Se connecter / S'enregistrer
Votre question

virus msn

Tags :
  • windows media player
  • Sécurité
Dernière réponse : dans Sécurité et virus
22 Janvier 2008 13:05:45

Bonjour,
J'ai choppé le virus MSN "c'est pas toi".
Comment puis-je le supprimer ?
Merci de m'aider.

Autres pages sur : virus msn

a b 8 Sécurité
22 Janvier 2008 13:07:25

Bonjour,

Télécharge MSNFix.zip ([#ff0000]!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

[#ff0000]Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log
22 Janvier 2008 13:37:16

MSNFix 1.639-2

C:\Documents and Settings\Taz1917\Bureau\MSNFix
Fix exécuté le 23/01/2007 - 13:31:24,12 By Taz1917
mode normal

************************ Recherche les fichiers présents

Aucun Fichier trouvé

************************ Recherche les dossiers présents

Aucun dossier trouvé


************************ Fichiers suspects

Aucun Fichier trouvé



------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Contenus similaires
22 Janvier 2008 18:21:42

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:53, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Documents and Settings\Taz1917\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [messengerskinner] C:\Program Files\MessengerSkinner\MessengerSkinner.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

--
End of file - 4866 bytes
a b 8 Sécurité
22 Janvier 2008 18:29:03

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
22 Janvier 2008 18:43:17

Search Navipromo version 3.4.2 commencé le 23/01/2007 à 18:30:56,59

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Executé en mode normal

*** Recherche Programmes installés ***


MessengerSkinner


*** Recherche dossiers dans C:\WINDOWS ***

C:\WINDOWS\msskinner trouvé !


*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***




*** Recherche dossiers dans "C:\Documents and Settings\Taz1917\application data" ***

...\MessengerSkinner trouvé !


*** Recherche dossiers dans "C:\Documents and Settings\Taz1917\local settings\application data" ***



*** Recherche dossiers dans "C:\Documents and Settings\Taz1917\MENUDM~1\PROGRA~1" ***

...\MessengerSkinner trouvé !

*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Fichier(s) caché(s) :

C:\WINDOWS\system32\bxcxxjoqj.dat
C:\WINDOWS\system32\bxcxxjoqj.exe
C:\WINDOWS\system32\bxcxxjoqj_nav.dat
C:\WINDOWS\system32\bxcxxjoqj_navps.dat



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

Fichiers trouvés :

aadezogn.exe trouvé !
aszypmrcst.exe trouvé !
bafprba.exe trouvé !
bbmejpipt.exe trouvé !
blbuhxbag.exe trouvé !
bthdjfevc.exe trouvé !
ctlztbajg.exe trouvé !
cumwifl.exe trouvé !
fhztdpzh.exe trouvé !
fjgsls.exe trouvé !
gcbliozkb.exe trouvé !
gdhibedm.exe trouvé !
gtsont.exe trouvé !
ifvuwqqvs.exe trouvé !
iuglttfpc.exe trouvé !
jxsosf.exe trouvé !
kasfgda.exe trouvé !
kgtmujs.exe trouvé !
knjcelkm.exe trouvé !
kvsqsgindb.exe trouvé !
nmwxur.exe trouvé !
pbgvgrdszp.exe trouvé !
qfgvis.exe trouvé !
qiiyniygm.exe trouvé !
sfonboqlk.exe trouvé !
ublfcxsre.exe trouvé !
ukchdyvuvl.exe trouvé !
ukodfk.exe trouvé !
vipnpyje.exe trouvé !
wqfbim.exe trouvé !
xwlghg.exe trouvé !
ynqnynfg.exe trouvé !
zrttuv.exe trouvé !

* Recherche dans "C:\Documents and Settings\Taz1917\local settings\application data" *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans C:\WINDOWS\system32 :

bxcxxjoqj.dat trouvé !

* Dans "C:\Documents and Settings\Taz1917\local settings\application data" :


3)Recherche Certificats :

Certificat Egroup trouvé !

4)Recherche fichiers connus :



*** Analyse terminée le 23/01/2007 à 18:41:19,56 ***
a b 8 Sécurité
22 Janvier 2008 19:00:06

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.
22 Janvier 2008 19:11:44

Clean Navipromo version 3.4.2 commencé le 23/01/2007 à 19:02:44,21

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 21.01.2008 à 14h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11
Système de fichiers : NTFS

Mode suppression automatique


*** Creation backups fichiers trouvés par Catchme ***

Copie vers "C:\Program Files\navilog1\Backupnavi"

Copie C:\WINDOWS\system32\bxcxxjoqj.dat réalisée avec succès !
Copie C:\WINDOWS\system32\bxcxxjoqj.exe réalisée avec succès !
Copie C:\WINDOWS\system32\bxcxxjoqj_nav.dat réalisée avec succès !
Copie C:\WINDOWS\system32\bxcxxjoqj_navps.dat réalisée avec succès !

*** Suppression des fichiers trouvés avec Catchme ***

C:\WINDOWS\system32\bxcxxjoqj.dat supprimé !
C:\WINDOWS\system32\bxcxxjoqj.exe supprimé !
C:\WINDOWS\system32\bxcxxjoqj_nav.dat supprimé !
C:\WINDOWS\system32\bxcxxjoqj_navps.dat supprimé !

** 2ème passage avec résultats Catchme **

* Dans C:\WINDOWS\system32 *


C:\WINDOWS\prefetch\bxcxxjoqj*.pf trouvé !
Copie C:\WINDOWS\prefetch\bxcxxjoqj*.pf réalisée avec succès !
C:\WINDOWS\prefetch\bxcxxjoqj*.pf supprimé !

* Dans "C:\Documents and Settings\Taz1917\local settings\application data" *


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *

aadezogn.exe trouvé !
Copie aadezogn.exe réalisée avec succès !
aadezogn.exe supprimé !

aszypmrcst.exe trouvé !
Copie aszypmrcst.exe réalisée avec succès !
aszypmrcst.exe supprimé !

bafprba.exe trouvé !
Copie bafprba.exe réalisée avec succès !
bafprba.exe supprimé !

bbmejpipt.exe trouvé !
Copie bbmejpipt.exe réalisée avec succès !
bbmejpipt.exe supprimé !

blbuhxbag.exe trouvé !
Copie blbuhxbag.exe réalisée avec succès !
blbuhxbag.exe supprimé !

bthdjfevc.exe trouvé !
Copie bthdjfevc.exe réalisée avec succès !
bthdjfevc.exe supprimé !

ctlztbajg.exe trouvé !
Copie ctlztbajg.exe réalisée avec succès !
ctlztbajg.exe supprimé !

cumwifl.exe trouvé !
Copie cumwifl.exe réalisée avec succès !
cumwifl.exe supprimé !

fhztdpzh.exe trouvé !
Copie fhztdpzh.exe réalisée avec succès !
fhztdpzh.exe supprimé !

fjgsls.exe trouvé !
Copie fjgsls.exe réalisée avec succès !
fjgsls.exe supprimé !

gcbliozkb.exe trouvé !
Copie gcbliozkb.exe réalisée avec succès !
gcbliozkb.exe supprimé !

gdhibedm.exe trouvé !
Copie gdhibedm.exe réalisée avec succès !
gdhibedm.exe supprimé !

gtsont.exe trouvé !
Copie gtsont.exe réalisée avec succès !
gtsont.exe supprimé !

ifvuwqqvs.exe trouvé !
Copie ifvuwqqvs.exe réalisée avec succès !
ifvuwqqvs.exe supprimé !

iuglttfpc.exe trouvé !
Copie iuglttfpc.exe réalisée avec succès !
iuglttfpc.exe supprimé !

jxsosf.exe trouvé !
Copie jxsosf.exe réalisée avec succès !
jxsosf.exe supprimé !

kasfgda.exe trouvé !
Copie kasfgda.exe réalisée avec succès !
kasfgda.exe supprimé !

kgtmujs.exe trouvé !
Copie kgtmujs.exe réalisée avec succès !
kgtmujs.exe supprimé !

knjcelkm.exe trouvé !
Copie knjcelkm.exe réalisée avec succès !
knjcelkm.exe supprimé !

kvsqsgindb.exe trouvé !
Copie kvsqsgindb.exe réalisée avec succès !
kvsqsgindb.exe supprimé !

nmwxur.exe trouvé !
Copie nmwxur.exe réalisée avec succès !
nmwxur.exe supprimé !

pbgvgrdszp.exe trouvé !
Copie pbgvgrdszp.exe réalisée avec succès !
pbgvgrdszp.exe supprimé !

qfgvis.exe trouvé !
Copie qfgvis.exe réalisée avec succès !
qfgvis.exe supprimé !

qiiyniygm.exe trouvé !
Copie qiiyniygm.exe réalisée avec succès !
qiiyniygm.exe supprimé !

sfonboqlk.exe trouvé !
Copie sfonboqlk.exe réalisée avec succès !
sfonboqlk.exe supprimé !

ublfcxsre.exe trouvé !
Copie ublfcxsre.exe réalisée avec succès !
ublfcxsre.exe supprimé !

ukchdyvuvl.exe trouvé !
Copie ukchdyvuvl.exe réalisée avec succès !
ukchdyvuvl.exe supprimé !

ukodfk.exe trouvé !
Copie ukodfk.exe réalisée avec succès !
ukodfk.exe supprimé !

vipnpyje.exe trouvé !
Copie vipnpyje.exe réalisée avec succès !
vipnpyje.exe supprimé !

wqfbim.exe trouvé !
Copie wqfbim.exe réalisée avec succès !
wqfbim.exe supprimé !

xwlghg.exe trouvé !
Copie xwlghg.exe réalisée avec succès !
xwlghg.exe supprimé !

ynqnynfg.exe trouvé !
Copie ynqnynfg.exe réalisée avec succès !
ynqnynfg.exe supprimé !

zrttuv.exe trouvé !
Copie zrttuv.exe réalisée avec succès !
zrttuv.exe supprimé !


* Suppression dans "C:\Documents and Settings\Taz1917\local settings\application data" *



*** Suppression dossiers dans C:\WINDOWS ***

C:\WINDOWS\msskinner ...suppression...
C:\WINDOWS\msskinner supprimé !


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\APPLIC~1 ***


*** Suppression dossiers dans "C:\Documents and Settings\Taz1917\application data" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !


*** Suppression dossiers dans "C:\Documents and Settings\Taz1917\local settings\application data" ***


*** Suppression dossiers dans "C:\Documents and Settings\Taz1917\MENUDM~1\PROGRA~1" ***

...\MessengerSkinner ...suppression...
...\MessengerSkinner supprimé !


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !
C:\WINDOWS\prefetch\MESSENGERSKINNER.EXE-0EE2A110.pf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Taz1917\local settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Suppression avec sauvegardes nouveaux fichiers Instant Access :

2)Recherche, création sauvegardes et suppression Heuristique :


* Dans C:\WINDOWS\system32 *


* Dans "C:\Documents and Settings\Taz1917\local settings\application data" *


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisée avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 23/01/2007 à 19:06:53,14 ***

22 Janvier 2008 19:12:17

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:10:23, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taz1917\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

--
End of file - 4637 bytes
22 Janvier 2008 21:09:37



AntiVir PersonalEdition Classic
Report file date: mardi 23 janvier 2007 20:04

Scanning for 1063907 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TAZ

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:51:26
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 18:51:26
ANTIVIR3.VDF : 7.0.2.31 319488 Bytes 22/01/2008 18:51:26
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 23/01/2007 18:51:28
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/01/2007 18:51:29
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 23 janvier 2007 20:04

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '21' files ).


Starting the file scan:

Begin scan in 'C:\' <Disque local>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Taz1917\Local Settings\Temporary Internet Files\Content.IE5\2M9Q0LN0\ddos[1].txt
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Agent.alm Backdoor server programs
[INFO] The file was moved to '46255d35.qua'!
C:\Documents and Settings\Taz1917\Local Settings\Temporary Internet Files\Content.IE5\MWF6GTS8\naked0453[1].com
[DETECTION] Is the Trojan horse TR/Agent.dwd.4
[INFO] The file was moved to '46215e66.qua'!
C:\Documents and Settings\Taz1917\Local Settings\Temporary Internet Files\Content.IE5\TXZ7FAO6\cprdshtvt[1].htm
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '46285ecc.qua'!
C:\Documents and Settings\Taz1917\Local Settings\Temporary Internet Files\Content.IE5\Y7H5GNDX\lsegihwln[1].txt
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '461b5f4a.qua'!
C:\Program Files\MultiMedia France Toolbar\MultiMedia - Installer.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L.8
[INFO] The file was moved to '462266b2.qua'!
C:\Program Files\Navilog1\Backupnavi\aadezogn.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461a66b3.qua'!
C:\Program Files\Navilog1\Backupnavi\aszypmrcst.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '463066c7.qua'!
C:\Program Files\Navilog1\Backupnavi\bafprba.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461c66b6.qua'!
C:\Program Files\Navilog1\Backupnavi\bbmejpipt.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462366b9.qua'!
C:\Program Files\Navilog1\Backupnavi\blbuhxbag.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461866c5.qua'!
C:\Program Files\Navilog1\Backupnavi\ctlztbajg.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462266cf.qua'!
C:\Program Files\Navilog1\Backupnavi\fhztdpzh.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '463066c5.qua'!
C:\Program Files\Navilog1\Backupnavi\fjgsls.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461d66c8.qua'!
C:\Program Files\Navilog1\Backupnavi\gcbliozkb.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461866c3.qua'!
C:\Program Files\Navilog1\Backupnavi\gtsont.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462966d6.qua'!
C:\Program Files\Navilog1\Backupnavi\ifvuwqqvs.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462c66ca.qua'!
C:\Program Files\Navilog1\Backupnavi\iuglttfpc.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461d66db.qua'!
C:\Program Files\Navilog1\Backupnavi\kasfgda.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462966c9.qua'!
C:\Program Files\Navilog1\Backupnavi\kgtmujs.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462a66d1.qua'!
C:\Program Files\Navilog1\Backupnavi\knjcelkm.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462066da.qua'!
C:\Program Files\Navilog1\Backupnavi\kvsqsgindb.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462966e5.qua'!
C:\Program Files\Navilog1\Backupnavi\nmwxur.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462d66dd.qua'!
C:\Program Files\Navilog1\Backupnavi\pbgvgrdszp.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461d66d4.qua'!
C:\Program Files\Navilog1\Backupnavi\qfgvis.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461d66da.qua'!
C:\Program Files\Navilog1\Backupnavi\qiiyniygm.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461f66df.qua'!
C:\Program Files\Navilog1\Backupnavi\sfonboqlk.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462566df.qua'!
C:\Program Files\Navilog1\Backupnavi\ublfcxsre.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462266dd.qua'!
C:\Program Files\Navilog1\Backupnavi\wqfbim.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '461c66ed.qua'!
C:\Program Files\Navilog1\Backupnavi\xwlghg.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462266f5.qua'!
C:\Program Files\Navilog1\Backupnavi\ynqnynfg.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '462766ee.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/kernInst.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was moved to '461966f8.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP253\A0024909.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e666e3.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP260\A0027259.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e666fc.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP269\A0027522.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6670d.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP299\A0028543.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66744.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP299\A0028576.exe
[DETECTION] Is the Trojan horse TR/Dldr.Adload.PR
[INFO] The file was moved to '45e66747.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP299\A0028579.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66748.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP299\A0029562.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6674a.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP299\A0029563.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6674b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0029581.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6674e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0029582.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66750.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0029583.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66751.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0029584.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '45e66753.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0029585.exe
[DETECTION] Is the Trojan horse TR/PWS.Sinowal.Gen
[INFO] The file was moved to '45e66755.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030583.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '45e66756.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030584.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '45e66758.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030586.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e6675a.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030587.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6675b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030588.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6675d.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030595.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6675f.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030596.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66761.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030597.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66762.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030598.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66764.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030599.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66765.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030600.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66767.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030601.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66769.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030602.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6676b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030603.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6676d.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030604.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6676f.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030605.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66770.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030606.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66772.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030607.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66773.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030608.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66775.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030609.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66778.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030610.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66779.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030611.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6677b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030612.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6677c.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030613.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6677e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030614.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66780.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030615.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e66782.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030616.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66783.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030617.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66785.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030618.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66787.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030619.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e66789.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030620.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e6678a.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030621.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6678c.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030622.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6678e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030623.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66790.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030624.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66791.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030625.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66793.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030626.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66795.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030627.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66796.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030628.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66798.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030629.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6679a.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030630.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6679b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030631.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6679e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030632.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667a0.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030633.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667a2.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030634.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667a4.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030635.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667a5.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030636.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667a8.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030637.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667ab.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030638.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was moved to '45e667ad.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030644.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667af.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030645.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667b0.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030649.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e667b2.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030651.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667b4.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030652.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667b5.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030653.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was moved to '45e667b7.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030654.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667b9.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030655.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667bb.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030656.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e667bd.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030657.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667be.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030658.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667c0.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030659.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667c2.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030660.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667c4.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030661.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667c5.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030662.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667c7.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030663.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667c9.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030666.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667cb.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030672.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667cd.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030673.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667ce.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030674.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667d0.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030675.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667d2.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030676.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667d3.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030677.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667d5.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030678.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667d7.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030679.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667d9.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030680.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e667da.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030681.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667dc.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030682.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667de.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030683.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667e0.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030684.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e667e1.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030685.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
[INFO] The file was moved to '45e667e3.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030686.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667e5.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030687.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667e6.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030688.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667e8.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030689.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
[INFO] The file was moved to '45e667ea.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030691.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667f0.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030693.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667f1.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030694.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667f3.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030695.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667f5.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030696.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667f7.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030697.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667f9.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030698.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667fa.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030699.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667fc.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030700.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e667fe.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030701.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66800.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030702.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66802.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030703.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66803.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030704.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66805.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030705.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66807.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030768.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was moved to '45e6680b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030774.exe
[DETECTION] Is the Trojan horse TR/Agent.dwb
[INFO] The file was moved to '45e6680c.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030801.exe:exm.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '45e6680f.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP300\A0030873.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.7
[INFO] The file was moved to '45e66813.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP301\A0030877.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '45e66816.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP301\A0030878.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '45e66817.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0030891.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '45e6681a.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0030983.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66820.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0030985.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66822.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0030990.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66824.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0030991.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66826.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0030993.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '45e66827.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0030994.dll
[DETECTION] Is the Trojan horse TR/Dldr.Agent.hnp
[INFO] The file was moved to '45e66829.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031015.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6682d.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031016.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e6682f.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031020.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66832.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031025.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e66834.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031251.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.7
[INFO] The file was moved to '45e66845.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031428.sys
[DETECTION] Contains detection pattern of the worm WORM/Ntech.AD.2
[INFO] The file was moved to '45e6684a.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031440.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6684c.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031441.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6684e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031442.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6684f.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031443.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66851.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031444.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66853.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031446.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66855.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031448.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66857.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031449.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66859.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031450.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6685b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031452.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6685d.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031453.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6685e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031454.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66860.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031456.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66862.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031457.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66864.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031458.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66866.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031459.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66868.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031460.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66869.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031461.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6686b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031462.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6686d.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031463.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6686f.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031464.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66871.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031465.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66873.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031469.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66874.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031470.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66876.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP302\A0031471.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66878.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031588.exe
[DETECTION] Contains detection pattern of the dropper DR/Shopper.L.8
[INFO] The file was moved to '45e6687e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031589.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66880.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031590.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66882.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031591.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66884.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031592.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66886.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031593.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66887.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031594.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66889.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031595.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6688b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031596.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6688c.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031597.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6688e.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031598.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66890.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031599.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66891.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031600.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66893.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031601.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66896.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031602.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e66898.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031603.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6689a.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031604.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6689b.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031605.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6689d.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031606.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e6689f.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031607.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e668a1.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031608.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e668a3.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031609.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e668a5.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031610.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e668a6.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031611.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e668a8.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031612.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e668aa.qua'!
C:\System Volume Information\_restore{1EEC1C24-B430-45E1-9117-F2900246F6B0}\RP303\A0031613.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[INFO] The file was moved to '45e668ac.qua'!
C:\WINDOWS\system32\drivers\astq.tga
[DETECTION] Is the Trojan horse TR/Rootkit.Gen
[INFO] The file was moved to '462a6b37.qua'!
Begin scan in 'F:\' <Disque local>


End of the scan: mardi 23 janvier 2007 21:06
Used time: 1:03:01 min

The scan has been done completely.

3647 Scanning directories
250867 Files were scanned
213 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
213 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
250654 Files not concerned
1032 Archives were scanned
2 Warnings
0 Notes

22 Janvier 2008 21:11:01



AntiVir PersonalEdition Classic
Report file date: mardi 23 janvier 2007 19:55

Scanning for 1063907 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: TAZ

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 18:51:26
ANTIVIR2.VDF : 7.0.2.0 948736 Bytes 15/01/2008 18:51:26
ANTIVIR3.VDF : 7.0.2.31 319488 Bytes 22/01/2008 18:51:26
AVEWIN32.DLL : 7.6.0.48 3080704 Bytes 23/01/2007 18:51:28
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 23/01/2007 18:51:29
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 23 janvier 2007 19:55

The scan of running processes will be started
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Reader_SL.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '21' files ).


Starting the file scan:

Begin scan in 'C:\' <Disque local>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ALB47DNS\sdfsdf[1].htm
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '461c5b64.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\ALB47DNS\sdfsdf[2].htm
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '461c5b68.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HUFZE6Y3\df34[1].htm
[DETECTION] Is the Trojan horse TR/Agent.18944
[INFO] The file was moved to '45e95b6c.qua'!
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\HUFZE6Y3\df34[2].htm
[DETECTION] Is the Trojan horse TR/Agent.18944
[INFO] The file was moved to '45e95b6e.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1CL5GN3G\mutex_n1_21_01_08_0[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.FKM.Gen
[INFO] The file was moved to '462a5b7f.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1CL5GN3G\sdfsdf[1].htm
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '461c5b70.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\1CL5GN3G\sdfsdf[2].htm
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '461c5b72.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N7QSY6EP\df34[1].htm
[DETECTION] Is the Trojan horse TR/Agent.18944
[INFO] The file was moved to '45e95b76.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N7QSY6EP\df34[2].htm
[DETECTION] Is the Trojan horse TR/Agent.18944
[INFO] The file was moved to '45e95b78.qua'!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\N7QSY6EP\sdfsdf[1].htm
[DETECTION] Is the Trojan horse TR/Agent.131072.D.2
[INFO] The file was moved to '461c5b77.qua'!
C:\Documents and Settings\Taz1917\Bureau\MSNFix\22012007_19453984.zip
[0] Archive type: ZIP
--> backup/akldrw.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/axuytd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ayxxye.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
--> backup/bkrlki.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/blvxcs.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/cruwfz.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/dadxmo.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/elytqu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ewmyng.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/exyzbc.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/fphgfa.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gkyfga.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/gpzufy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hixjgl.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hmvbgq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/hvbnhq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/idbvjd.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/lozsmn.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mauyzb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mmnjuv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/mrofinu1148.exe.tmp
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/napina.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/obqumn.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/oxlpvi.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/piliiv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/prvtuy.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/pxgngd.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/qddynl.exe
[DETECTION] Is the Trojan horse TR/Crypt.FSPM.Gen
--> backup/qhlfej.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/qmtyaq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/rowkyp.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/services.exe
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.46056.1
--> backup/swwcyh.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/trgqcj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/tuusio.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/ufjmhu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vonngt.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/vsizup.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wdhhdb.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/wmvbgv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/xqvggq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yccuzu.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/yqmdao.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zexdpj.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zibviq.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/zwggbv.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '45e65b7d.qua'!
C:\Documents and Settings\Taz1917\Local Settings\Temporary Internet Files\Content.IE5\0BE1944E\zgshj[1].htm
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '46295c0f.qua'!
C:\Documents and Settings\Taz1917\Local Settings\Temporary Internet Files\Content.IE5\1B7ISHLK\a8f5a020e4b833865a1034489887c8b9[1].zip
[0] Archive type: ZIP
--> b122.exe
[DETECTION] Is the Trojan horse TR/Dldr.Agent.haq.3
[INFO] The file was moved to '461c5c09.qua'!


End of the scan: mardi 23 janvier 2007 20:03
Used time: 07:42 min

The scan has been canceled!

978 Scanning directories
18442 Files were scanned
60 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
13 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
18382 Files not concerned
170 Archives were scanned
2 Warnings
0 Notes

a b 8 Sécurité
22 Janvier 2008 21:15:00

Reposte un rapport Hijackthis.
22 Janvier 2008 21:15:56

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:14:06, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taz1917\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

--
End of file - 4394 bytes
a b 8 Sécurité
22 Janvier 2008 21:46:51

Re,

Fix les lignes dans le cadre ci-dessous avec Hijackthis : AIDE EN IMAGES

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
22 Janvier 2008 21:49:38

voilà c'est fait
a b 8 Sécurité
22 Janvier 2008 21:51:37

Reposte un rapport Hijackthis :) 
22 Janvier 2008 21:52:16

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:50:28, on 23/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Taz1917\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.orange.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: BoontyBox 01net.lnk = C:\Program Files\Boonty\BoontyBox\BoontyBox.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O16 - DPF: {68C1822F-F5C7-4404-A73F-03C10E0E94DA} (telechargement-photoweb) - http://www4.photoweb.fr/telechargement/Photoweb_uploade...
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://www.extrafilm.fr/net/Import/ImageUploader3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/fl...
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe

--
End of file - 4141 bytes
a b 8 Sécurité
22 Janvier 2008 21:55:58

D'autres soucis ?
22 Janvier 2008 21:56:33

je ne peux toujours pas me connecter à msn
a b 8 Sécurité
22 Janvier 2008 22:00:12

Tu as un message d'erreur ?
22 Janvier 2008 22:07:52

non, ça y est ça marche
je te remercie beaucoup pour ton aide
Par contre, mon ordi rame beaucoup, c'est normal ?
a b 8 Sécurité
22 Janvier 2008 22:08:49

Rien à voir avec une infection.
22 Janvier 2008 22:11:25

ça me rassure
A tout hasard, pourrais-tu résoudre encore un problème ?
Je n'ai plus de sons avec MSN (ni quand je reçois un mail, ni quand on me parle ...). Ca me l'a fait avant d'avoir le virus
a b 8 Sécurité
23 Janvier 2008 13:16:27

Là, j'en sais rien.
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS