Infection virus TR/Crypt.ulpm.gen
Résolu
levagurod
Messages postés
17
Date d'inscription
Statut
Membre
Dernière intervention
-
jlpjlp -
jlpjlp -
Bonjour,mon ordinateur est infecté par le virus"TR/Crypt.ULPM.Gen". N'étant pas un féru d'informatique, je vous demande votre aide afin d'éradiquer ce virus trouvé par Antivir PersonalEdition Classic.
Qu'elle est la procédure à effectuer pour résoudre ce problème, et merci par avance pour les solutions que vous m'apporterez.
Qu'elle est la procédure à effectuer pour résoudre ce problème, et merci par avance pour les solutions que vous m'apporterez.
A voir également:
- Infection virus TR/Crypt.ulpm.gen
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Softonic virus ✓ - Forum Virus
- Faux message virus iphone ✓ - Forum Virus
- Undisclosed-recipients virus - Guide
41 réponses
Salut, problème du même genre voici les rapports hijackthis et antivir
merci de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 00:18:58, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\UTILISATEUR\Application Data\s?curity\l?gonui.exe
C:\Documents and Settings\UTILISATEUR\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\UTILISATEUR\Application Data\Microsoft\Windows\wbyniq.exe
C:\Program Files\ArcSoft\TotalMedia 2\TMMonitor.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CDD113D3-A033-D0B7-1191-A38F000D2995} - C:\WINDOWS\system32\nsros.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Dfzo] "C:\Documents and Settings\UTILISATEUR\Application Data\s?curity\l?gonui.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\UTILISATEUR\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\UTILISATEUR\Application Data\Microsoft\Windows\wbyniq.exe
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 2\TMMonitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
ANTIVIR :
Avira AntiVir Personal
Report file date: dimanche 20 avril 2008 17:00
Scanning for 1218459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: UTILISATEUR
Computer name: LESFLOSP
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 14:38:46
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 14:38:55
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 14:39:45
AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 14:39:41
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 14:39:40
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 14:39:33
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 14:39:26
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 14:39:07
AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 14:39:04
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 14:38:58
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 20 avril 2008 17:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\Documents and Settings\UTILISATEUR\Application Data\Microsoft\Windows\khkgbf.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
[NOTE] The file was moved to '48765b0d.qua'!
C:\Program Files\sуstem32\javaw.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '48815b0c.qua'!
C:\Documents and Settings\UTILISATEUR\Application Data\WinTouch\WinTouch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[NOTE] The file was moved to '48795b1a.qua'!
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\UTILISATEUR\katyqh.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487f5c24.qua'!
C:\Documents and Settings\UTILISATEUR\Bureau\catchme.zip
[0] Archive type: ZIP
--> %%0e+000xe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f5ecd.qua'!
C:\Documents and Settings\UTILISATEUR\Local Settings\Temp\Temporary Internet Files\Content.IE5\4JU9AFY1\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '485b6c0f.qua'!
C:\Documents and Settings\UTILISATEUR\Local Settings\Temp\Temporary Internet Files\Content.IE5\DU9O4DJ1\wv[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48666c9d.qua'!
C:\Documents and Settings\UTILISATEUR\Local Settings\Temporary Internet Files\Content.IE5\KLAZ0D23\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip
[0] Archive type: ZIP
--> b155.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
[NOTE] The file was moved to '48706d6e.qua'!
C:\Documents and Settings\UTILISATEUR\Mes documents\nettoage\MSNFix\20042008_14161662.zip
[0] Archive type: ZIP
--> backup/b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
--> backup/b155.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
--> backup/b157.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
--> backup/katyqh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1423.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1423.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/Twain.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.nft
--> backup/WinTouch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
--> backup/Yazzle1560OinUninstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '483b6fcd.qua'!
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '488576ba.qua'!
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.MSNFix
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '488576bb.qua'!
C:\Program Files\Twain\Twain.MSNFix
[DETECTION] Is the Trojan horse TR/Dldr.Agent.nft
[NOTE] The file was moved to '486c7af3.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP687\A0061485.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7be2.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP687\A0061486.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b8699b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP688\A0062494.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7be6.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP689\A0064501.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7beb.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP690\A0065508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bef.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP690\A0065509.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86988.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP691\A0066508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf2.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0066510.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf4.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0067508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf5.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0067509.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b8698e.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0068508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf6.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0068510.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b8698f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0068517.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf7.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP693\A0073517.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bfd.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP694\A0074522.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c00.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0076573.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c0e.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0076582.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c0f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0077584.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c10.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0078580.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c11.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP696\A0079583.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c1a.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP696\A0080582.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c1b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP697\A0080685.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c26.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP697\A0080686.exe
[DETECTION] Is the Trojan horse TR/BHO.bfl.1
[NOTE] The file was moved to '483b7c27.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP697\A0080690.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
[NOTE] The file was moved to '483b7c28.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP698\A0081670.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c2a.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP699\A0081718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c32.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP699\A0081719.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e4b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP699\A0081731.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was moved to '483b7c33.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP701\A0083727.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c3e.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0085717.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c42.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0085718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e3b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0086718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c47.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0087718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c49.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0087720.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ltf.1
[NOTE] The file was moved to '49b86e32.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP704\A0088794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c53.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP705\A0089764.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c56.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP705\A0089765.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e2f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP706\A0090766.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c5d.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP709\A0093843.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
[NOTE] The file was moved to '483b7c6b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP709\A0093844.exe
[DETECTION] Is the Trojan horse TR/BHO.bhh
[NOTE] The file was moved to '483b7c6c.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094891.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '483b7c77.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094900.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.nft
[NOTE] The file was moved to '483b7c78.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094903.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e01.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094904.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was moved to '483b7c79.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094905.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e02.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094914.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[NOTE] The file was moved to '483b7c7a.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094917.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
[NOTE] The file was moved to '49b86e03.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094918.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
[NOTE] The file was moved to '483b7c7b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094966.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
[NOTE] The file was moved to '483b7c7f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094967.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '49b86ef8.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094968.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[NOTE] The file was moved to '483b7c80.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094969.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '49b86ef9.qua'!
C:\WINDOWS\b128.MSNFix
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was moved to '483d7d03.qua'!
C:\WINDOWS\mrofinu1423.exe.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487a7d52.qua'!
C:\WINDOWS\mrofinu1423.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49016383.qua'!
C:\WINDOWS\system32\%%%%%.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4830800c.qua'!
C:\WINDOWS\system32\bvlmkw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48778065.qua'!
C:\WINDOWS\system32\dslzpm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48778077.qua'!
C:\WINDOWS\system32\dvjfkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '4875807c.qua'!
C:\WINDOWS\system32\eamjuf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '4878806b.qua'!
C:\WINDOWS\system32\ezsjob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487e8087.qua'!
C:\WINDOWS\system32\lnkktj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48768094.qua'!
C:\WINDOWS\system32\nqkjls.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487680b7.qua'!
C:\WINDOWS\system32\qgnmnf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487980c6.qua'!
C:\WINDOWS\system32\rsewnp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487080d7.qua'!
C:\WINDOWS\system32\semcwp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487880cd.qua'!
C:\WINDOWS\system32\ulujwm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '488080fa.qua'!
End of the scan: dimanche 20 avril 2008 19:46
Used time: 2:46:26 min
The scan has been done completely.
5894 Scanning directories
306160 Files were scanned
89 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
79 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
306071 Files not concerned
9259 Archives were scanned
1 Warnings
79 Notes
merci de votre aide
Logfile of HijackThis v1.99.1
Scan saved at 00:18:58, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
C:\Program Files\Synaptics\SynTP\Toshiba.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\UTILISATEUR\Application Data\s?curity\l?gonui.exe
C:\Documents and Settings\UTILISATEUR\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\UTILISATEUR\Application Data\Microsoft\Windows\wbyniq.exe
C:\Program Files\ArcSoft\TotalMedia 2\TMMonitor.exe
C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\avira\antivir personaledition classic\avcenter.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: testCPV6 - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\CPV\CPV8.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CDD113D3-A033-D0B7-1191-A38F000D2995} - C:\WINDOWS\system32\nsros.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang FR
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Dfzo] "C:\Documents and Settings\UTILISATEUR\Application Data\s?curity\l?gonui.exe"
O4 - HKCU\..\Run: [SpeedRunner] C:\Documents and Settings\UTILISATEUR\Application Data\SpeedRunner\SpeedRunner.exe
O4 - HKCU\..\Run: [SfKg6wIP] C:\Documents and Settings\UTILISATEUR\Application Data\Microsoft\Windows\wbyniq.exe
O4 - Startup: Lancement rapide de Microsoft Office OneNote 2003.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TMMonitor.lnk = C:\Program Files\ArcSoft\TotalMedia 2\TMMonitor.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSzim029YYFR
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
ANTIVIR :
Avira AntiVir Personal
Report file date: dimanche 20 avril 2008 17:00
Scanning for 1218459 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: UTILISATEUR
Computer name: LESFLOSP
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 14:38:46
ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 14:38:55
Engineversion : 8.1.0.32
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 14:39:45
AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 14:39:41
AERDL.DLL : 8.1.0.19 418164 Bytes 07/04/2008 15:34:44
AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 14:39:40
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 14:39:33
AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 14:39:26
AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 14:39:07
AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 14:39:04
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 14:38:58
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: dimanche 20 avril 2008 17:00
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
C:\Documents and Settings\UTILISATEUR\Application Data\Microsoft\Windows\khkgbf.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
[NOTE] The file was moved to '48765b0d.qua'!
C:\Program Files\sуstem32\javaw.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '48815b0c.qua'!
C:\Documents and Settings\UTILISATEUR\Application Data\WinTouch\WinTouch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[NOTE] The file was moved to '48795b1a.qua'!
The registry was scanned ( '49' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\UTILISATEUR\katyqh.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487f5c24.qua'!
C:\Documents and Settings\UTILISATEUR\Bureau\catchme.zip
[0] Archive type: ZIP
--> %%0e+000xe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f5ecd.qua'!
C:\Documents and Settings\UTILISATEUR\Local Settings\Temp\Temporary Internet Files\Content.IE5\4JU9AFY1\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '485b6c0f.qua'!
C:\Documents and Settings\UTILISATEUR\Local Settings\Temp\Temporary Internet Files\Content.IE5\DU9O4DJ1\wv[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48666c9d.qua'!
C:\Documents and Settings\UTILISATEUR\Local Settings\Temporary Internet Files\Content.IE5\KLAZ0D23\93e4c2046fcb4ac4bdc3dbbcc28127fb[1].zip
[0] Archive type: ZIP
--> b155.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
[NOTE] The file was moved to '48706d6e.qua'!
C:\Documents and Settings\UTILISATEUR\Mes documents\nettoage\MSNFix\20042008_14161662.zip
[0] Archive type: ZIP
--> backup/b128.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
--> backup/b155.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
--> backup/b157.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
--> backup/katyqh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1423.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1423.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/Twain.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.nft
--> backup/WinTouch.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
--> backup/Yazzle1560OinUninstaller.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '483b6fcd.qua'!
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '488576ba.qua'!
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.MSNFix
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '488576bb.qua'!
C:\Program Files\Twain\Twain.MSNFix
[DETECTION] Is the Trojan horse TR/Dldr.Agent.nft
[NOTE] The file was moved to '486c7af3.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP687\A0061485.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7be2.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP687\A0061486.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b8699b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP688\A0062494.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7be6.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP689\A0064501.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7beb.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP690\A0065508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bef.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP690\A0065509.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86988.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP691\A0066508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf2.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0066510.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf4.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0067508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf5.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0067509.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b8698e.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0068508.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf6.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0068510.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b8698f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP692\A0068517.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bf7.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP693\A0073517.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7bfd.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP694\A0074522.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c00.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0076573.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c0e.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0076582.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c0f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0077584.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c10.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP695\A0078580.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c11.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP696\A0079583.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c1a.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP696\A0080582.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c1b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP697\A0080685.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c26.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP697\A0080686.exe
[DETECTION] Is the Trojan horse TR/BHO.bfl.1
[NOTE] The file was moved to '483b7c27.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP697\A0080690.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.22016.4
[NOTE] The file was moved to '483b7c28.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP698\A0081670.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c2a.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP699\A0081718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c32.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP699\A0081719.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e4b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP699\A0081731.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was moved to '483b7c33.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP701\A0083727.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c3e.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0085717.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c42.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0085718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e3b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0086718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c47.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0087718.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c49.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP702\A0087720.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ltf.1
[NOTE] The file was moved to '49b86e32.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP704\A0088794.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c53.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP705\A0089764.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c56.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP705\A0089765.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e2f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP706\A0090766.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '483b7c5d.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP709\A0093843.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
[NOTE] The file was moved to '483b7c6b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP709\A0093844.exe
[DETECTION] Is the Trojan horse TR/BHO.bhh
[NOTE] The file was moved to '483b7c6c.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094891.exe
[DETECTION] Contains detection pattern of the dropper DR/PurityScan.GP.1
[NOTE] The file was moved to '483b7c77.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094900.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.nft
[NOTE] The file was moved to '483b7c78.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094903.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e01.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094904.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was moved to '483b7c79.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094905.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49b86e02.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094914.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[NOTE] The file was moved to '483b7c7a.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094917.exe
[DETECTION] Is the Trojan horse TR/BHO.bhg
[NOTE] The file was moved to '49b86e03.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP711\A0094918.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.jih.1
[NOTE] The file was moved to '483b7c7b.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094966.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.cgd.2
[NOTE] The file was moved to '483b7c7f.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094967.exe
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '49b86ef8.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094968.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hcn
[NOTE] The file was moved to '483b7c80.qua'!
C:\System Volume Information\_restore{EB633BA2-4F61-40B6-86F0-A87FDC4A394F}\RP712\A0094969.exe
--> Object
[1] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Purity.BV.7
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.PurityScan.FJ.2
[NOTE] The file was moved to '49b86ef9.qua'!
C:\WINDOWS\b128.MSNFix
[DETECTION] Is the Trojan horse TR/Dldr.Agent.ezc.1
[NOTE] The file was moved to '483d7d03.qua'!
C:\WINDOWS\mrofinu1423.exe.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487a7d52.qua'!
C:\WINDOWS\mrofinu1423.MSNFix
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '49016383.qua'!
C:\WINDOWS\system32\%%%%%.exe
[DETECTION] Is the Trojan horse TR/Trash.Gen
[NOTE] The file was moved to '4830800c.qua'!
C:\WINDOWS\system32\bvlmkw.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48778065.qua'!
C:\WINDOWS\system32\dslzpm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48778077.qua'!
C:\WINDOWS\system32\dvjfkg.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '4875807c.qua'!
C:\WINDOWS\system32\eamjuf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '4878806b.qua'!
C:\WINDOWS\system32\ezsjob.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487e8087.qua'!
C:\WINDOWS\system32\lnkktj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '48768094.qua'!
C:\WINDOWS\system32\nqkjls.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487680b7.qua'!
C:\WINDOWS\system32\qgnmnf.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487980c6.qua'!
C:\WINDOWS\system32\rsewnp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487080d7.qua'!
C:\WINDOWS\system32\semcwp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '487880cd.qua'!
C:\WINDOWS\system32\ulujwm.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[NOTE] The file was moved to '488080fa.qua'!
End of the scan: dimanche 20 avril 2008 19:46
Used time: 2:46:26 min
The scan has been done completely.
5894 Scanning directories
306160 Files were scanned
89 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
79 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
306071 Files not concerned
9259 Archives were scanned
1 Warnings
79 Notes
