Virus downloader analyse Hijackthis

[Apoutsiak]

bonsoir

 

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :

[*]Redémarre ton ordinateur

[*]Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).

[*]A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.

[*]Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".

[*]Choisis ton compte.

Déroule la liste des instructions ci-dessous :

[*]Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.

[*]Appuie sur Y pour commencer le processus de nettoyage.

[*]Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.

[*]Appuie sur une touche pour redémarrer le PC.

[*]Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.

[*]Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

[*]Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.

[*]Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.

[*]Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum.

N.B.:

- Le fichier SDFIX_README.htm (dans le dossier SDFix) contient la liste des malwares pris en compte par l'outil.

- Andy fait plusieurs mises à jour, souvent plus d'une par jour... N'hésitez donc pas à demander de

 

 

Voilà le résultat

Tu n'as pas fini la phrase sur Andy

 

 

 

SDFix: Version 1.119

 

Run by Compaq_Propriétaire on 20/12/2007 at 22:07

 

Microsoft Windows XP [version 5.1.2600]

 

Running From: C:\DOCUME~1\COMPAQ~1\Bureau\SDFix

 

Safe Mode:

Checking Services:

 

 

Restoring Windows Registry Values

Restoring Windows Default Hosts File

Restoring Default HomePage Value

Restoring Default Desktop Components Value

 

Rebooting...

 

 

Normal Mode:

Checking Files:

 

Trojan Files Found:

 

C:\Documents and Settings\Compaq_Propriétaire\Bureau\Error Cleaner.url - Deleted

C:\Documents and Settings\Compaq_Propriétaire\Favoris\Error Cleaner.url - Deleted

C:\Documents and Settings\Compaq_Propriétaire\Bureau\Privacy Protector.url - Deleted

C:\Documents and Settings\Compaq_Propriétaire\Favoris\Privacy Protector.url - Deleted

C:\Documents and Settings\Compaq_Propriétaire\Bureau\Spyware&Malware Protection.url - Deleted

C:\Documents and Settings\Compaq_Propriétaire\Favoris\Spyware&Malware Protection.url - Deleted

C:\WINDOWS\privacy_danger\index.htm - Deleted

C:\WINDOWS\privacy_danger\images\capt.gif - Deleted

C:\WINDOWS\privacy_danger\images\danger.jpg - Deleted

C:\WINDOWS\privacy_danger\images\down.gif - Deleted

C:\WINDOWS\privacy_danger\images\spacer.gif - Deleted

C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\ac8zt2.dat - Deleted

C:\WINDOWS\binret.exe - Deleted

C:\WINDOWS\hjoqor.dll - Deleted

C:\WINDOWS\xcvwer.dll - Deleted

 

 

 

Folder C:\WINDOWS\privacy_danger - Removed

 

Removing Temp Files...

 

ADS Check:

 

C:\WINDOWS

No streams found.

 

C:\WINDOWS\system32

No streams found.

 

C:\WINDOWS\system32\svchost.exe

No streams found.

 

C:\WINDOWS\system32\ntoskrnl.exe

No streams found.

 

 

 

Final Check:

 

catchme 0.3.1333.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2007-12-20 22:15:20

Windows 5.1.2600 Service Pack 2 NTFS

 

detected NTDLL code modification:

ZwClose

 

scanning hidden processes ...

 

scanning hidden services & system hive ...

 

scanning hidden registry entries ...

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]

"TracesProcessed"=dword:00000000

"TracesSuccessful"=dword:00000000

"LastTraceFailure"=dword:00000000

 

scanning hidden files ...

 

 

scan completed successfully

hidden processes: 0

hidden services: 0

hidden files: 1

 

 

Remaining Services:

------------------

 

 

 

Authorized Application Key Export:

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

 

Remaining Files:

---------------

 

File Backups: - C:\DOCUME~1\COMPAQ~1\Bureau\SDFix\backups\backups.zip

 

Files with Hidden Attributes:

 

Sat 24 Sep 2005 218 A.SHR --- "C:\BOOT.BAK"

Wed 31 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"

Mon 31 Oct 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"

Mon 11 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Thu 20 Dec 2007 0 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Temp\BIT10C7.tmp"

Thu 20 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Temp\BIT1E.tmp"

Thu 20 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Temp\BIT3.tmp"

Thu 20 Dec 2007 85,946 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Local Settings\Temp\BITD91.tmp"

Mon 3 Dec 2001 19,968 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\FlorilŠge 2002-2004\d‚part en course\^wrl0004.tmp"

Tue 1 Nov 2005 969,728 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Montagne\LPA\~WRL0005.tmp"

Tue 6 Dec 2005 10,679,296 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Montagne\LPA\~WRL1171.tmp"

Thu 8 Jun 2006 11,998,208 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Montagne\LPA\Pr‚paration LPA 36\~WRL0003.tmp"

Wed 2 May 2007 20,707,328 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Montagne\LPA\Pr‚paration LPA 36\~WRL0004.tmp"

Wed 9 May 2007 24,364,032 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\Montagne\LPA\Pr‚paration LPA 36\~WRL0427.tmp"

 

Finished!

[Lien Rag]

Tu n'as pas fini la phrase sur Andy

...tu lis tout c'est bien

 

relance ton PC Mode sans echec et fais un Hijack que tu postera dans ton prochain message stp

[Apoutsiak]

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 22:47:06, on 20/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Safe mode

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Spyware Doctor\svcntaux.exe

C:\Program Files\Spyware Doctor\swdsvc.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Spyware Doctor\SDTrayApp.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tiscali.fr/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll

O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe

O4 - HKLM\..\Run: [Raccourci vers la page des propriétés de High Definition Audio] HDAudPropShortcut.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"

O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\system32\hphmon04.exe

O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"

O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

O4 - HKLM\..\Run: [hpppta] C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hpppta.exe /ICON

O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"

O4 - HKLM\..\Run: [GGC8fI] C:\WINDOWS\naykpn.exe

O4 - HKLM\..\Run: [internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"

O4 - HKLM\..\Run: [NI.UWFX5V_0001_N57M1412] "C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temporary Internet Files\Content.IE5\YX12ZMDO\WinFixer2005ScannerInstallFRA[1].exe" -nag

O4 - HKLM\..\Run: [Monxkn] C:\Program Files\Bgkbe\Dechn.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [sDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\Run: [spywarefighterguard] C:\Program Files\SPYWAREfighter\spftray.exe

O4 - HKLM\..\RunServices: [DJSNetCN] C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe

O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)

O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab

O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqemea/downloads/sysinfo.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://apoutsiak-alpes.spaces.msn.com//Pho...ad/MsnPUpld.cab

O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab

O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab

O16 - DPF: {8731163E-77B9-4F91-9122-F112521C28AF} (MMSPlayerX Class) - http://mmt.bouyguestelecom.fr/mmawap/jsp/c...r/mmsPlayer.cab

O16 - DPF: {8F48147B-78D9-40F9-ACC0-BDDE59B246F4} (AccountHelper Class) - http://abonnement.aliceadsl.fr/configurate...countHelper.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab

O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - http://www.photoways.com/clients/uploader_v2.2.0.6.cab

O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~4\GOEC62~1.DLL

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe

O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe

O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe

O23 - Service: Symantec Licensing Detect Internet Connection (DJSNETCN) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\DJSNETCN.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe

O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE

O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: SPYWAREfighterRP - SpamFighter APS - C:\Program Files\SPYWAREfighter\spfprc.exe

O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

 

--

End of file - 12832 bytes

[Lien Rag]

Bien.

 

relance Hijack " do a scan only" et coche ces lignes:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)

 

click Fix checked

 

ensuite

 

va sur ce site pour faire analyser 2 fichiers

 

click here

 

C:\WINDOWS\naykpn.exe

C:\Program Files\Bgkbe\Dechn.exe

 

Copie-colle à la fin le rapport dans une réponse.

Modifié le 20 décembre 2007 par Lien Rag

[Apoutsiak]

Bien.

 

relance Hijack " do a scan only" et coche ces lignes:

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

O2 - BHO: BHObj Class - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - C:\WINDOWS\nem220.dll (file missing)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: BHObj Class - {8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} - C:\WINDOWS\wsem303.dll (file missing)

 

click Fix checked

 

ensuite

 

va sur ce site pour faire analyser 2 fichiers

 

click here

 

C:\WINDOWS\naykpn.exe

C:\Program Files\Bgkbe\Dechn.exe

 

Copie-colle à la fin le rapport dans une réponse.

 

 

 

 

 

 

les 2 rapports :

0 bytes size received / Se ha recibido un archivo vacio

0 bytes size received / Se ha recibido un archivo vacio

 

et voilà

[Apoutsiak]

Ca a l'air de marcher

 

Un GRAND MERCI

 

Par contre l'ordi mouline à deux à l'heure...

[Lien Rag]

Bonsoir

 

Vire Norton

 

instal. Antivir et fais un scan complet

 

http://www.malekal.com//tutorial_antivir_security_suite.php

Modifié le 21 décembre 2007 par Lien Rag

[Apoutsiak]

Bonsoir

 

Vire Norton

 

instal. Antivir et fais un scan complet

 

http://www.malekal.com//tutorial_antivir_security_suite.php

 

 

J'ai désinstallé norton mais j'ai réinstallé avast avant ton drnier post

 

il y a des virus que j'ai mis en quarantaine, mais je ne parviens pas à imprimer de rapport sur la quarantaine

avec avast

 

 

j'ai fait une photo de la page ici

j'espère que c'est lisible

 

http://idata.over-blog.com/0/08/49/95/phot.../virus-2007.jpg

[Lien Rag]

... migre de Avast --> Antivir c'est mieux .

 

- Desinstallation de Avast

 

- rappel : http://www.malekal.com//tutorial_antivir_security_suite.php

 

Post bien le rapport antivir

[Apoutsiak]

... migre de Avast --> Antivir c'est mieux .

 

- Desinstallation de Avast

 

- rappel : http://www.malekal.com//tutorial_antivir_security_suite.php

 

Post bien le rapport antivir

 

J'ai installé antivir (la version gratuite donc je crois que l'antivirus n'est pas à jour)

 

Le résultat est le suivant

 

 

Premium Security Suite

Report file date: lundi 24 décembre 2007 09:38

 

Scanning for 835736 virus strains and unwanted programs.

 

Licensed to: Demo Version

Serial number:

Platform: Windows XP

Windows version: (Service Pack 2) [5.1.2600]

Username: Compaq_Propriétaire

Computer name: NOM-EB85C523610

 

Version information:

BUILD.DAT : 168 23343 Bytes 19/09/2007 13:52:00

AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29

AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51

LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47

LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20

ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15

ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55

ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 14:27:04

ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 14:27:13

AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 17:43:56

AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26

AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17

AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24

AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00

AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06

AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33

AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18

NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42

RCIMAGE.DLL : 7.0.1.32 2875432 Bytes 16/08/2007 13:13:12

RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 13:23:26

SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

 

Configuration settings for the scan:

Jobname..........................: Local Drives

Configuration file...............: c:\program files\avira\avira premium security suite\alldrives.avp

Logging..........................: low

Primary action...................: interactive

Secondary action.................: ignore

Scan master boot sector..........: off

Scan boot sector.................: on

Boot sectors.....................: F:,

Scan memory......................: on

Process scan.....................: on

Scan registry....................: on

Search for rootkits..............: off

Scan all files...................: Intelligent file selection

Scan archives....................: on

Recursion depth..................: 20

Smart extensions.................: on

Macro heuristic..................: on

File heuristic...................: medium

 

Start of the scan: lundi 24 décembre 2007 09:38

 

The scan of running processes will be started

Scan process 'avscan.exe' - '1' Module(s) have been scanned

Scan process 'iexplore.exe' - '1' Module(s) have been scanned

Scan process 'firefox.exe' - '1' Module(s) have been scanned

Scan process 'avcenter.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned

Scan process 'dslmon.exe' - '1' Module(s) have been scanned

Scan process 'avgnt.exe' - '1' Module(s) have been scanned

Scan process 'SFAgent.exe' - '1' Module(s) have been scanned

Scan process 'spfprc.exe' - '1' Module(s) have been scanned

Scan process 'spftray.exe' - '1' Module(s) have been scanned

Scan process 'avgas.exe' - '1' Module(s) have been scanned

Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned

Scan process 'hpgs2wnd.exe' - '1' Module(s) have been scanned

Scan process 'hphmon04.exe' - '1' Module(s) have been scanned

Scan process 'hpztsb05.exe' - '1' Module(s) have been scanned

Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned

Scan process 'ALCWZRD.EXE' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned

Scan process 'ctfmon.exe' - '1' Module(s) have been scanned

Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned

Scan process 'KBD.exe' - '1' Module(s) have been scanned

Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned

Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned

Scan process 'jusched.exe' - '1' Module(s) have been scanned

Scan process 'alg.exe' - '1' Module(s) have been scanned

Scan process 'MsPMSPSv.exe' - '1' Module(s) have been scanned

Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'sfus.exe' - '1' Module(s) have been scanned

Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned

Scan process 'swdsvc.exe' - '1' Module(s) have been scanned

Scan process 'svcntaux.exe' - '1' Module(s) have been scanned

Scan process 'AluSchedulerSvc.exe' - '1' Module(s) have been scanned

Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned

Scan process 'guard.exe' - '0' Module(s) have been scanned

Scan process 'avesvc.exe' - '1' Module(s) have been scanned

Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned

Scan process 'sched.exe' - '1' Module(s) have been scanned

Scan process 'explorer.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'avguard.exe' - '1' Module(s) have been scanned

Scan process 'spoolsv.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'svchost.exe' - '1' Module(s) have been scanned

Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned

Scan process 'lsass.exe' - '1' Module(s) have been scanned

Scan process 'services.exe' - '1' Module(s) have been scanned

Scan process 'winlogon.exe' - '1' Module(s) have been scanned

Scan process 'csrss.exe' - '1' Module(s) have been scanned

Scan process 'smss.exe' - '1' Module(s) have been scanned

53 processes with 53 modules were scanned

 

Start scanning boot sectors:

Boot sector 'C:\'

[NOTE] No virus was found!

Boot sector 'D:\'

[NOTE] No virus was found!

Boot sector 'H:\'

[NOTE] In the drive 'H:\' no data medium is inserted!

Boot sector 'I:\'

[NOTE] In the drive 'I:\' no data medium is inserted!

Boot sector 'J:\'

[NOTE] In the drive 'J:\' no data medium is inserted!

Boot sector 'L:\'

[NOTE] In the drive 'L:\' no data medium is inserted!

Boot sector 'O:\'

[NOTE] In the drive 'O:\' no data medium is inserted!

 

Starting to scan the registry.

The registry was scanned ( '49' files ).

 

 

Starting the file scan:

 

Begin scan in 'C:\' <PRESARIO>

C:\hiberfil.sys

[WARNING] The file could not be opened!

C:\pagefile.sys

[WARNING] The file could not be opened!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine5F31817.exe

[DETECTION] Is the Trojan horse TR/IstBar.BZ.1

[iNFO] The file was moved to '47b57199.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine6613108.exe

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.OE

[iNFO] The file was moved to '47a5722a.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine6645B05.dll

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.BH.1

[iNFO] The file was moved to '47a5722c.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine6645B05.exe

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds

[iNFO] The file was moved to '47a5722f.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine6680501.dll

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.CN

[iNFO] The file was moved to '47a57234.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine6680501.exe

[DETECTION] Is the Trojan horse TR/DelProx.A

[iNFO] The file was moved to '47a57238.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine66B2EFD.dll

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.CN

[iNFO] The file was moved to '47a57239.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14E84A35.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47b47266.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14EB7432.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47b4726b.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14EF1E2E.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47b4726d.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14F2482B.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47b5726f.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14F57227.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47b57271.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FE40135.exe

[DETECTION] Is the Trojan horse TR/DelProx.A

[iNFO] The file was moved to '47b472f1.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\246842C2.exe

[DETECTION] Is the Trojan horse TR/DelProx.A

[iNFO] The file was moved to '47a572eb.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\246B6CBF.exe

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.IJ.1

[iNFO] The file was moved to '47a572ed.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\246F16BB.exe

[DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.ds

[iNFO] The file was moved to '47a572ef.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33C7424E.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47b2730b.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B567908.zip

[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA

[iNFO] The file was moved to '47a473ff.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4DD1487C.exe

[DETECTION] Is the Trojan horse TR/IstBar.BZ.4

[iNFO] The file was moved to '47b37406.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\539F4788.exe

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.NK.2

[iNFO] The file was moved to '47a87407.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5961047B.exe

[DETECTION] Contains detection pattern of the Ad- or Spyware ADSPY/SurfAccuracy.Q

[iNFO] The file was moved to '47a57418.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\626F2850.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47a57421.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\69177C98.zip

[DETECTION] Contains detection pattern of the Java virus JAVA/OpenConne.AA

[iNFO] The file was moved to '47a07433.qua'!

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DFF644E.tmp

[DETECTION] Is the Trojan horse TR/Dldr.IstBar.21760

[iNFO] The file was moved to '47b5744a.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Bureau\internet\emoticones1_5.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was moved to '47de755d.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Bureau\internet\EmoticonesAnimaux.exe

[DETECTION] Contains suspicious code HEUR/Crypted

[iNFO] The file was moved to '47de7562.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT100D.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37777.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT10C7.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37779.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT10E5.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c3777b.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT197A.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c3777d.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT1E.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c3777f.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT1F.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37781.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT2.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37784.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT20.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37786.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT21.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c3778c.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT2FC.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c3778e.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT2FDC.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37791.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT3.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37793.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT3096.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37795.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT3D.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37797.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT6162.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c37798.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BIT630D.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c377cc.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BITD91.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c377d9.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BITE6.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c377db.qua'!

C:\Documents and Settings\Compaq_Propriétaire\Local Settings\Temp\BITFFC.tmp

[0] Archive type: ZIP

--> install-privacy-danger.bat

[DETECTION] Contains detection pattern of the batch virus BAT/Fake.Privdanger

[iNFO] The file was moved to '47c377e1.qua'!

 

 

End of the scan: lundi 24 décembre 2007 10:51

Used time: 1:12:46 min

 

The scan has been done completely.

 

8557 Scanning directories

421449 Files were scanned

43 viruses and/or unwanted programs were found

2 Files were classified as suspicious:

0 files were deleted

0 files were repaired

45 files were moved to quarantine

0 files were renamed

2 Files cannot be scanned

421406 Files not concerned

8012 Archives were scanned

2 Warnings

0 Notes