Marimy
-
Compteur de contenus
3 -
Inscription
-
Dernière visite
Type de contenu
Profils
Forums
Blogs
Messages posté(e)s par Marimy
-
-
Bonjour,
Je suis moi aussi infecté par un cheval de troie dont je n'arrive pas à me défaire.
Pouvez-vous m'aider ?
Voici mon log hijack.
Merci
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:05:20, on 2008-01-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\wnbsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jucheck.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/index.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.ca/index.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2423041F-8B96-4280-95DC-709250944B8D} - C:\WINDOWS\system32\awtsqpp.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST1.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-ca\msntb.dll
O2 - BHO: MSEvents Object - {CE70731D-F28D-4D81-9D61-C8EE60378401} - C:\WINDOWS\system32\gebcd.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar1.02.5000.1021\fr-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [sSC_UserPrompt] C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Console Source] wnbsvc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [sweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Compagnon d'AOL.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Mini-icône d'AOL 8.0.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by125fd.bay125.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O20 - Winlogon Notify: awtsqpp - C:\WINDOWS\SYSTEM32\awtsqpp.dll
O20 - Winlogon Notify: gebcd - C:\WINDOWS\system32\gebcd.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 8943 bytes
-
Bonjour,
Je suis moi aussi infecté par un cheval de troie dont je n'arrive pas à me défaire.
Pouvez-vous m'aider ?
Voici mon log hijack.
Edit par Gof. Suite ici.
virus trojan
dans Analyses et éradication malwares
Posté(e)
Bonjour, là c'est pire que tout depuis que j'ai installer le nouveau antivirus antivir parce que ca n'arrête pu de m'ouvrir une fenetre disant qu'un virus a été trouver alors je le supprime ou le met en quaraintaine mais ca revient immédiatement après, c'est vraiment fatigant je ne sais plus quoi faire...
voici mon rapport de mon scan antivir:
SVP DITES MOI QUOI FAIRE POUR ME DÉBARASSER DE CE VIRUS
AntiVir PersonalEdition Classic
Report file date: 23 janvier 2008 12:08
Scanning for 1065753 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: MARIMY
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 19:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 18:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 21:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 18:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 20:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 16:51:08
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 16:51:08
ANTIVIR3.VDF : 7.0.2.36 347648 Bytes 23/01/2008 16:51:08
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 23/01/2008 16:51:09
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 16:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 13:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 19:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/01/2008 16:51:09
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 13:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 18:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 13:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 17:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 18:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 18:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 15:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 23 janvier 2008 12:08
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'jucheck.exe' - '1' Module(s) have been scanned
Scan process 'companion.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'symwsc.exe' - '1' Module(s) have been scanned
Scan process 'aoltray.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wanmpsvc.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Windows Media Player\WMPNSCFG.exe'
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe'
Scan process 'CTFMON.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'pctsTray.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Spyware Doctor\pctsTray.exe'
Scan process 'wnbsvc.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\wnbsvc.exe'
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\iTunes\iTunesHelper.exe'
Scan process 'SweetIM.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Macrogaming\SweetIM\SweetIM.exe'
Scan process 'realplay.exe' - '1' Module(s) have been scanned
Scan process 'igfxpers.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\igfxpers.exe'
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\hkcmd.exe'
Scan process 'QTTask.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\QuickTime\QTTask.exe'
Scan process 'tfswctrl.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\dla\tfswctrl.exe'
Scan process 'DVDLauncher.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe'
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe'
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\Program Files\Analog Devices\Core\smax4pnp.exe'
Scan process 'pctsSvc.exe' - '1' Module(s) have been scanned
Scan process 'pctsAuxs.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
Process 'wmpnscfg.exe' has been terminated
Process 'GoogleToolbarNotifier.exe' has been terminated
Process 'pctsTray.exe' has been terminated
Process 'wnbsvc.exe' has been terminated
Process 'iTunesHelper.exe' has been terminated
Process 'SweetIM.exe' has been terminated
Process 'igfxpers.exe' has been terminated
Process 'hkcmd.exe' has been terminated
Process 'QTTask.exe' has been terminated
Process 'tfswctrl.exe' has been terminated
Process 'DVDLauncher.exe' has been terminated
Process 'jusched.exe' has been terminated
Process 'smax4pnp.exe' has been terminated
C:\Program Files\Windows Media Player\WMPNSCFG.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\Spyware Doctor\pctsTray.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\WINDOWS\system32\wnbsvc.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\Program Files\iTunes\iTunesHelper.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\WINDOWS\system32\igfxpers.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\WINDOWS\system32\hkcmd.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\QuickTime\QTTask.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\WINDOWS\system32\dla\tfswctrl.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\Analog Devices\Core\smax4pnp.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
62 processes with 49 modules were scanned
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Starting to scan the registry.
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Program Files\Fichiers communs\Symantec Shared\Security Center\UsrPrmpt.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
C:\WINDOWS\SYSTEM32\igfxtray.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\WINDOWS\SYSTEM32\igfxtray.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
C:\WINDOWS\mrofinu2000201.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\WINDOWS\mrofinu2000201.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
The registry was scanned ( '33' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Marie-Michelle\Bureau\marimy chanson5 Track 5.wma
[DETECTION] Is the Trojan horse TR/Wimad.A.Gen
[iNFO] The file was deleted!
C:\Documents and Settings\Marie-Michelle\Local Settings\Temp\52.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[iNFO] The file was deleted!
C:\Documents and Settings\Marie-Michelle\Local Settings\Temp\img022.zip
[0] Archive type: ZIP
--> img022.jpg-www.facepic.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was deleted!
C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\D52VGK2P\CA8H0HKB
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was deleted!
C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\D52VGK2P\po1[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was moved to '47c8797a.qua'!
C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\EADUG27I\17PHolmes[1].cmt
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[iNFO] The file was deleted!
C:\Documents and Settings\Marie-Michelle\Local Settings\Temporary Internet Files\Content.IE5\EADUG27I\wr5[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[iNFO] The file was moved to '47cc7988.qua'!
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '480b80d7.qua'!
C:\Program Files\Temporary\kernInst.exe
[DETECTION] Is the Trojan horse TR/Agent.edq
[iNFO] The file was moved to '4809842b.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP951\A0115824.dll
[DETECTION] Is the Trojan horse TR/Dldr.ConHook.Q.2
[iNFO] The file was moved to '47c8848e.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP952\A0115925.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[iNFO] The file was moved to '47c8849d.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP952\A0116057.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[iNFO] The file was moved to '47c884aa.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116060.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884b0.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116063.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884ba.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116064.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884bf.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116065.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884e1.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116066.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[iNFO] The file was moved to '47c884e4.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116067.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884e7.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116068.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884f9.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116069.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884fc.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116070.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c884ff.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116071.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c88521.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116072.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c88523.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116073.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c88526.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116074.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c88529.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116075.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c8852c.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116076.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c8852e.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116077.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c88530.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116078.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c88533.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116079.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[iNFO] The file was moved to '47c88535.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116080.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.dgo.221
[iNFO] The file was moved to '47c88536.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116081.exe
[DETECTION] Is the Trojan horse TR/Vundo.DWK
[iNFO] The file was moved to '47c88539.qua'!
C:\System Volume Information\_restore{EA39A09C-50BA-4996-869B-915C83FE3B53}\RP954\A0116082.exe
[DETECTION] Is the Trojan horse TR/Agent.edq
[iNFO] The file was moved to '47c8853f.qua'!
C:\WINDOWS\mrofinu2000201.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[iNFO] The file was moved to '48068a8c.qua'!
End of the scan: 23 janvier 2008 13:40
Used time: 1:31:32 min
The scan has been canceled!
4214 Scanning directories
180135 Files were scanned
63 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
21 files were deleted
0 files were repaired
29 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
180072 Files not concerned
2646 Archives were scanned
2 Warnings
0 Notes