Popups intenpestifs (pubs, centre de sécurité internet,...)

bonsoir

~Télécharge. F-Secure Blacklight

https://europe.f-secure.com/exclude/blacklight/fsbl.exe


- Lance F-Secure Blacklight (fichier fsbl.exe)
- Accepte la licence, et clique enfin sur "Scan" puis Next et Exit.
- Un rapport fsbl-bxxxx.log (xx sont des chiffres) va être créé dans le même dossier que blbeta.exe
- Ouvre fsbl-bxxxx.log , fais un copier/coller dans ton prochain message.

Attention ! .
Il ne faut pas choisir l'option "Rename". de suite : nous devons analyser le rapport, car des fichiers légitimes peuvent être présents, tel wbemtest.exe .
Tuto de F-Secure BlackLight : (merci à Malekal) .
http://www.malekal.com/tutorial_f- [...] Light.html

ok

plusieurs infections:
un reste de bagle, une infection magic control et un reste de ver MSN.

on attaque:

1

Télécharge MSNFix.zip (!aur3n7) sur ton Bureau.
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout).

Il est indispensable que l'outil soit executé à partir du bureau.

Ouvre le dossier MSNFix puis double-clique sur MSNFix.bat.
- Exécute l'option R.
-- Si l'infection est détectée, presse une touche pour lancer le nettoyage.

Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations.
Dans ce cas il suffit de redémarrer l'ordinateur manuellement.

Poste le rapport situé dans le dossier MSNFix.
Le nom du rapport correspond au moment de sa création : date_heure.log

->Tutorial de Malekal<-

2

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
! N'utilise pas l'option 2, 3 et 4 sans notre accord !
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse

NOTE : Le rapport se trouve également ici : C:\fixnavi.txt

3

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.

Voila pour Navilog1 :

Search Navipromo version 3.1.1 commencé le 24/09/2007 à 22:45:21,67

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files\navilog1
Mise a jour le 21.09.2007 a 18h00 by IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.11


*** Recherche Programmes installes ***


InternetGameBox


*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\InternetGameBox trouvé !


*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Pascal\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
http://www.f-secure.com/blacklight [...] _help.html

Fichier(s) caché(s) :

C:\WINDOWS\system32\sgfzflxlje.dat
C:\WINDOWS\system32\sgfzflxlje.exe
C:\WINDOWS\system32\sgfzflxlje_nav.dat
C:\WINDOWS\system32\sgfzflxlje_navps.dat

Processus caché(s) :

C:\WINDOWS\system32\sgfzflxlje.exe


*** Recherche avec GenericNaviSearch ***
!!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
!!! A verifier impérativement avant toute suppression manuelle !!!

* Scan C:\WINDOWS\system32 *

* Scan C:\Documents and Settings\Pascal\local settings\application data *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !
C:\WINDOWS\system32\nvs2.inf trouvé !


*** Recherche cles registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\sgfzflxlje.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse Terminé le 24/09/2007 à 23:00:06,20 ***

bonjour

1

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le [/b]manuellement[/b])

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)

2

Télécharge et double-clique sur : http://www.malekal.com/download/SafeBoot.reg




3

~Redémarre l'ordinateur en mode sans échec (F8 au démarrage de l'ordinateur)
surtout pas d'autre méthode que f8, si ça ne marche pas tu ne le fais pas, on résoudras le problème.

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

~Redémarre normalement
Poste le rapport clean qui se trouve en C:\rapport_clean.txt

Pour l'option numéro °2

il me demande de rajouter des options au registre? Dois-je le faire?

Voila le rapport clean :

Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 25/09/2007 a 18:15:20,76

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\exefld\

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\kernel???.exe
tentative de suppression de C:\WINDOWS\system32\wintems.exe
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\Adverts\"
tentative de suppression de "C:\Program Files\Everest Poker\"
tentative de suppression de "C:\Program Files\vmntoolbar\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !

Bonjour,
je refais un rapport hijackthis?
Upload_me a été envoyé sur le site comme demandé.

Bonsoir, Voila voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at KnS` 21:45:31, on 26/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL (file missing)
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\GestMaj.exe EspaceWanadoo.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.campus-booster.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-paris.supinfo.com/CACHE [...] stcweb.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ [...] .3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C04F8AC4-8975-4E09-9984-FE1072F7E87C}: NameServer = 80.10.246.130 80.10.246.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe

--
End of file - 12759 bytes

Bonjour, je t'envoie le rapport :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: KnS` 01:49:16 27/09/2007

+ Résultat de l'analyse:



:mozilla.77:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.2o7 : Nettoyé.
:mozilla.148:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.149:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adbrite : Nettoyé.
:mozilla.43:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.44:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.45:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adjuggler : Nettoyé.
:mozilla.80:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.81:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Adtech : Nettoyé.
:mozilla.100:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Advertising : Nettoyé.
:mozilla.124:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Atdmt : Nettoyé.
:mozilla.76:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Bluestreak : Nettoyé.
:mozilla.123:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Casalemedia : Nettoyé.
:mozilla.118:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.119:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.120:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.121:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Clickzs : Nettoyé.
:mozilla.79:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Doubleclick : Nettoyé.
:mozilla.125:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Estat : Nettoyé.
:mozilla.75:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Fastclick : Nettoyé.
:mozilla.67:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.68:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Hitbox : Nettoyé.
:mozilla.155:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.156:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Imrworldwide : Nettoyé.
:mozilla.143:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Masterstats : Nettoyé.
:mozilla.109:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Mediaplex : Nettoyé.
:mozilla.20:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.21:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.22:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Smartadserver : Nettoyé.
:mozilla.150:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.151:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Statcounter : Nettoyé.
:mozilla.61:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.62:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Tradedoubler : Nettoyé.
:mozilla.122:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Tribalfusion : Nettoyé.
:mozilla.132:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.133:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Weborama : Nettoyé.
:mozilla.71:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.
:mozilla.72:C:\Documents and Settings\Pascal\Application Data\Mozilla\Firefox\Profiles\dp9x4ywk.default\cookies-1.txt -> TrackingCookie.Yieldmanager : Nettoyé.


Fin du rapport

J'ai eu un petit problème à la fin de l'analyse.



Le rapport de fin ne s'est pas affiché...J'ai fais un sreen pour te faire voir.

bonsoir,
J'ai lu sur des forums "avast vs antivir" qu' antivir serait le mieux. Tu me conseilles vraiment de changer? personnellement tu possèdes lequel?(sans etre indiscret).

Bonjour,
Antivir a detecté, je crois, 95virus O_O
Voici le rapport :



AntiVir PersonalEdition Classic
Report file date: vendredi 28 septembre 2007 11:15

Scanning for 857616 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: *****
Computer name: *****

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 09:00:08
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 09:00:10
ANTIVIR2.VDF : 7.0.0.4 174592 Bytes 24/09/2007 09:00:10
ANTIVIR3.VDF : 7.0.0.29 140800 Bytes 28/09/2007 09:00:10
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 28/09/2007 09:00:10
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 07:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Manual Selection
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\folder.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: L:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: medium
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,

Start of the scan: vendredi 28 septembre 2007 11:15

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
12 processes with 12 modules were scanned

Start scanning boot sectors:
Boot sector 'A:\'
[NOTE] In the drive 'A:\' no data medium is inserted!
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] In the drive 'E:\' no data medium is inserted!
Boot sector 'F:\'
[NOTE] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[NOTE] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[NOTE] No virus was found!
Boot sector 'L:\'
[NOTE] In the drive 'L:\' no data medium is inserted!

Starting to scan the registry.
C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.NU Backdoor server programs
[INFO] The file was moved to '476fc6b3.qua'!
C:\Program Files\Wanadoo\GestMaj.exe EspaceWanadoo.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.NU Backdoor server programs

The registry was scanned ( '56' files ).


Starting the file scan:

Begin scan in 'A:\'
Search path A:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\041E3B4B.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472dc71b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04843153.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c722.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06827F79.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c72b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08DF10F8.dll
[DETECTION] Contains detection pattern of the SPR/Moo.A.1 program
[INFO] A backup was created as '4740c736.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\161C1392.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472dc73a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CD70B67.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4740c74c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26CF6F47.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473fc744.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2735654F.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472fc74b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2801515E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472cc752.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30993206.dll
[DETECTION] Is the Trojan horse TR/Suggestor.N
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30993206.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\309C5C03.exe
[DETECTION] Is the Trojan horse TR/Dialer.eg.7
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3379463D.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c76d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33B01000.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473ec772.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35F6518A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c77d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36DA3C84.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4740c782.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36E43A7A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4741c788.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36E76476.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4741c78f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37292C2E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec796.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\372C562B.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec79c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376A73E6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c7a4.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376D1DE3.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c7a9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37F6014C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c7af.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\384146F9.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4730c7b5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\384570F5.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4730c7b9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\388638AE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c7bf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38960A9C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c7c9.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\389A3498.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c7cf.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38A00891.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc7d8.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38AA0686.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38F54C33.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c7e2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3909481E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472cc7e7.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39124613.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472dc7ed.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\392D15F6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec7f2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39303FF3.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472fc7f6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\394011E1.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4730c7fb.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\395163CF.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c7ff.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39540DCB.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c803.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\395737C8.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c809.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\395E0BC0.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c80f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396709B6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c81f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\396E5DAE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4732c823.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397431A7.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c827.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397B05A0.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c82c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397E2F9C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c835.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39815999.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c839.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\399C297C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c843.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\399F5379.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f1d0cc.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39A27D75.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc844.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39AF2567.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f9d0cd.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39B24F63.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473ec845.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A7F2EFD.dll
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.23016
[INFO] A backup was created as '4733c84d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A9C28DD.dll
[DETECTION] Contains detection pattern of the worm WORM/IrcBot.23016
[INFO] A backup was created as '4735c84e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BDC2B53.exe
[DETECTION] Is the Trojan horse TR/Zlob.65536.3
[INFO] A backup was created as '4740c84f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\582553C3.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '472ec846.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\583525B1.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '472fc846.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58384FAD.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '472fc847.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58971145.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '4735c847.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\589A3B41.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '4735c848.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58A10F3A.dll
[DETECTION] Is the Trojan horse TR/Drop.Zlob.YL.2
[INFO] A backup was created as '473dc848.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C974D46.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c854.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CFD434E.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4742c855.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\73F03C5F.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Bifrose.aci.122 Backdoor server programs
[INFO] A backup was created as '4742c845.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\797C1EEE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4733c84c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\798372E6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c84c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79AA6ABB.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc84d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79AD14B8.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f9d0c6.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79D50C8D.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4740c84e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A02585A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472cc856.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A2A502F.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '472ec857.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A514804.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c858.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A547200.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f5d0d1.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A5B45F9.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4731c859.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A5E6FF6.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f5d0d2.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A823DCE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c85a.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A8811C7.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4734c85b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A920FBC.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85b.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9539B9.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85c.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9963B5.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46f1d0d5.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9C0DB1.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85d.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A9F37AE.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '4735c85e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AA261AA.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc85e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AA60BA7.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc85f.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AA935A3.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc860.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AAC5F9F.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc861.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AAF099C.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473dc862.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ABC318D.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473ec863.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC05B8A.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473fc863.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7AC30586.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '473fc864.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ACD037B.exe
[DETECTION] Contains detection pattern of the worm WORM/Brontok.A.4.B
[INFO] A backup was created as '46fbd0ed.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7E7C4F94.exe
[DETECTION] Contains detection pattern of the SPR/HideWindow.A.29 program
[INFO] A backup was created as '4733c869.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\Pascal\Bureau\anti-virus\clean.zip
[0] Archive type: ZIP
--> clean/pskill.exe
[DETECTION] Contains detection pattern of the SPR/Tool.PsKill.2 program
[INFO] A backup was created as '4761ca72.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Documents and Settings\Pascal\Bureau\anti-virus\clean\pskill.exe
[DETECTION] Contains detection pattern of the SPR/Tool.PsKill.2 program
[INFO] A backup was created as '4767ca7e.qua' ( QUARANTINE )
[INFO] The file was deleted!
C:\Program Files\Navilog1\navilog1.bat
[DETECTION] Contains suspicious code HEUR/Exploit.HTML
[INFO] The file was moved to '4772d855.qua'!
C:\Program Files\Navilog1\reboot.exe
[DETECTION] Contains detection pattern of the SPR/Tool.Reboot.C program
[INFO] A backup was created as '475ed859.qua' ( QUARANTINE )
[INFO] The file was deleted!
Begin scan in 'E:\'
Search path E:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'F:\'
Search path F:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'G:\'
Search path G:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'H:\' <HP_RECOVERY>
Begin scan in 'I:\' <040327_1318>
Begin scan in 'J:\'
Search path J:\ could not be opened!
Le périphérique n'est pas prêt.

Begin scan in 'K:\'
Search path K:\ could not be opened!
Le volume ne contient pas de système de fichiers connu. Vérifiez si tous les pilotes de système
de fichiers nécessaires sont chargés et si le volume n'est pas endommagé.

Begin scan in 'L:\'
Search path L:\ could not be opened!
Le périphérique n'est pas prêt.



End of the scan: vendredi 28 septembre 2007 13:20
Used time: 2:04:45 min

The scan has been done completely.

7253 Scanning directories
326011 Files were scanned
95 viruses and/or unwanted programs were found
1 Files were classified as suspicious:
94 files were deleted
0 files were repaired
92 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
325916 Files not concerned
7260 Archives were scanned
1 Warnings
0 Notes

re :

Fichier GestMAJ.exe reçu le 2007.09.28 17:37:21 (CET)Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.28.1 2007.09.28 -
AntiVir 7.6.0.18 2007.09.28 -
Authentium 4.93.8 2007.09.28 -
Avast 4.7.1043.0 2007.09.28 -
AVG 7.5.0.488 2007.09.27 -
BitDefender 7.2 2007.09.28 -
CAT-QuickHeal 9.00 2007.09.28 -
ClamAV 0.91.2 2007.09.28 -
DrWeb 4.33 2007.09.28 -
eSafe 7.0.15.0 2007.09.23 -
eTrust-Vet 31.2.5169 2007.09.27 -
Ewido 4.0 2007.09.28 -
FileAdvisor 1 2007.09.28 -
Fortinet 3.11.0.0 2007.09.28 -
F-Prot 4.3.2.48 2007.09.27 -
F-Secure 6.70.13030.0 2007.09.28 -
Ikarus T3.1.1.12 2007.09.28 -
Kaspersky 7.0.0.125 2007.09.28 -
McAfee 5129 2007.09.27 -
Microsoft 1.2803 2007.09.28 -
NOD32v2 2558 2007.09.28 -
Norman 5.80.02 2007.09.28 -
Panda 9.0.0.4 2007.09.28 -
Prevx1 V2 2007.09.28 -
Rising 19.42.42.00 2007.09.28 -
Sophos 4.21.0 2007.09.28 -
Sunbelt 2.2.907.0 2007.09.28 -
Symantec 10 2007.09.28 -
TheHacker 6.2.6.073 2007.09.28 -
VBA32 3.12.2.4 2007.09.27 -
VirusBuster 4.3.26:9 2007.09.27 -
Webwasher-Gateway 6.0.1 2007.09.28 -

Information additionnelle
File size: 24576 bytes
MD5: 8b535d342c5400fa7b8d0a4f2ff2e510
SHA1: 99b12a7d3ed887321dc86c3cf016dc2fd9c2ac09

Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2007.9.28.1 2007.09.28 -
AntiVir 7.6.0.18 2007.09.28 -
Authentium 4.93.8 2007.09.28 -
Avast 4.7.1043.0 2007.09.28 -
AVG 7.5.0.488 2007.09.27 -
BitDefender 7.2 2007.09.28 -
CAT-QuickHeal 9.00 2007.09.28 -
ClamAV 0.91.2 2007.09.28 -
DrWeb 4.33 2007.09.28 -
eSafe 7.0.15.0 2007.09.23 -
eTrust-Vet 31.2.5169 2007.09.27 -
Ewido 4.0 2007.09.28 -
FileAdvisor 1 2007.09.28 -
Fortinet 3.11.0.0 2007.09.28 -
F-Prot 4.3.2.48 2007.09.27 -
F-Secure 6.70.13030.0 2007.09.28 -
Ikarus T3.1.1.12 2007.09.28 -
Kaspersky 7.0.0.125 2007.09.28 -
McAfee 5129 2007.09.27 -
Microsoft 1.2803 2007.09.28 -
NOD32v2 2558 2007.09.28 -
Norman 5.80.02 2007.09.28 -
Panda 9.0.0.4 2007.09.28 -
Prevx1 V2 2007.09.28 -
Rising 19.42.42.00 2007.09.28 -
Sophos 4.21.0 2007.09.28 -
Sunbelt 2.2.907.0 2007.09.28 -
Symantec 10 2007.09.28 -
TheHacker 6.2.6.073 2007.09.28 -
VBA32 3.12.2.4 2007.09.27 -
VirusBuster 4.3.26:9 2007.09.27 -
Webwasher-Gateway 6.0.1 2007.09.28 -

Information additionnelle
File size: 24576 bytes
MD5: 8b535d342c5400fa7b8d0a4f2ff2e510
SHA1: 99b12a7d3ed887321dc86c3cf016dc2fd9c2ac09

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at KnS` 18:22:06, on 28/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MESSAG~1\StartMessager.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\Wanadoo\CnxMon.exe
C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\Wanadoo\EspaceWanadoo.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.fr/go/page_recherche/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fr\msntb.dll
O4 - HKLM\..\Run: [MessagerStarter Wanadoo] C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Fichiers communs\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB001" /M "Stylus CX3600"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Startup: Konfabulator.lnk = C:\Program Files\Pixoria\Konfabulator\Konfabulator.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU)
O15 - Trusted Zone: http://www.campus-booster.net
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {264AED84-12F1-4CA1-8AA7-EB939AE58D8D} (STCWeb Control) - https://vpn-paris.supinfo.com/CACHE [...] stcweb.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6 [...] vSniff.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ [...] .3.102.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr [...] NPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6 [...] /cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/bina [...] b32846.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/bina [...] b31267.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C04F8AC4-8975-4E09-9984-FE1072F7E87C}: NameServer = 80.10.246.1 80.10.246.132
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Cisco Systems, Inc. STC Agent (STCAgent) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\SSL VPN Client\agent.exe
O23 - Service: Cisco AnyConnect VPN Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe

--
End of file - 12726 bytes

je le ferai demain, vu que l'analyse met 2h...
J'ai une question a te poser:
avec antivir, quand je detectais un virus, je faisais delete+back up to quarantaine. Ai-je bien fais?

Bonjour,
Antivir me détecte un virus : WORM/Brntok.A.4.B
Quand je fais "supprimer" une autre alerte se relance avec le meme virus. Que dois-je faire?(encore une fois )

Bonjour,

Fais le ménage dans ce dossier :
C:\Documents and Settings\Pascal\Mes documents\Downloads\

bonsoir

on ne peut pas savoir ce que tu télécharges comme ######...

supprime et lis ceci:
cracks/P2P

supprime aussi:
C:\Documents and Settings\All Users\Application Data\Symantec
puisque tu as antivir maintenant
+++++++++

je reviens sur quelque chose:

quel est l'emplacement de la detection?

Désactive puis réactive la restauration du système

Nop

bonsoir

je reprends ton message:

c'est toi qui sait ce qu'il y a dedans. pas nous. puisque c'est un download. je penche pour un dl de jeu cracké, mais bon...

oui

bonsoir

tu nous donnes le nom exact du fichier?
avec l'emplacement et son extension.

supprime le en mode sans echec