Votre question

Popups intenpestifs (pubs, centre de sécurité internet,...)

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
24 Septembre 2007 21:46:27

Bonjour à tous.
Donc voilà j'ai des fenêtres internet qui s'ouvrent toutes les minutes environ.
J'ai vu sur votre forum qu'il y avait le même probleme mais apparemment il faut que vous regardiez un rapport hijackthis.
Voici le mien :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at KnS` 21:34:33, on 24/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.campus-booster.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-paris.supinfo.com/CACHE/webvpn/stc/1/binari...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.c...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C04F8AC4-8975-4E09-9984-FE1072F7E87C}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O21 - SSODL: syshelps - {9A3E764D-2BFB-48E1-B76B-DDFACF85B4D8} - syshelps.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 12929 bytes

Je vous remercie d'avance et à bientôt!

Autres pages sur : popups intenpestifs pubs centre securite internet

24 Septembre 2007 21:48:02

bonsoir

~Télécharge. F-Secure Blacklight

https://europe.f-secure.com/exclude/blacklight/fsbl.exe


- Lance F-Secure Blacklight (fichier fsbl.exe)
- Accepte la licence, et clique enfin sur "Scan" puis Next et Exit.
- Un rapport fsbl-bxxxx.log (xx sont des chiffres) va être créé dans le même dossier que blbeta.exe
- Ouvre fsbl-bxxxx.log , fais un copier/coller dans ton prochain message.

Attention ! .
Il ne faut pas choisir l'option "Rename". de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe .
Tuto de F-Secure BlackLight : (merci à Malekal) .
http://www.malekal.com/tutorial_f-secure_BlackLight.htm...
24 Septembre 2007 22:27:55

Merci pour ta rapidité.
Voila le rapport:

09/24/07 22:13:04 [Info]: BlackLight Engine 1.0.64 initialized
09/24/07 22:13:04 [Info]: OS: 5.1 build 2600 (Service Pack 2)
09/24/07 22:13:04 [Note]: 7019 4
09/24/07 22:13:04 [Note]: 7005 0
09/24/07 22:13:10 [Note]: 7006 0
09/24/07 22:13:10 [Note]: 7011 1892
09/24/07 22:13:11 [Note]: 7026 0
09/24/07 22:13:11 [Note]: 7026 0
09/24/07 22:13:11 [Note]: 7024 3
09/24/07 22:13:11 [Info]: Hidden process: C:\windows\system32\sgfzflxlje.exe
09/24/07 22:13:16 [Note]: FSRAW library version 1.7.1022
09/24/07 22:24:20 [Info]: Hidden file: c:\WINDOWS\system32\sgfzflxlje.dat
09/24/07 22:24:20 [Note]: 10002 1
09/24/07 22:24:21 [Info]: Hidden file: C:\windows\system32\sgfzflxlje.exe
09/24/07 22:24:21 [Note]: 10002 1
09/24/07 22:24:21 [Info]: Hidden file: c:\WINDOWS\system32\sgfzflxlje_nav.dat
09/24/07 22:24:21 [Note]: 10002 1
09/24/07 22:24:22 [Info]: Hidden file: c:\WINDOWS\system32\sgfzflxlje_navps.dat
09/24/07 22:24:22 [Note]: 10002 1
09/24/07 22:25:29 [Note]: 2000 1012
09/24/07 22:25:29 [Note]: 2000 1012
09/24/07 22:25:29 [Note]: 2000 1012
09/24/07 22:26:14 [Note]: 7007 0
Contenus similaires
24 Septembre 2007 22:32:57

ok

plusieurs infections:
un reste de bagle, une infection magic control et un reste de ver MSN.

on attaque:

1

Télécharge MSNFix.zip (!aur3n7[/#f]) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).
[#ff0000]
Il est indispensable que l'outil soit executé à partir du bureau.


Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.[/#f]

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

->Tutorial de Malekal<-

2

Télécharge Navilog1.exe ([#ff0000]IL-MAFIOSO
)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

3

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.
24 Septembre 2007 22:51:56

Voila pour MSNFix :

MSNFix 1.519

C:\Documents and Settings\Pascal\Bureau\MSNFix
Fix exécuté le 24/09/2007 - 22:39:40,46 By Pascal
mode normal

************************ Recherche les fichiers présents

... C:\DOCUME~1\Pascal\LOCALS~1\Temp\*.dmp
... C:\WINDOWS\photos.zip
... C:\WINDOWS\system32\ban_list.txt
... C:\WINDOWS\system32\dllcache\winlogon.exe
... C:\WINDOWS\photos.zip

************************ MSNCHK ***** /!\ beta test /!\



************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Pascal\LOCALS~1\Temp\*.dmp
.. OK ... C:\WINDOWS\photos.zip
.. OK ... C:\WINDOWS\system32\ban_list.txt
.. OK ... C:\WINDOWS\system32\dllcache\winlogon.exe
.. OK ... C:\WINDOWS\photos.zip



************************ Nettoyage du registre



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\WINDOWS\chk_SS.scr] DE2ACEACE857C7EFA10EBACCB1121FE1
[C:\div_1_round_1.l2r.zip] 7B119ED6CFE120F1183054F13DF01E75

==> SVP merci d'envoyer le fichier C:\DOCUME~1\Pascal\Bureau\Upload_Me.zip sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 24092007_22402525.zip

Les autres rapports arrivent :p 





24 Septembre 2007 23:01:17

Voila pour Navilog1 :

Search Navipromo version 3.1.1 commencé le 24/09/2007 à 22:45:21,67

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 21.09.2007 a 18h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11


*** Recherche Programmes installes ***


InternetGameBox


*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox trouvé !


*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Pascal\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight/blacklight_help.html

Fichier(s) caché(s) :

C:\WINDOWS\system32\sgfzflxlje.dat
C:\WINDOWS\system32\sgfzflxlje.exe
C:\WINDOWS\system32\sgfzflxlje_nav.dat
C:\WINDOWS\system32\sgfzflxlje_navps.dat

Processus caché(s) :

C:\WINDOWS\system32\sgfzflxlje.exe


*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

* Scan C:\Documents and Settings\Pascal\local settings\application data *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\sgfzflxlje.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse Terminé le 24/09/2007 à 23:00:06,20 ***
24 Septembre 2007 23:03:27

Voila pour clean :

24/09/2007 a 23:02:24,39

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\exefld\ FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\kernel???.exe FOUND
C:\WINDOWS\system32\kernel??.exe FOUND
C:\WINDOWS\system32\kernel?.exe FOUND
C:\WINDOWS\system32\wintems.exe FOUND
"C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND

*** Recherche des fichiers dans C:\Program Files
"C:\Program Files\Adverts\" FOUND
"C:\Program Files\Everest Poker\" FOUND
"C:\Program Files\InternetGameBox\" FOUND
"C:\Program Files\vmntoolbar\" FOUND
*** Fin du rapport !
25 Septembre 2007 12:44:27

bonjour

1

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)

2

Télécharge et double-clique sur : http://www.malekal.com/download/SafeBoot.reg




3

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
[#ff0e00]surtout pas d'autre méthode que f8, si ça ne marche pas tu ne le fais pas, on résoudras le problème.
[/b][/b]

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

~Redémarre normalement
Poste le rapport clean qui se trouve en C:\rapport_clean.txt


25 Septembre 2007 13:56:49

Bonjour

Voila le rapport pour Navilog1 :

Clean Navipromo version 3.1.1 commencé le 25/09/2007 à 13:48:25,84

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 21.09.2007 a 18h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11

Mode suppression automatique


*** Creation backups fichiers trouvés par Blacklight ***

Copie vers "C:\Program Files\navilog1\Backupnavi"


*** Suppression des fichiers trouvés avec Blacklight ***

C:\WINDOWS\system32\sgfzflxlje.dat supprimé !
C:\WINDOWS\system32\sgfzflxlje.exe supprimé !
C:\WINDOWS\system32\sgfzflxlje_nav.dat supprimé !
C:\WINDOWS\system32\sgfzflxlje_navps.dat supprimé !

** 2ème passage **

C:\WINDOWS\prefetch\sgfzflxlje*.pf trouvé !
Copie C:\WINDOWS\prefetch\sgfzflxlje*.pf réalise avec succes !
C:\WINDOWS\prefetch\sgfzflxlje*.pf supprimé !

*** Suppression avec Backups résultats GenericNaviSearch ***

* Scan C:\WINDOWS\system32 *


* Scan C:\Documents and Settings\Pascal\local settings\application data *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox ...suppression...
C:\Program Files\InternetGameBox supprimé !


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Pascal\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !
C:\WINDOWS\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Pascal\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :


*** Sauvegarde du registre vers dossier Backupnavi ***

sauvegarde du registre réalise avec succes !

*** Nettoyage registre ***

Nettoyage registre Ok


*** Certificats ***

Certificat Egroup supprimé !



*** Nettoyage termine le 25/09/2007 à 13:53:44,98 ***
25 Septembre 2007 17:01:12

oui
le virus bagle a la méchante habitude d'endommager le mode sans echec, je préfère réparer. (c'est plus prudent)
25 Septembre 2007 18:29:04

Voila le rapport clean :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 25/09/2007 a 18:15:20,76

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\exefld\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\kernel???.exe
tentative de suppression de C:\WINDOWS\system32\wintems.exe
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Adverts\"
tentative de suppression de "C:\Program Files\Everest Poker\"
tentative de suppression de "C:\Program Files\vmntoolbar\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
25 Septembre 2007 22:34:48

bonsoir

reposte un log hijackthis stp.

et fais l'upload demandé dans le rapport MSNFix:
==> SVP merci d'envoyer le fichier C:\DOCUME~1\Pascal\Bureau\Upload_Me.zip sur http://upload.changelog.fr
26 Septembre 2007 11:08:18

Bonjour,
je refais un rapport hijackthis?
Upload_me a été envoyé sur le site comme demandé.
26 Septembre 2007 21:29:32

bonsoir

Citation :
je refais un rapport hijackthis?


oui :) 
26 Septembre 2007 21:46:45

Bonsoir, Voila voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at KnS` 21:45:31, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.campus-booster.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-paris.supinfo.com/CACHE/webvpn/stc/1/binari...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.c...
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
O17 - HKLM\System\CCS\Services\Tcpip\..\{C04F8AC4-8975-4E09-9984-FE1072F7E87C}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 12759 bytes
26 Septembre 2007 21:56:05

re

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe


Clique sur Fix checked (en bas à gauche)

~Télécharge AVG anti-spyware.
http://www.ewido.net/en/download/
~Mets le à jour.

~Télécharge CCleaner:

http://www.filehippo.com/download_ccleaner/

~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"


1

Redémarre en mode sans échec. (f8 au démarrage)

2


~Lance CCleaner:

Clique sur le bouton chercher les erreurs, tu fais « réparer les erreurs »
Clique sur le bouton nettoyage, tu fais « lancer le nettoyage ».


3

~Lance AVG anti-spyware.

~Dans l’onglet analyse, dans Paramètre, clique sur Actions recommandées : choisis Quarantaine.

~Clique sur Analyse puis Analyse complète du système pour commencer le scan.

~Une fois que le scan est terminé, clique sur Appliquer toutes les actions, pour supprimer tous les fichiers infectés trouvés par AVG Anti-Spyware.

~Une fois que la suppression des fichiers infectés a été faite, clique sur enregistrer le rapport et sauvegarde-le sur le bureau.
~Redémarre normalement

4


~Copie/Colle le rapport AVG anti-spyware.

+++++++++++++++++++++++++++++++++
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html

TutoAVG antispyware : (merci à Malekal) .
http://www.malekal.com/tutorial_AVG_AntiSpyware.html



27 Septembre 2007 10:52:02

Bonjour, je t'envoie le rapport :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: KnS` 01:49:16 27/09/2007

+ Résultat de l'analyse:



:mozilla.77:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.148:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.149:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.43:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.44:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.45:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.80:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.81:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.100:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.124:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.76:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.123:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.118:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.119:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.120:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.121:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.79:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.125:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.75:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.67:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.68:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.155:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.156:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.143:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.109:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.20:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.21:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.150:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.151:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.61:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.62:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.122:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.132:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.133:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.71:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.72:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport
27 Septembre 2007 16:56:16

bonjour

dernière vérification

Kaspersky
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/

~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

~Sélectionne le poste de travail comme analyse.

~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.

Aide
27 Septembre 2007 20:38:43

J'ai eu un petit problème à la fin de l'analyse.



Le rapport de fin ne s'est pas affiché...J'ai fais un sreen pour te faire voir.
27 Septembre 2007 22:03:44

bonsoir

tu aurais dû accepter le contrôle activeX (comme le montre le screen)

++++++++++++

Voilà ce qu'on va faire, tu vas remplacer Avast! par Antivir, qui lui est un vrai antivirus, tu vas faire un scan avec (en mode sans echec) et poster le rapport. :) 


Désinstalle correctement Avast!


Pour le remplacer par Antivir.

-->Tuto<--


Pourquoi changer ? : Avast! vs Antivir
27 Septembre 2007 22:27:25

bonsoir,
J'ai lu sur des forums "avast vs antivir" qu' antivir serait le mieux. Tu me conseilles vraiment de changer? personnellement tu possèdes lequel?(sans etre indiscret).
28 Septembre 2007 12:52:14

bonjour

pas de comparaison possible.

tu as vu les detections du scan en ligne, tu as vu tes infections: MSN, magic control, toutes liées à des clics un peu trop rapide de ta part.
antivir te protégera plus correctement.
de toute façon, il faut finir le nettoyage, donc tu fais ce que je te dis, tu testes antivir quelques jours et si ça ne te convient pas, tu reviens à avast. (j'en doute ;)  )
28 Septembre 2007 13:39:14

Bonjour,
Antivir a detecté, je crois, 95virus O_O
Voici le rapport :



AntiVir PersonalEdition Classic
Report file date: vendredi 28 septembre 2007 11:15

Scanning for 857616 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: *****
Computer name: *****

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:00:08
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 09:00:10
ANTIVIR2.VDF : 7.0.0.4 174592 Bytes 24/09/2007 09:00:10
ANTIVIR3.VDF : 7.0.0.29 140800 Bytes 28/09/2007 09:00:10
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 28/09/2007 09:00:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: vendredi 28 septembre 2007 11:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'L:\'
[NOTE] In the drive 'L:\' no data medium is inserted!

Starting to scan the registry.
C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.NU Backdoor server programs
[INFO] The file was moved to '476fc6b3.qua'!
C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.NU Backdoor server programs

The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\041E3B4B.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472dc71b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04843153.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c722.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06827F79.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c72b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08DF10F8.dll
[DETECTION] Contains detection pattern of the SPR/Moo.A.1 program
[INFO] A backup was created as '4740c736.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161C1392.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472dc73a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CD70B67.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4740c74c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26CF6F47.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473fc744.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2735654F.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472fc74b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2801515E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472cc752.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30993206.dll
[DETECTION] Is the Trojan horse TR/Suggestor.N
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30993206.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\309C5C03.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3379463D.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c76d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33B01000.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473ec772.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F6518A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c77d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36DA3C84.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4740c782.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36E43A7A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4741c788.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36E76476.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4741c78f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37292C2E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec796.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\372C562B.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec79c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376A73E6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c7a4.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376D1DE3.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c7a9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F6014C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c7af.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\384146F9.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4730c7b5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\384570F5.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4730c7b9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\388638AE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c7bf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38960A9C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c7c9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389A3498.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c7cf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38A00891.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc7d8.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38AA0686.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38F54C33.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c7e2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3909481E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472cc7e7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39124613.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472dc7ed.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392D15F6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec7f2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39303FF3.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472fc7f6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\394011E1.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4730c7fb.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\395163CF.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c7ff.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39540DCB.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c803.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\395737C8.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c809.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\395E0BC0.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c80f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396709B6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c81f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396E5DAE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c823.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397431A7.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c827.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397B05A0.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c82c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397E2F9C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c835.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39815999.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c839.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\399C297C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c843.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\399F5379.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f1d0cc.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39A27D75.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc844.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39AF2567.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f9d0cd.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39B24F63.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473ec845.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A7F2EFD.dll
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.23016
[INFO] A backup was created as '4733c84d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A9C28DD.dll
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.23016
[INFO] A backup was created as '4735c84e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BDC2B53.exe
[DETECTION] Is the Trojan horse TR/Zlob.65536.3
[INFO] A backup was created as '4740c84f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\582553C3.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '472ec846.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\583525B1.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '472fc846.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58384FAD.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '472fc847.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58971145.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '4735c847.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\589A3B41.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '4735c848.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58A10F3A.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '473dc848.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C974D46.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c854.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CFD434E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c855.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F03C5F.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.aci.122 Backdoor server programs
[INFO] A backup was created as '4742c845.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\797C1EEE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c84c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\798372E6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c84c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79AA6ABB.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc84d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79AD14B8.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f9d0c6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79D50C8D.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4740c84e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A02585A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472cc856.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A2A502F.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec857.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A514804.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c858.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A547200.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f5d0d1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A5B45F9.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c859.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A5E6FF6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f5d0d2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A823DCE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c85a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A8811C7.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c85b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A920FBC.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9539B9.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9963B5.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f1d0d5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9C0DB1.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9F37AE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AA261AA.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc85e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AA60BA7.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc85f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AA935A3.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc860.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AAC5F9F.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc861.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AAF099C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc862.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ABC318D.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473ec863.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC05B8A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473fc863.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC30586.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473fc864.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ACD037B.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46fbd0ed.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E7C4F94.exe
[DETECTION] Contains detection pattern of the SPR/HideWindow.A.29 program
[INFO] A backup was created as '4733c869.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\Pascal\Bureau\anti-virus\clean.zip
[0] Archive type: ZIP
--> clean/pskill.exe
[DETECTION] Contains detection pattern of the SPR/Tool.PsKill.2 program
[INFO] A backup was created as '4761ca72.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\Pascal\Bureau\anti-virus\clean\pskill.exe
[DETECTION] Contains detection pattern of the SPR/Tool.PsKill.2 program
[INFO] A backup was created as '4767ca7e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\navilog1.bat
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4772d855.qua'!
C:\Program Files\Navilog1\reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] A backup was created as '475ed859.qua' ( QUARANTINE )
[INFO] The file was deleted!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\' <HP_RECOVERY>
Begin scan in 'I:\' <040327_1318>
Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'K:\'
Search path K:\ could not be opened!
Le volume ne contient pas de système de fichiers connu. Vérifiez si tous les pilotes de système
de fichiers nécessaires sont chargés et si le volume n'est pas endommagé.

Begin scan in 'L:\'
Search path L:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: vendredi 28 septembre 2007 13:20
Used time: 2:04:45 min

The scan has been done completely.

7253 Scanning directories
326011 Files were scanned
95 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
94 files were deleted
0 files were repaired
92 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
325916 Files not concerned
7260 Archives were scanned
1 Warnings
0 Notes
28 Septembre 2007 16:40:55

re

je voudrais vérifier quelque chose:

1

Rends toi sur ce lien : Virus Total
  • Clique sur Parcourir
  • Rends toi jusque sur ce fichier si tu le trouves :

    C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe

    le nom du fichier n'est pas normal, cherche quand même et dis moi ce que tu trouves



  • Clique sur Envoyer le fichier et laisse travailler tant que "Situation actuelle : en cours d'analyse" est affiché.
  • Il est possible que le fichier soit mis en file d'attente en raison d'un grand nombre de demandes d'analyses. En ce cas, il te faudra patienter sans actualiser la page.
  • Lorsque l'analyse est terminée ("Situation actuelle: terminé"), clique sur Formaté
  • Une nouvelle fenêtre de ton navigateur va apparaître
  • Clique alors sur cette image :
  • Fais un clic droit sur la page, et choisis Sélectionner tout, puis copier
  • Enfin colle le résultat dans ta prochaine réponse.
    Note : Peu importe le résultat, il est important de me communiquer le résultat de toute l'analyse.
    Il est possible que tes outils de sécurité réagissent à l'envoi du fichier, en ce cas il te faudra ignorer les alertes.


    2

    ~Télécharge. F-Secure Blacklight

    https://europe.f-secure.com/exclude/blacklight/fsbl.exe


    - Lance F-Secure Blacklight (fichier fsbl.exe)
    - Accepte la licence, et clique enfin sur "Scan" puis Next et Exit.
    - Un rapport fsbl-bxxxx.log (xx sont des chiffres) va être créé dans le même dossier que blbeta.exe
    - Ouvre fsbl-bxxxx.log , fais un copier/coller dans ton prochain message.

    Attention ! .
    Il ne faut pas choisir l'option "Rename". de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe .
    Tuto de F-Secure BlackLight : (merci à Malekal) .
    http://www.malekal.com/tutorial_f-secure_BlackLight.htm...

    3

    poste un nouveau log hijackthis
    28 Septembre 2007 17:45:28

    re :

    Fichier GestMAJ.exe reçu le 2007.09.28 17:37:21 (CET)Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.9.28.1 2007.09.28 -
    AntiVir 7.6.0.18 2007.09.28 -
    Authentium 4.93.8 2007.09.28 -
    Avast 4.7.1043.0 2007.09.28 -
    AVG 7.5.0.488 2007.09.27 -
    BitDefender 7.2 2007.09.28 -
    CAT-QuickHeal 9.00 2007.09.28 -
    ClamAV 0.91.2 2007.09.28 -
    DrWeb 4.33 2007.09.28 -
    eSafe 7.0.15.0 2007.09.23 -
    eTrust-Vet 31.2.5169 2007.09.27 -
    Ewido 4.0 2007.09.28 -
    FileAdvisor 1 2007.09.28 -
    Fortinet 3.11.0.0 2007.09.28 -
    F-Prot 4.3.2.48 2007.09.27 -
    F-Secure 6.70.13030.0 2007.09.28 -
    Ikarus T3.1.1.12 2007.09.28 -
    Kaspersky 7.0.0.125 2007.09.28 -
    McAfee 5129 2007.09.27 -
    Microsoft 1.2803 2007.09.28 -
    NOD32v2 2558 2007.09.28 -
    Norman 5.80.02 2007.09.28 -
    Panda 9.0.0.4 2007.09.28 -
    Prevx1 V2 2007.09.28 -
    Rising 19.42.42.00 2007.09.28 -
    Sophos 4.21.0 2007.09.28 -
    Sunbelt 2.2.907.0 2007.09.28 -
    Symantec 10 2007.09.28 -
    TheHacker 6.2.6.073 2007.09.28 -
    VBA32 3.12.2.4 2007.09.27 -
    VirusBuster 4.3.26:9 2007.09.27 -
    Webwasher-Gateway 6.0.1 2007.09.28 -

    Information additionnelle
    File size: 24576 bytes
    MD5: 8b535d342c5400fa7b8d0a4f2ff2e510
    SHA1: 99b12a7d3ed887321dc86c3cf016dc2fd9c2ac09

    Antivirus Version Dernière mise à jour Résultat
    AhnLab-V3 2007.9.28.1 2007.09.28 -
    AntiVir 7.6.0.18 2007.09.28 -
    Authentium 4.93.8 2007.09.28 -
    Avast 4.7.1043.0 2007.09.28 -
    AVG 7.5.0.488 2007.09.27 -
    BitDefender 7.2 2007.09.28 -
    CAT-QuickHeal 9.00 2007.09.28 -
    ClamAV 0.91.2 2007.09.28 -
    DrWeb 4.33 2007.09.28 -
    eSafe 7.0.15.0 2007.09.23 -
    eTrust-Vet 31.2.5169 2007.09.27 -
    Ewido 4.0 2007.09.28 -
    FileAdvisor 1 2007.09.28 -
    Fortinet 3.11.0.0 2007.09.28 -
    F-Prot 4.3.2.48 2007.09.27 -
    F-Secure 6.70.13030.0 2007.09.28 -
    Ikarus T3.1.1.12 2007.09.28 -
    Kaspersky 7.0.0.125 2007.09.28 -
    McAfee 5129 2007.09.27 -
    Microsoft 1.2803 2007.09.28 -
    NOD32v2 2558 2007.09.28 -
    Norman 5.80.02 2007.09.28 -
    Panda 9.0.0.4 2007.09.28 -
    Prevx1 V2 2007.09.28 -
    Rising 19.42.42.00 2007.09.28 -
    Sophos 4.21.0 2007.09.28 -
    Sunbelt 2.2.907.0 2007.09.28 -
    Symantec 10 2007.09.28 -
    TheHacker 6.2.6.073 2007.09.28 -
    VBA32 3.12.2.4 2007.09.27 -
    VirusBuster 4.3.26:9 2007.09.27 -
    Webwasher-Gateway 6.0.1 2007.09.28 -

    Information additionnelle
    File size: 24576 bytes
    MD5: 8b535d342c5400fa7b8d0a4f2ff2e510
    SHA1: 99b12a7d3ed887321dc86c3cf016dc2fd9c2ac09
    28 Septembre 2007 17:58:19

    09/28/07 17:43:44 [Info]: BlackLight Engine 1.0.64 initialized
    09/28/07 17:43:44 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    09/28/07 17:43:44 [Note]: 7019 4
    09/28/07 17:43:44 [Note]: 7005 0
    09/28/07 17:43:58 [Note]: 7006 0
    09/28/07 17:43:58 [Note]: 7011 1480
    09/28/07 17:43:59 [Note]: 7026 0
    09/28/07 17:43:59 [Note]: 7026 0
    09/28/07 17:44:04 [Note]: FSRAW library version 1.7.1022
    09/28/07 17:56:45 [Note]: 2000 1012
    09/28/07 17:56:45 [Note]: 2000 1012
    09/28/07 17:56:45 [Note]: 2000 1012
    09/28/07 17:57:02 [Note]: 7007 0
    28 Septembre 2007 18:22:43

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at KnS` 18:22:06, on 28/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\MESSAG~1\StartMessager.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\PROGRA~1\Wanadoo\CnxMon.exe
    C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Razer\Copperhead\razerhid.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\System32\FTRTSVC.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Program Files\Razer\Copperhead\razerofa.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
    C:\PROGRA~1\Wanadoo\ComComp.exe
    C:\PROGRA~1\Wanadoo\Watch.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
    O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
    O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
    O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O4 - Global Startup: Picture Package Menu.lnk = ?
    O4 - Global Startup: Picture Package VCD Maker.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
    O15 - Trusted Zone: http://www.campus-booster.net
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267....
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
    O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-paris.supinfo.com/CACHE/webvpn/stc/1/binari...
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.3.102.c...
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld...
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClie...
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.ca...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPACl...
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab569...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C04F8AC4-8975-4E09-9984-FE1072F7E87C}: NameServer = 80.10.246.1 80.10.246.132
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
    O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

    --
    End of file - 12726 bytes
    28 Septembre 2007 20:44:53

    bien

    refais un scan chez kaspersky et poste le rapport cette fois ;) 

    (accepte le contôle ActiveX)
    28 Septembre 2007 22:31:58

    je le ferai demain, vu que l'analyse met 2h...
    J'ai une question a te poser:
    avec antivir, quand je detectais un virus, je faisais delete+back up to quarantaine. Ai-je bien fais?
    28 Septembre 2007 22:48:32

    oui :) 
    29 Septembre 2007 12:45:45

    Bonjour,
    Antivir me détecte un virus : WORM/Brntok.A.4.B
    Quand je fais "supprimer" une autre alerte se relance avec le meme virus. Que dois-je faire?(encore une fois :p )
    29 Septembre 2007 13:43:48

    Voila le rapport Kaspersky :

    -------------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Saturday, September 29, 2007 1:42:36 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 29/09/2007
    Enregistrements dans la base antivirus Kaspersky : 399214
    -------------------------------------------------------------------------------

    Paramètres d'analyse:
    Analyser avec la base antivirus suivante: standard
    Analyser les archives: vrai
    Analyser les bases de messagerie: vrai

    Cible de l'analyse - Poste de travail:
    A:\
    C:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\
    K:\
    L:\

    Statistiques de l'analyse:
    Total d'objets analysés: 114615
    Nombre de virus trouvés: 5
    Nombre d'objets infectés: 11 / 0
    Nombre d'objets suspects: 0
    Durée de l'analyse: 03:05:39

    Nom de l'objet infecté / Nom du virus / Dernière action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\086F18DE.htm Infecté : Exploit.HTML.IframeBof ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0A7C009B.htm Infecté : Exploit.HTML.IframeBof ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AB804A6.htm Infecté : Exploit.VBS.Phel.a ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3AC2029C.htm Infecté : Exploit.VBS.Phel.a ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B45120C.htm Infecté : Exploit.VBS.Phel.a ignoré
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6AF35369 Infecté : Exploit.Java.Gimsh.a ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Local Settings\Historique\History.IE5\MSHist012007092920070930\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\Mes documents\Downloads\PacSteam-Setup 22-08-2006.rar/PacSteam-Setup 22-08-2006/PacSteam 22-08-2006.exe/data0000.cab/server.exe Infecté : Trojan.Win32.Small.js ignoré
    C:\Documents and Settings\Pascal\Mes documents\Downloads\PacSteam-Setup 22-08-2006.rar/PacSteam-Setup 22-08-2006/PacSteam 22-08-2006.exe/data0000.cab Infecté : Trojan.Win32.Small.js ignoré
    C:\Documents and Settings\Pascal\Mes documents\Downloads\PacSteam-Setup 22-08-2006.rar/PacSteam-Setup 22-08-2006/PacSteam 22-08-2006.exe Infecté : Trojan.Win32.Small.js ignoré
    C:\Documents and Settings\Pascal\Mes documents\Downloads\PacSteam-Setup 22-08-2006.rar RAR: infecté - 3 ignoré
    C:\Documents and Settings\Pascal\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\Pascal\NTUSER.DAT.LOG L'objet est verrouillé ignoré
    C:\Program Files\Teamspeak2_RC2\TSClient.log L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{8395CBEE-2E60-4CD0-BD3A-7CD95B11A016}\RP546\A0185970.exe L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{8395CBEE-2E60-4CD0-BD3A-7CD95B11A016}\RP546\A0185972.exe Infecté : Email-Worm.Win32.Brontok.q ignoré
    C:\System Volume Information\_restore{8395CBEE-2E60-4CD0-BD3A-7CD95B11A016}\RP546\A0186026.bat L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{8395CBEE-2E60-4CD0-BD3A-7CD95B11A016}\RP546\A0186027.exe L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{8395CBEE-2E60-4CD0-BD3A-7CD95B11A016}\RP546\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\VPN.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré

    Analyse terminée.
    a b 8 Sécurité
    29 Septembre 2007 19:37:20

    Bonjour,

    Fais le ménage dans ce dossier :
    C:\Documents and Settings\Pascal\Mes documents\Downloads\
    29 Septembre 2007 21:07:41

    re,
    ok ok, mais j'ai un fichier qui fait 4,36Go qui se nomme pld-low.
    Je voulais l'enlever mais c'est un fichier .IMG et il n'est pas complet. Je ne sais pas d'où il est arrivé. Si tu connais se nom fait moi signe sinon je le supprimerai.
    29 Septembre 2007 22:18:35

    bonsoir

    on ne peut pas savoir ce que tu télécharges comme ######...

    supprime et lis ceci:
    cracks/P2P

    supprime aussi:
    C:\Documents and Settings\All Users\Application Data\Symantec
    puisque tu as antivir maintenant
    +++++++++

    je reviens sur quelque chose:
    Citation :
    Antivir me détecte un virus : WORM/Brntok.A.4.B
    Quand je fais "supprimer" une autre alerte se relance avec le meme virus. Que dois-je faire?(encore une fois :p )

    quel est l'emplacement de la detection?
    30 Septembre 2007 11:17:44

    Bonjour,
    Accès refusé pour la tentative de suppression du fichier....

    Pour se qui est du WORM/Brontok :
    C:\System Volum Information\_restore{8395CBEE-2E60-4CD0-BD3A-7CD95B11A016}\RP546\A0185961.exe
    a b 8 Sécurité
    30 Septembre 2007 14:27:26

    Désactive puis réactive la restauration du système ;) 
    30 Septembre 2007 20:23:18

    Cette manipulaton est faite pour?
    a b 8 Sécurité
    30 Septembre 2007 20:26:20

    Citation :
    Pour se qui est du WORM/Brontok :
    C:\System Volum Information\_restore{8395CBEE-2E60-4CD0-BD3A-7CD95B11A016}\RP546\A0185961.exe

    ;) 
    30 Septembre 2007 20:28:51

    Aah :p  ok ok c'est fait :p 
    Je pensais que c'etait pour supprimer le gros fichier
    a b 8 Sécurité
    30 Septembre 2007 20:31:49

    Nop :) 
    30 Septembre 2007 20:33:38

    Et tu n'as pas de solution pour la suppression de se fichier?
    Car 4,36go c'est pas négligeable..
    Et pour les virus? sayé je suis propre? :p 
    30 Septembre 2007 22:43:20

    bonsoir

    Citation :
    Et tu n'as pas de solution pour la suppression de se fichier?
    Car 4,36go c'est pas négligeable..


    je reprends ton message:
    Citation :
    ok ok, mais j'ai un fichier qui fait 4,36Go qui se nomme pld-low.
    Je voulais l'enlever mais c'est un fichier .IMG et il n'est pas complet. Je ne sais pas d'où il est arrivé. Si tu connais se nom fait moi signe sinon je le supprimerai.


    c'est toi qui sait ce qu'il y a dedans. pas nous. puisque c'est un download. je penche pour un dl de jeu cracké, mais bon...

    Citation :
    Et pour les virus? sayé je suis propre? :

    oui


    1 Octobre 2007 10:51:43

    bonjour
    Bah non sérieusement je n'ai jamais téléchargé de jeux ni de divx...c'est pour ça que je me demande bien pourquoi il est là...et de plus si c'était un jeu de 4.36go ça serait un jeu de console très performante style xbox...

    En tout cas merci beaucoup pour les virus!
    1 Octobre 2007 18:48:34

    bonsoir

    tu nous donnes le nom exact du fichier?
    avec l'emplacement et son extension.
    1 Octobre 2007 19:50:59

    bonsoir,
    Hmm..le nom du fichier est pld-low, fichier IMG, dans C:\Documents and Settings\Pascal\Mes documents\Downloads
    J'avais essayé de l'ouvrir avec isobuster mais pas moyen de l'ouvrir...le fichier est incomplet...
    1 Octobre 2007 21:04:22

    supprime le en mode sans echec
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS