Se connecter / S'enregistrer
Votre question

A l'aide: PC infecté par Worm.VB.NRM et Win32.Worm.VB.NPM

Tags :
  • Worms
  • Sécurité
Dernière réponse : dans Sécurité et virus
9 Juillet 2008 20:28:31

Salut à tous

Mon PC est infecté par le virus Win32.Worm.VB.NRM et Win32.Worm.VB.NPM Des personnes pourraient me donner les démarches à suivre pour les supprimer ?

J'ai fait un scan Bitdefender on line et Malwarebytes' Anti-Malware voici les rapports.

Merci à vous

Zabo

rapport bitdefender:

BitDefender Online Scanner - Rapport virus en temps réel







Généré à: Wed, Jul 09, 2008 - 19:16:52









Info d'analyse







Fichiers scannés


128169

Infectés Fichiers


35















Virus Détectés







Win32.Worm.VB.NRM


17

Win32.Worm.VB.NPM


18


autre rapport:

BitDefender Online Scanner







Rapport d'analyse généré à: Wed, Jul 09, 2008 - 19:15:13









Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;















Statistiques

Temps


00:36:30

Fichiers


119284

Directoires


8839

Secteurs de boot


3

Archives


2272

Paquets programmes


12022







Résultats

Virus identifiés


3

Fichiers infectés


35

Fichiers suspects


0

Avertissements


0

Désinfectés


0

Fichiers effacés


34







Info sur les moteurs

Définition virus


1362605

Version des moteurs


AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins


16

Archive des plugins


42

Unpack des plugins


7

E-mail plugins


6

Système plugins


5







Paramètres d'analyse

Première action


Message

Seconde Action


Supprimé

Heuristique


Oui

Acceptez les avertissements


Oui

Extensions analysées


exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions




Analyse d'emails


Oui

Analyse des Archives


Oui

Analyser paquets programmes


Oui

Analyse des fichiers


Oui

Analyse de boot


Oui








Fichier analysé


Statut

C:\Recycled\INFO.EXE


Infecté par: Win32.Worm.VB.NRM

C:\Recycled\INFO.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101669.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101669.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101670.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101670.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101675.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101675.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101686.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101686.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101687.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101687.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101692.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101692.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101712.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101712.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101713.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101713.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101718.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101718.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101726.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101726.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101729.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101729.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101730.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101730.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101795.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101795.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101796.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101796.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101801.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101801.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101812.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101812.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101815.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101815.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101816.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101816.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101881.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101881.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101882.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101882.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101886.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101886.EXE


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102082.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102082.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102083.exe


Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102083.exe


Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102086.EXE


Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102086.EXE


Supprimé

C:\WINDOWS\Config\Svchost.exe


Infecté par: Win32.Worm.VB.NPM

C:\WINDOWS\Config\Svchost.exe


Supprimé

C:\WINDOWS\Config\System.exe


Infecté par: Win32.Worm.VB.NPM

C:\WINDOWS\Config\System.exe


Supprimé

C:\WINDOWS\System.exe


Infecté par: Win32.Worm.VB.NRM

C:\WINDOWS\System.exe


Echec de la suppression

C:\WINDOWS\System.exe


Echec de la suppression

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101678.EXE


Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101678.EXE


Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101695.EXE


Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101695.EXE


Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101721.EXE


Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101721.EXE


Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101804.EXE


Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101804.EXE


Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101889.EXE


Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101889.EXE


Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102089.EXE


Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102089.EXE


Supprimé

D:\Recycled\INFO.EXE


Infecté par: Win32.Worm.VB.NRM

D:\Recycled\INFO.EXE

Autres pages sur : aide infecte worm nrm win32 worm npm

9 Juillet 2008 20:29:28

voici le rapport Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 912
Windows 5.1.2600 Service Pack 2

19:59:52 09/07/2008
mbam-log-7-9-2008 (19-59-52).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 118565
Temps écoulé: 41 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
9 Juillet 2008 20:31:16

Le fichier infecté étant apparement C:\WINDOWS\System.exe
Contenus similaires
9 Juillet 2008 20:49:35

Bonsoir,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

  • Double clique sur HJTInstall.exe pour lancer l'installation.
  • Clique sur Install.
  • Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
  • Accepte la licence en cliquant sur Yes.
  • Clique sur Do a system scan and save a logfile.
  • Poste ici le rapport généré.

    Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

    Aide : Comment utiliser HijackThis.
    9 Juillet 2008 23:11:58

    Salut et merci à toi.

    Voici le rapport HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:09:22, on 09/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F3 - REG:win.ini: load=System
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:o s_startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5721 bytes
    9 Juillet 2008 23:46:00

    Re,

    Télécharge SDFix (d’Andy Manchesta).

  • Enregistre le sur ton le bureau.
  • Lance le.
  • Fais install afin qu’il puisse s’extraire.
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\
  • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
  • Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
  • Appuie sur Y pour le lancer.
  • Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
  • Il est probable que le redémarrage soit un peu plus long que d’habitude.
  • Une fois l’apparition de ton Bureau, il affichera Finished
  • Appuie sur une touche.
  • Un rapport est généré , poste le dans ta réponse.

    Il se trouve également. dans le dossier SDFix >Report.txt<
    10 Juillet 2008 21:04:24

    voici le rapport:


    SDFix: Version 1.204
    Run by HP_Propri‚taire on 10/07/2008 at 20:43

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    Checking Services :


    Restoring Default Security Values
    Restoring Default Hosts File

    Rebooting


    Checking Files :

    Trojan Files Found:

    C:\autorun.inf - Deleted
    C:\WINDOWS\config\svchost.exe - Deleted


    Could Not Remove C:\WINDOWS\System.exe



    Removing Temp Files

    ADS Check :



    Final Check :

    catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-10 20:55:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    scanning hidden registry entries ...

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 0


    Remaining Services :




    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
    "C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:D isabled:AOL France"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:D isabled:Windows Live Messenger (Phone)"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    Remaining Files :

    C:\WINDOWS\System.exe Found

    File Backups: - C:\SDFix\backups\backups.zip

    Files with Hidden Attributes :

    Mon 12 Sep 2005 218 A.SHR --- "C:\BOOT.BAK"
    Sun 18 Sep 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
    Thu 15 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
    Sun 25 Sep 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
    Sat 16 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
    Mon 21 Aug 2006 9,216 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Mes fichiers re‡us\~WRL2688.tmp"
    Wed 24 Mar 2004 22,528 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Moniteur Educateur\~WRL0005.tmp"
    Wed 30 Mar 2005 21,504 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Moniteur Educateur\~WRL0015.tmp"
    Mon 2 Feb 2004 45,568 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Moniteur Educateur\~WRL2826.tmp"
    Tue 22 Aug 2006 20,992 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Microsoft\Word\~WRL0004.tmp"
    Wed 20 Feb 2008 613,888 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Machina Deus Ex\cover cd figurines\~WRL3293.tmp"

    Finished!

    11 Juillet 2008 00:28:00

    Re,

    Oh !

    Sélectionne l'intégralité du cadre ci-dessous :

    Files to delete:
    C:\WINDOWS\System.exe

  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de Remove.txt

    Télécharge The Avenger (de Swandog46).

  • Dézippe le sur ton Bureau.
  • Lance le en double cliquant sur l’exécutable puis fais ok.
  • Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
  • Sélectionne ton fichier remove.txt se trouvant sur le Bureau.
  • Clique sur le feu vert puis sur oui.
  • Le programme va te demander de redémarrer ton pc, accepte.
  • Poste le rapport : C:\avenger.txt
    11 Juillet 2008 16:51:18

    Re

    Quelques précisions par rapport à the avenger..

    Lorque je selectionne Load Script from File je n'ai pas à cliker sur le dossier à droite, il me demande de chercher le fichier. Donc je pense bien que c'est le remove.txt ok ?

    Puis, je n'ai pas de feu vert, juste un bouton executer, je clik ? Je pense qu'il va donc "delete C:\WINDOWS\System.exe" exact ? Et ce n'est pas un fichier important pour le fonctionnement de windows ?

    Désol de mes questionnements cons !
    11 Juillet 2008 20:50:49

    J'ai lancé un post dans un autre forum, mais celui-ci reste le principal !
    XmichouX a l'air de toucher sa bille !;-)

    Zabo
    12 Juillet 2008 00:40:24

    Mon canned est obsolète, je vais le maj.

    Euh il ne faut pas faire plusieurs sujets ...

    Le fichier est nocif.
    12 Juillet 2008 00:51:07

    Pas de souci, je continue ici.

    Donc pour les questions que je me posais, tout est ok, je peux faire le scan the avenger ?

    merci encore
    12 Juillet 2008 00:55:24

    Ouaip
    12 Juillet 2008 01:03:58

    OK, je viens de faire the avenger. Le PC a redémarré normalement par contre une fenetre m'affiche "windows pas de disque" et le message exception processing message ....blahblah blah, des chifres + lettre
    Je dois choisir entre annuler, recommencer ou continuer.

    Malgré ce message, j'ai accès à tout sur mon pc...bizarre bizarre ?

    Voici le rapport the avenger:

    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    File "C:\WINDOWS\System.exe" deleted successfully.

    Completed script processing.

    *******************

    Finished! Terminate.
    12 Juillet 2008 01:20:41

    RE,

    J'ai simplement fermer la fenêtre pour ce message, j'ai redémarré mon pc, tout semble ok
    12 Juillet 2008 01:44:18

    Re,

    Poste un nouveau rapport HijackThis.
    12 Juillet 2008 08:58:52

    Hello,

    Voici le nouveau rapport HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:57:03, on 12/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    F3 - REG:win.ini: load=System
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:o s_startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5933 bytes
    12 Juillet 2008 14:14:49

    Re,

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    F3 - REG:win.ini: load=System
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !

    *************

    Télécharge MalwareByte's Anti-Malware sur ton Bureau.

  • Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

    Une fois l'installation et la mise à jour effectuées :
    Redémarre en mode sans échec
    /!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

  • Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
  • Afin de lancer la recherche, clic sur"Rechercher".
  • Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :
    -- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
    -- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

    REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.[/#f]

    [#FF0000]Aide
    : Comment utiliser MBAM.
    12 Juillet 2008 18:42:20

    RE

    Plus de 4 heures de scan en mode sans echec sur Malwaresbytes et il en reste encore pour un bon moment je pense...normal ?
    12 Juillet 2008 19:36:26

    RE

    Je vais devoir suspendre l'analyse, je pars en province pendant quelques jours. De retour jeudi, je reprendrai l'analyse Malware bytes et je posterai le rapport.

    Je passerai tout de même sur le forum voir si y'a des infos.

    Zabo
    12 Juillet 2008 21:14:00

    Pas de problème. Ça dépend de la taille du disque dur et du nombre d'infections trouvées pour le scan.
    18 Juillet 2008 18:23:54

    Salut,

    Je n'aurai pas le temps de reprendre le scan avant lundi. J'envoie un post lundi.

    Zabo
    22 Juillet 2008 08:42:41

    Salut,

    Après 15h de scan en mode sans echec, Malwarebytes n'a trouvé aucun virus ou fichiers infectés.
    Le PC est-il sain maintenant ou d'autres démarches sont à faire ?
    22 Juillet 2008 14:14:25

    Ok, poste un nouveau rapport HijackThis ;) 
    22 Juillet 2008 19:09:50

    Voici le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:08:21, on 22/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\System.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    F3 - REG:win.ini: load=System
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dump:o s_startup
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5558 bytes
    22 Juillet 2008 23:49:50

    Plus de soucis ?

    Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :
    F3 - REG:win.ini: load=System
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

    Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
    Puis Fix Checked !
    23 Juillet 2008 19:53:47

    Salut,

    Oui, pas de souci. L'ordi s'allume nickel et ferme pareil jusqu'à maintenant. Plus rapide, ça rame moins.

    Je viens de faire Hijackthis comme demandé.

    Zabo
    23 Juillet 2008 19:55:20

    Ok, tu n'as pas d'antivirus.

    Télécharge AntiVir sur ton Bureau.

  • Double clique sur l'exécutable téléchargé pour lancer l'installation.
  • A la fin de l'installation, clique sur Finish.
  • Ouvre Antivir, assure-toi qu’il soit bien à jour !
  • Dans l'onglet Local Protection, choisis Scanner.
  • Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
  • Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
  • Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

    Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

    Aide : Comment installer et utiliser AntiVir.
    23 Juillet 2008 20:43:42

    ok, voici le rapport antivir en mode normal, je lance maintenant le scan en mode sans echec et je le posterai.



    Avira AntiVir Personal
    Report file date: mercredi 23 juillet 2008 20:33

    Scanning for 1493153 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: HP_Propriétaire
    Computer name: PCZABO

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
    ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 18:30:49
    ANTIVIR3.VDF : 7.0.5.159 123904 Bytes 23/07/2008 18:30:49
    Engineversion : 8.1.1.11
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
    AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
    AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
    AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
    AEHEUR.DLL : 8.1.0.43 1339767 Bytes 23/07/2008 18:30:56
    AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
    AEGEN.DLL : 8.1.0.29 307573 Bytes 23/07/2008 18:30:53
    AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
    AECORE.DLL : 8.1.1.6 172405 Bytes 23/07/2008 18:30:51
    AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 8.0.0.1 98561 Bytes 23/07/2008 18:30:50
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: mercredi 23 juillet 2008 20:33

    Starting search for hidden objects.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\threadingmodel
    [INFO] The registry entry is invisible.
    HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2
    [INFO] The registry entry is invisible.
    '362719' objects were checked, '24' hidden objects were found.


    End of the scan: mercredi 23 juillet 2008 20:39
    Used time: 05:54 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes
    362719 Objects were scanned with rootkit scan
    24 Hidden objects were found

    23 Juillet 2008 21:23:09

    Voci le rapport antivir en mode sans echec, par contre le scan a pris 4 sec, normal ?!

    Aussi, à l'instant ou j'allais ecrire le message, antivir a detecté le virus : Virus or unwanted program 'Worm/VB.NPM.1 [worm]'
    detected in file 'C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103154.exe.
    Action performed: Move file to quarantine

    C'est toujours le même, je l'ai mis en quarantaine, je peux le supprimer ?

    Zabo

    Le scan mode sans echec:


    Avira AntiVir Personal
    Report file date: mercredi 23 juillet 2008 20:53

    Scanning for 1493153 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: HP_Propriétaire
    Computer name: PCZABO

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
    ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 18:30:49
    ANTIVIR3.VDF : 7.0.5.159 123904 Bytes 23/07/2008 18:30:49
    Engineversion : 8.1.1.11
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
    AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
    AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
    AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
    AEHEUR.DLL : 8.1.0.43 1339767 Bytes 23/07/2008 18:30:56
    AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
    AEGEN.DLL : 8.1.0.29 307573 Bytes 23/07/2008 18:30:53
    AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
    AECORE.DLL : 8.1.1.6 172405 Bytes 23/07/2008 18:30:51
    AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 8.0.0.1 98561 Bytes 23/07/2008 18:30:50
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Rootkit search
    Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
    Logging..........................: high
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Scan memory......................: off
    Process scan.....................: off
    Scan registry....................: off
    Search for rootkits..............: on
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: high
    Expanded search settings.........: 0x00300922

    Start of the scan: mercredi 23 juillet 2008 20:53

    Starting search for hidden objects.
    The driver could not be initialized.


    End of the scan: mercredi 23 juillet 2008 20:53
    Used time: 00:02 min

    The scan has been done completely.

    0 Scanning directories
    0 Files were scanned
    0 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    0 Files cannot be scanned
    0 Files not concerned
    0 Archives were scanned
    0 Warnings
    0 Notes

    23 Juillet 2008 22:25:00

    Pour info:

    Je viens de faire un system scan par antivir, il a trouvé 248 "viruses and/or unwanted programs", je les ai tous ignorer.

    Je poste le rapport si besoin:



    Avira AntiVir Personal
    Report file date: mercredi 23 juillet 2008 21:24

    Scanning for 1493153 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: PCZABO

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
    ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 18:30:49
    ANTIVIR3.VDF : 7.0.5.159 123904 Bytes 23/07/2008 18:30:49
    Engineversion : 8.1.1.11
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
    AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
    AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
    AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
    AEHEUR.DLL : 8.1.0.43 1339767 Bytes 23/07/2008 18:30:56
    AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
    AEGEN.DLL : 8.1.0.29 307573 Bytes 23/07/2008 18:30:53
    AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
    AECORE.DLL : 8.1.1.6 172405 Bytes 23/07/2008 18:30:51
    AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 8.0.0.1 98561 Bytes 23/07/2008 18:30:50
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: mercredi 23 juillet 2008 21:24

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'hpztsb04.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    C:\WINDOWS\System.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    Scan process 'System.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\System.exe'
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    27 processes with 27 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.

    The registry was scanned ( '18' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\Autorun.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [NOTE] The file was moved to '48fb8607.qua'!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Recycled\INFO.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48cd8d23.qua'!
    C:\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/Autorun.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    --> backups/Svchost.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    --> backups/System.exe
    [1] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101216.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101233.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101308.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101326.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP757\A0101372.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101493.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101516.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101535.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101582.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101598.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101614.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101640.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101673.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101690.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101716.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101728.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101799.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101814.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101883.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102084.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102144.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102152.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102153.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102154.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102156.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102168.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102169.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102170.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102172.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102182.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102183.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102184.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102186.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102193.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102194.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102195.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102197.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102204.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102206.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102210.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102211.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102212.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102251.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102253.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102261.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102262.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102263.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102265.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102280.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102281.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102282.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102284.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102295.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102296.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102297.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102298.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102300.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102313.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102314.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102315.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102317.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102327.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102328.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102329.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102331.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102340.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102341.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102342.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102344.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102516.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102517.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102518.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102520.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102544.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102545.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102546.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102548.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102556.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102557.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102558.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102560.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102568.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102569.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102570.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102572.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102582.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102583.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102584.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102586.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102595.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102596.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102597.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102599.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102611.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102612.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102613.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102615.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103019.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103020.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103021.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103023.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103037.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103038.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103039.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103041.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103055.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103056.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103057.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103059.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103069.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103070.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103071.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103073.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103087.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103088.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103089.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103091.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103099.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103100.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103101.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103103.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103111.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103112.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103113.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103115.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103123.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103124.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103125.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103127.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103136.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103137.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103138.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103140.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103155.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103156.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103158.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103166.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103167.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103168.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103170.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103179.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103180.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103181.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103183.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103191.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103192.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103193.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103195.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103203.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103204.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103205.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103207.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\WINDOWS\System.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\WINDOWS\Config\Svchost.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    C:\WINDOWS\Config\System.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    Begin scan in 'D:\' <HP_RECOVERY>
    D:\Autorun.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101311.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101329.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP757\A0101375.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101496.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101519.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101538.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101585.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101602.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101617.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101642.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101676.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101693.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101719.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101802.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101887.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102087.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102146.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102157.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102159.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102173.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102175.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102187.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102189.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102198.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102200.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102207.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102209.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102254.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102256.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102266.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102268.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102285.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102287.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102301.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102303.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102318.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102320.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102332.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102334.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102345.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102347.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102521.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102523.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102549.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102551.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102561.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102563.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102573.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102575.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102587.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102589.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102600.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102602.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102616.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102618.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103024.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103026.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103042.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103044.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103060.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103062.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103074.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103076.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103092.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103094.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103104.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103106.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103116.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103118.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103128.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103130.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103141.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103143.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103159.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103161.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103171.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103173.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103184.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103186.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103196.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103198.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103208.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103210.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101219.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101237.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [WARNING] The file was ignored!
    D:\Recycled\INFO.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] The file was ignored!


    End of the scan: mercredi 23 juillet 2008 22:19
    Used time: 54:38 min

    The scan has been done completely.

    9045 Scanning directories
    431527 Files were scanned
    248 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    431279 Files not concerned
    15191 Archives were scanned
    248 Warnings
    2 Notes

    24 Juillet 2008 14:48:13

    Re,

    Refais le scan et mets tout en quarantaine (mode sans échec).
    27 Juillet 2008 18:22:14

    Salut,

    J'ai fait le scan en mode sans echec et j'ai tout mis en quarantaine, sauf des fichier ou je n'avais le choix qu'entre ignore ou delete, j'ai choisis ignore...

    Zabo
    27 Juillet 2008 18:34:17

    Poste le rapport.
    27 Juillet 2008 19:56:04

    Et oui....quel c..., j'avais zappé !!

    le voila:



    Avira AntiVir Personal
    Report file date: dimanche 27 juillet 2008 11:09

    Scanning for 1512830 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: HP_Propriétaire
    Computer name: PCZABO

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
    ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 23:09:36
    ANTIVIR3.VDF : 7.0.5.176 40960 Bytes 26/07/2008 21:54:19
    Engineversion : 8.1.1.12
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
    AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
    AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
    AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
    AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
    AEHEUR.DLL : 8.1.0.44 1343863 Bytes 24/07/2008 16:52:44
    AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
    AEGEN.DLL : 8.1.0.31 311669 Bytes 24/07/2008 16:52:41
    AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
    AECORE.DLL : 8.1.1.7 172406 Bytes 24/07/2008 16:52:40
    AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 8.0.0.2 98561 Bytes 25/07/2008 23:09:37
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 27 juillet 2008 11:09

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    C:\WINDOWS\System.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    Scan process 'System.exe' - '1' Module(s) have been scanned
    Module is infected -> 'C:\WINDOWS\System.exe'
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    12 processes with 12 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD2
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD3
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.
    Master boot sector HD4
    [INFO] No virus was found!
    [WARNING] Le périphérique n'est pas prêt.

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.

    The registry was scanned ( '23' files ).


    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\Autorun.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [NOTE] The file was moved to '49003bd5.qua'!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Recycled\INFO.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48d268e5.qua'!
    C:\SDFix\backups\backups.zip
    [0] Archive type: ZIP
    --> backups/Autorun.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    --> backups/Svchost.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    --> backups/System.exe
    [1] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48ef68fe.qua'!
    C:\WINDOWS\System.exe
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    C:\WINDOWS\Config\Svchost.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48ef744f.qua'!
    C:\WINDOWS\Config\System.exe
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48ff7452.qua'!
    Begin scan in 'D:\' <HP_RECOVERY>
    D:\Autorun.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [NOTE] The file was moved to '49008180.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103393.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48bd86b6.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103450.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '493375ef.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103463.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48bd86b7.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103504.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [NOTE] The file was moved to '493375e0.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103506.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48bd86b8.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103516.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [NOTE] The file was moved to '493375e1.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103518.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48bd86b9.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103527.inf
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
    [NOTE] The file was moved to '493375e2.qua'!
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103529.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48bd86bb.qua'!
    D:\Recycled\INFO.EXE
    [0] Archive type: RSRC
    --> Object
    [DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
    [NOTE] The file was moved to '48d286d8.qua'!


    End of the scan: dimanche 27 juillet 2008 16:30
    Used time: 5:21:15 min

    The scan has been done completely.

    9663 Scanning directories
    440068 Files were scanned
    20 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    16 files were moved to quarantine
    0 files were renamed
    1 Files cannot be scanned
    440048 Files not concerned
    15196 Archives were scanned
    6 Warnings
    16 Notes

    27 Juillet 2008 20:26:45

    C'est revenu ..

    Télécharge ComboFix (de sUBs) sur ton Bureau.

  • Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
  • Double clique sur ComboFix.exe.
  • Accepte la licence en cliquant sur Oui.
  • Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

    Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

    Aide : Comment utiliser ComboFix.
    27 Juillet 2008 21:19:19

    Voila, c'est fait, voici le rapport:

    ComboFix 08-07-27.2 - HP_Propriétaire 2008-07-27 21:09:38.1 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.136 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    * Création d'un nouveau point de restauration
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\WINDOWS\config\svchost.exe
    C:\WINDOWS\system.exe

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-26 02:16 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
    2008-07-26 02:11 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Native Instruments
    2008-07-26 02:08 . 2008-07-26 02:08 <REP> d-------- C:\Program Files\VirSyn Software Synthesizer
    2008-07-26 02:06 . 2008-07-26 02:06 <REP> d-------- C:\Program Files\Steinberg
    2008-07-26 02:05 . 2008-07-26 02:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-26 01:54 . 2008-07-26 02:25 <REP> d-------- C:\Program Files\VstPlugins
    2008-07-26 01:54 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-07-26 01:53 . 2008-07-26 01:55 <REP> d-------- C:\Program Files\Image-Line
    2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Program Files\Avira
    2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-18 08:25 . 2008-07-18 08:25 <REP> d-------- C:\Program Files\Bonjour
    2008-07-18 08:16 . 2008-07-18 08:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-18 08:16 . 2008-07-18 08:16 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-11 19:13 . 2008-07-11 20:58 <REP> d-------- C:\Program Files\Thoosje Sidebar V2.3
    2008-07-10 20:37 . 2008-07-10 20:37 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-10 20:33 . 2008-07-10 21:00 <REP> d-------- C:\SDFix
    2008-07-09 23:08 . 2008-07-09 23:08 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-01 23:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-01 23:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-27 18:07 --------- d-----w C:\Program Files\eMule
    2008-07-18 06:26 --------- d-----w C:\Program Files\iTunes
    2008-07-18 06:26 --------- d-----w C:\Program Files\iPod
    2008-07-18 06:24 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 10:24 --------- d-----w C:\Program Files\Soulseek
    2008-07-12 10:21 --------- d-----w C:\Program Files\Easy CD-DA Extractor 4.7.1
    2008-07-12 10:20 --------- d-----w C:\Program Files\DivX
    2008-06-24 06:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-06-22 13:36 --------- d-----w C:\Program Files\EasyBox
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2005-09-18 15:19 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 19:05 196608]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP53"= SP5X_32.DLL
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "VIDC.SP59"= SP5X_32.DLL
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "midi2"= KORGUMDD.DRV

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=

    R1 pctvNT;Studio PCTV;C:\WINDOWS\system32\DRIVERS\pctvW2k.sys [2000-02-08 17:56]
    R3 TESTCAP;Studio PCTV (Audio);C:\WINDOWS\system32\DRIVERS\PCTVAud.sys [2000-02-08 10:25]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
    S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2005-12-20 03:07]
    S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 09:21]
    S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 09:24]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd18164-74d8-11db-b1e3-0013d328d3b3}]
    \Shell\AutoRun\command - J:\LaunchU3.exe

    *Newly Created Service* - PROCEXP90
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    2008-04-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-slide.exe - C:\Program Files\Slide\Slide.exe
    HKLM-Run-OutpostFeedBack - C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe
    HKLM-Run-AutoTBar - c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE


    .
    ------- Supplementary Scan -------
    .
    R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
    R1 -: HKCU-Internet Settings,ProxyOverride = *.local
    O17 -: HKLM\CCS\Interface\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177

    O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    C:\WINDOWS\Downloaded Program Files\oscan8.inf
    C:\WINDOWS\bdoscandellang.ini
    C:\WINDOWS\bdoscandel.exe
    C:\WINDOWS\Downloaded Program Files\live.ini
    C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
    C:\WINDOWS\Downloaded Program Files\lang.ini
    C:\WINDOWS\Downloaded Program Files\ipsupd.dll
    C:\WINDOWS\Downloaded Program Files\bdupd.dll
    C:\WINDOWS\Downloaded Program Files\libfn.dll
    C:\WINDOWS\Downloaded Program Files\bdcore.dll
    C:\WINDOWS\Downloaded Program Files\oscan8.ocx

    O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
    C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
    C:\WINDOWS\system32\msvcp60.dll
    C:\WINDOWS\system32\atl.dll
    C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
    C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll

    O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
    C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
    C:\WINDOWS\system32\unicows.dll
    C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx


    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-27 21:12:44
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-27 21:16:59
    ComboFix-quarantined-files.txt 2008-07-27 19:16:26

    Pre-Run: 24,491,200,512 octets libres
    Post-Run: 24,596,180,992 octets libres

    164 --- E O F --- 2008-07-09 07:39:37
    27 Juillet 2008 23:15:47

    C'est mieux ?
    Poste un nouveau rapport HijackThis.
    27 Juillet 2008 23:41:29

    Rien de mieux apparemment. Antivir m'a repéré des virus sur System information....que j'ai mis en quarantaine.

    Voici le rapport hijackthis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:38:37, on 27/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5170 bytes
    28 Juillet 2008 00:06:32

    Re,

    Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

  • Autorise les Active x.
  • Clique sur Démarrer Online Scanner.
  • Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
  • Colle son rapport ici.
  • Poste un nouveau rapport Hijackthis.

    Aide : Comment faire un scan en ligne avec Kaspersky .
    29 Juillet 2008 18:43:22

    Salut

    Impossible pour moi de faire le scan kaspersky. IE bloque l'installation du controle active X, il ne me donne même pas le choix, IE refuse categoriquement, j'ai même désactivé le pare feu windows...rien.

    29 Juillet 2008 18:49:23

    c ok, je devais installer Java avant. Je lance le scan
    29 Juillet 2008 21:26:13

    RE,

    Voici les rapport Kaspersky et hijackThis:

    Kaspersky:

    KASPERSKY ONLINE SCANNER 7 REPORT
    Tuesday, July 29, 2008
    Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
    Kaspersky Online Scanner 7 version: 7.0.25.0
    Program database last update: Tuesday, July 29, 2008 16:40:54
    Records in database: 1023241
    Scan settings
    Scan using the following database extended
    Scan archives yes
    Scan mail databases yes
    Scan area My Computer
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    Scan statistics
    Files scanned 102009
    Threat name 3
    Infected objects 8
    Suspicious objects 0
    Duration of the scan 02:15:41

    File name Threat name Threats count
    C:\Documents and Settings\HP_Propriétaire\Mes documents\Logiciels\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\Documents and Settings\HP_Propriétaire\Mes documents\Logiciels\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
    C:\QooBox\Quarantine\C\WINDOWS\Config\Svchost.exe.vir Infected: Virus.Win32.AutoRun.aim 1
    C:\QooBox\Quarantine\C\WINDOWS\System.exe.vir Infected: Worm.Win32.AutoRun.aha 1
    C:\Recycled\INFO.EXE Infected: Worm.Win32.AutoRun.aha 1
    C:\WINDOWS\Config\System.exe Infected: Virus.Win32.AutoRun.aim 1
    D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103547.EXE Infected: Worm.Win32.AutoRun.aha 1
    D:\Recycled\INFO.EXE Infected: Worm.Win32.AutoRun.aha 1
    The selected area was scanned.


    Et HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:22:47, on 29/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 5993 bytes
    29 Juillet 2008 22:04:21

    Re,

    Sélectionne l'intégralité du cadre ci-dessous :

    File::
    C:\Recycled\INFO.EXE
    C:\WINDOWS\Config\System.exe
    D:\Recycled\INFO.EXE
    C\WINDOWS\Config\Svchost.exe
    C\WINDOWS\System.exe


  • Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
  • Enregistre le sous sur ton bureau sous le nom de CFScript.txt
  • Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

  • Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.
    29 Juillet 2008 22:36:29

    Salut,

    Tu as écrit "File::", c'est bien celà ? ou c'est "File:" ?
    30 Juillet 2008 13:38:43

    Hello,

    C'est bien File::
    30 Juillet 2008 16:53:03

    Salut,

    Voici le rapport combofix:

    ComboFix 08-07-27.2 - HP_Propriétaire 2008-07-30 16:41:52.2 - NTFSx86
    Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.115 [GMT 2:00]
    Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
    Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
    * Création d'un nouveau point de restauration

    FILE ::
    C:\Recycled\INFO.EXE
    C:\WINDOWS\Config\System.exe
    D:\Recycled\INFO.EXE
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Recycled\INFO.EXE
    C:\WINDOWS\Config\System.exe
    D:\Recycled\INFO.EXE

    .
    ((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
    .

    2008-07-29 18:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
    2008-07-26 02:16 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
    2008-07-26 02:11 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Native Instruments
    2008-07-26 02:08 . 2008-07-26 02:08 <REP> d-------- C:\Program Files\VirSyn Software Synthesizer
    2008-07-26 02:06 . 2008-07-26 02:06 <REP> d-------- C:\Program Files\Steinberg
    2008-07-26 02:05 . 2008-07-26 02:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-07-26 01:54 . 2008-07-26 02:25 <REP> d-------- C:\Program Files\VstPlugins
    2008-07-26 01:54 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
    2008-07-26 01:53 . 2008-07-26 01:55 <REP> d-------- C:\Program Files\Image-Line
    2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Program Files\Avira
    2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
    2008-07-18 08:25 . 2008-07-18 08:25 <REP> d-------- C:\Program Files\Bonjour
    2008-07-18 08:16 . 2008-07-18 08:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
    2008-07-18 08:16 . 2008-07-18 08:16 1,409 --a------ C:\WINDOWS\QTFont.for
    2008-07-11 19:13 . 2008-07-11 20:58 <REP> d-------- C:\Program Files\Thoosje Sidebar V2.3
    2008-07-10 20:37 . 2008-07-10 20:37 <REP> d-------- C:\WINDOWS\ERUNT
    2008-07-10 20:33 . 2008-07-10 21:00 <REP> d-------- C:\SDFix
    2008-07-09 23:08 . 2008-07-09 23:08 <REP> d-------- C:\Program Files\Trend Micro
    2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
    2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-07-01 23:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
    2008-07-01 23:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
    2008-06-13 21:36 . 2008-07-30 16:42 <REP> d--hs---- C:\Recycled
    2008-06-11 07:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-06-11 07:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-07-30 06:14 --------- d-----w C:\Program Files\eMule
    2008-07-29 16:47 --------- d-----w C:\Program Files\Java
    2008-07-27 19:41 --------- d-----w C:\Program Files\EasyBox
    2008-07-18 06:26 --------- d-----w C:\Program Files\iTunes
    2008-07-18 06:26 --------- d-----w C:\Program Files\iPod
    2008-07-18 06:24 --------- d-----w C:\Program Files\QuickTime
    2008-07-12 10:24 --------- d-----w C:\Program Files\Soulseek
    2008-07-12 10:21 --------- d-----w C:\Program Files\Easy CD-DA Extractor 4.7.1
    2008-07-12 10:20 --------- d-----w C:\Program Files\DivX
    2008-06-24 06:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
    2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
    2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
    2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
    2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
    2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
    2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
    2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
    2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
    2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
    2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
    2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
    2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
    2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
    2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
    2005-09-18 15:19 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
    .

    ((((((((((((((((((((((((((((( snapshot@2008-07-27_21.15.59.34 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2005-11-10 10:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
    + 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
    - 2005-11-10 10:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
    + 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
    - 2005-11-10 12:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
    + 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 19:05 196608]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.SP53"= SP5X_32.DLL
    "VIDC.SP54"= SP5X_32.DLL
    "VIDC.SP55"= SP5X_32.DLL
    "VIDC.SP56"= SP5X_32.DLL
    "VIDC.SP57"= SP5X_32.DLL
    "VIDC.SP58"= SP5X_32.DLL
    "VIDC.SP59"= SP5X_32.DLL
    "vidc.3iv2"= 3ivxVfWCodec.dll
    "VIDC.VP31"= vp31vfw.dll
    "midi2"= KORGUMDD.DRV

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "C:\\Program Files\\iTunes\\iTunes.exe"=
    "C:\\Program Files\\EasyBox\\vlc\\vlc.exe"=
    "C:\\Program Files\\EasyBox\\apache\\apache.exe"=

    R1 pctvNT;Studio PCTV;C:\WINDOWS\system32\DRIVERS\pctvW2k.sys [2000-02-08 17:56]
    R3 TESTCAP;Studio PCTV (Audio);C:\WINDOWS\system32\DRIVERS\PCTVAud.sys [2000-02-08 10:25]
    R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
    S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
    S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2005-12-20 03:07]
    S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 09:21]
    S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 09:24]
    S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
    S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
    S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
    S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
    S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
    S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
    S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd18164-74d8-11db-b1e3-0013d328d3b3}]
    \Shell\AutoRun\command - J:\LaunchU3.exe
    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    2008-04-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
    .
    **************************************************************************

    catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-07-30 16:46:26
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-07-30 16:50:23
    ComboFix-quarantined-files.txt 2008-07-30 14:49:40
    ComboFix2.txt 2008-07-27 19:17:00

    Pre-Run: 19,313,680,384 octets libres
    Post-Run: 19,303,428,096 octets libres

    160 --- E O F --- 2008-07-09 07:39:37
    31 Juillet 2008 00:14:46

    C'est mieux ?
    Poste un novueau rapport HijackTHis.
    31 Juillet 2008 08:33:20

    Salut

    Et bien je peux pas te dire. Depuis les 1eres démarches mon PC est plus rapide, mais antivir me signale tjs la presence des même fichiers infectés, après le sont ils réellement ? Je les met à chaque fois en quarantaine, je peux les supprimer sinon ?

    Voici le rapport hijackthis:
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 08:28:30, on 31/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\eMule\emule.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld...
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSig...
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u...
    O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.com/html_include_bibli...
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    --
    End of file - 6078 bytes
    31 Juillet 2008 12:07:25

    Re,

    Normalement, cette fois-ci c'est bon. On va quand même vérifier.

    Supprime C:\Qoobox

    Fais un nouveau scan AntiVir ou bien Kaspersky ;) 
        • 1 / 2
        • 2
        • Dernier
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS