46148b62.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414745.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[INFO] The file was moved to '46148b63.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414746.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fffc.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414747.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '46148b65.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414749.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '4769fffb.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414750.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[INFO] The file was moved to '46148b64.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414751.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fffd.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414760.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '4769fffe.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414761.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46148b67.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414762.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fff0.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP519\A0414924.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '476a0006.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP519\A0414925.bat
[DETECTION] Contains suspicious code HEUR/Trojan.DIRKiller
[INFO] The file was moved to '4617749f.qua'!
C:\WINDOWS\mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a50059.qua'!
Begin scan in 'D:\'
D:\RECYCLER\S-1-5-21-1123561945-329068152-839522115-1003\Dd85.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '476e08f7.qua'!
D:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP519\A0414926.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '476a08e0.qua'!
D:\WinRAR\Unzipped\Patch.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47aa0923.qua'!
Begin scan in 'E:\'
End of the scan: samedi 10 novembre 2007 20:44
Used time: 2:19:01 min
The scan has been done completely.
6309 Scanning directories
325987 Files were scanned
98 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
80 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
325889 Files not concerned
1863 Archives were scanned
2 Warnings
0 Notes
Et puis ensuite j'ai fais un scan Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:54, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
AntiVir PersonalEdition Classic
Report file date: samedi 10 novembre 2007 18:25
Scanning for 923375 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MARTY
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.172 1092608 Bytes 05/11/2007 17:22:59
ANTIVIR3.VDF : 7.0.0.197 104960 Bytes 09/11/2007 17:22:59
AVEWIN32.DLL : 7.6.0.34 3125760 Bytes 10/11/2007 17:22:59
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: samedi 10 novembre 2007 18:25
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'GBTray.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'LogitechDesktopMessenger.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'NOPDB.exe' - '1' Module(s) have been scanned
Scan process 'slserv.exe' - '1' Module(s) have been scanned
Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned
Scan process 'NPROTECT.EXE' - '1' Module(s) have been scanned
Scan process 'GHOSTS~2.EXE' - '1' Module(s) have been scanned
Scan process 'GBPoll.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'incdsrv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '26' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4762ea06.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07907116.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.JZ
[INFO] The file was moved to '476eea75.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08F21711.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Stration.C.6
[INFO] The file was moved to '477bea79.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15AC2E6C.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '4776ea79.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15E3782E.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '477aea7b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\15FE4812.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '477bea80.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\162115EA.tmp
[DETECTION] Is the Trojan horse TR/Drop.Small.DBY
[INFO] The file was moved to '4767ea81.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16383BD1.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.L
[INFO] The file was moved to '4768ea82.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164239C6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4769ea82.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\164C37BB.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.H1
[INFO] The file was moved to '4769ea83.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\165635B1.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.H1
[INFO] The file was moved to '476aea83.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16635DA2.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Small.DBX
[INFO] The file was moved to '476bea84.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\166D5B98.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Small.DBX
[INFO] The file was moved to '46eb6fb5.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1683017E.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.J
[INFO] The file was moved to '476dea84.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16B47748.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.J
[INFO] The file was moved to '4777ea85.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\171662DD.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4766ea86.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17207238.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4767ea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17345CBC.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4768ea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\174104AE.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4769ea88.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\174758A7.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '46e96fb9.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17A04646.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4776ea88.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17BD4025.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4777ea89.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17D71009.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4779ea89.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\180B2FCF.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.Y
[INFO] The file was moved to '4765ea8b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\183C2599.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.AA.2
[INFO] The file was moved to '4768ea8b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\185D4975.tmp
[DETECTION] Is the Trojan horse TR/Small.DBY.AA.2
[INFO] The file was moved to '476aea8c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E3442B0.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4768ea99.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\220230B0.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4765ea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2295120F.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2C903AB4.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea98.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313C13C6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '46e86fb8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31FB08EB.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '477bea87.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32C95E09.tmp
[DETECTION] Contains detection pattern of the Windows virus W32/Virut.N
[INFO] The file was moved to '4778ea89.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\340F2911.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '46e56fbc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F17414.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '477bea8d.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47143CCC.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4766ea8f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A97626B.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea99.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C5D52FA.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476aea9c.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\526C49E6.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476bea8b.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\54C22B1E.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4778ea8e.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57094466.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4765ea91.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64C8219A.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4778ea8f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6633560B.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4768ea91.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CBC089C.tmp
[DETECTION] Is the Trojan horse TR/Dldr.Tibs.JZ
[INFO] The file was moved to '4777ea9f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73926D3C.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '476eea8f.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\756742D9.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.AB
[INFO] The file was moved to '476bea91.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78116BE3.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4766ea95.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4C1781.tmp
[DETECTION] Contains detection pattern of the worm WORM/Netsky.C.4
[INFO] The file was moved to '4769eaa1.qua'!
C:\Documents and Settings\Bullet-Teath\Bureau\Upload_Me.zip
[0] Archive type: ZIP
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/er-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> DOCUME~1/BULLET~1/Bureau/Upload_Me/or-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a1eb29.qua'!
C:\Documents and Settings\Bullet-Teath\Local Settings\Temporary Internet Files\Content.IE5\Q94XSZ0P\17PHolmes[2].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4785ebe8.qua'!
C:\MSNFix\10112007_163657.71.zip
[0] Archive type: ZIP
--> backup/3d3t4t8n7l.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
--> backup/carlton
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
--> backup/ccSvcHst.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> backup/Dance_dec_jpg.zip
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[1] Archive type: ZIP
--> www.Dance_dec_jpg_Msn.com
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
--> backup/er-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/LBTWiz.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/Nokia_19_jpg.zip
[1] Archive type: ZIP
--> www.Nokia_19_jpg-msn.com
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
--> backup/or-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4766ecf9.qua'!
C:\Program Files\eMule\Incoming\[App ITA] Windows XP Professional SP2 (MAGGIO 2007) activation crack key serial keygen patch.zip
[0] Archive type: ZIP
--> Patch.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47a5ed97.qua'!
C:\SSV\Supssv.bat
[DETECTION] Contains suspicious code HEUR/Trojan.DIRKiller
[INFO] The file was moved to '47a5fab5.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP515\A0414049.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769ffc4.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP515\A0414050.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769ffc5.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP515\A0414399.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769ffd0.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP516\A0414418.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '4769ffd5.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP516\A0414447.dll
[DETECTION] Contains detection pattern of a probably damaged sample CC/UKMalw.NA
[INFO] The file was moved to '4769ffe7.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414725.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fff7.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414726.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46148b60.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414727.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '4769fff8.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414728.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46148b61.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414729.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fffa.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414730.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '4769fff9.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414731.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '46148b62.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414745.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[INFO] The file was moved to '46148b63.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414746.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fffc.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414747.exe
[DETECTION] Is the Trojan horse TR/Dialer.VUY.4
[INFO] The file was moved to '46148b65.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414749.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.erf
[INFO] The file was moved to '4769fffb.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414750.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.562688
[INFO] The file was moved to '46148b64.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414751.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fffd.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414760.exe
[DETECTION] Contains detection pattern of the worm WORM/SdBot.561152.2
[INFO] The file was moved to '4769fffe.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414761.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '46148b67.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP518\A0414762.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4769fff0.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP519\A0414924.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '476a0006.qua'!
C:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP519\A0414925.bat
[DETECTION] Contains suspicious code HEUR/Trojan.DIRKiller
[INFO] The file was moved to '4617749f.qua'!
C:\WINDOWS\mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '47a50059.qua'!
Begin scan in 'D:\'
D:\RECYCLER\S-1-5-21-1123561945-329068152-839522115-1003\Dd85.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '476e08f7.qua'!
D:\System Volume Information\_restore{9C2EFB60-BF01-417A-9135-7960C3419AA2}\RP519\A0414926.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '476a08e0.qua'!
D:\WinRAR\Unzipped\Patch.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '47aa0923.qua'!
Begin scan in 'E:\'
End of the scan: samedi 10 novembre 2007 20:44
Used time: 2:19:01 min
The scan has been done completely.
6309 Scanning directories
325987 Files were scanned
98 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
80 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
325889 Files not concerned
1863 Archives were scanned
2 Warnings
0 Notes
Et puis ensuite j'ai fais un scan Hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:54, on 10/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Logiciel Bluetooth\BTTray.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - Default URLSearchHook is missing
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: BHO Barre de Confiance CM-CIC - {988B07F5-7392-455A-8A1F-64935CB8B6ED} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre de confiance CM-CIC - {55BDF3B0-C0A8-481A-B8A6-01CD2BE0F3FD} - C:\Program Files\BarreConfCMCIC\TAPBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/DigWXMSN.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} - http://www.symantec.com/techsupp/activedata/ActiveData.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: GBPoll - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~4\GHOSTS~2.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
Vous etiez infecte ...
La plupart de ce qui a ete trouve avait ete elimine par Norton, une autre partie est detectee dans le catalogue "_restore" - donc, potentiellement dangeuereux mais pas actif.
Ce fichier -
C:\ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
peut etre dangeureux, mais il n'y est plus :)
Pour vous dire que faire ensuite il faut savoir si votre probleme est toujours la.
Si Antivir l'a elemine, tant mieux!
La plupart de ce qui a ete trouve avait ete elimine par Norton, une autre partie est detectee dans le catalogue "_restore" - donc, potentiellement dangeuereux mais pas actif.
Ce fichier -
C:\ir-1-1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
peut etre dangeureux, mais il n'y est plus :)
Pour vous dire que faire ensuite il faut savoir si votre probleme est toujours la.
Si Antivir l'a elemine, tant mieux!
