A l'aide: PC infecté par Worm.VB.NRM et Win32.Worm.VB.NPM

Salut à tous

Mon PC est infecté par le virus Win32.Worm.VB.NRM et Win32.Worm.VB.NPM Des personnes pourraient me donner les démarches à suivre pour les supprimer ?

J'ai fait un scan Bitdefender on line et Malwarebytes' Anti-Malware voici les rapports.

Merci à vous

Zabo

rapport bitdefender:

BitDefender Online Scanner - Rapport virus en temps réel

Généré à: Wed, Jul 09, 2008 - 19:16:52

Info d'analyse

Fichiers scannés

128169

Infectés Fichiers

35

Virus Détectés

Win32.Worm.VB.NRM

17

Win32.Worm.VB.NPM

18

autre rapport:

BitDefender Online Scanner

Rapport d'analyse généré à: Wed, Jul 09, 2008 - 19:15:13

Voie d'analyse: C:\;D:\;E:\;F:\;G:\;H:\;I:\;

Statistiques

Temps

00:36:30

Fichiers

119284

Directoires

8839

Secteurs de boot

3

Archives

2272

Paquets programmes

12022

Résultats

Virus identifiés

3

Fichiers infectés

35

Fichiers suspects

0

Avertissements

0

Désinfectés

0

Fichiers effacés

34

Info sur les moteurs

Définition virus

1362605

Version des moteurs

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Analyse des plugins

16

Archive des plugins

42

Unpack des plugins

7

E-mail plugins

6

Système plugins

5

Paramètres d'analyse

Première action

Message

Seconde Action

Supprimé

Heuristique

Oui

Acceptez les avertissements

Oui

Extensions analysées

exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;

Excludez les extensions

Analyse d'emails

Oui

Analyse des Archives

Oui

Analyser paquets programmes

Oui

Analyse des fichiers

Oui

Analyse de boot

Oui

Fichier analysé

Statut

C:\Recycled\INFO.EXE

Infecté par: Win32.Worm.VB.NRM

C:\Recycled\INFO.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101669.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101669.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101670.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101670.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101675.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101675.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101686.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101686.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101687.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101687.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101692.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101692.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101712.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101712.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101713.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101713.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101718.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101718.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101726.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101726.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101729.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101729.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101730.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101730.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101795.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101795.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101796.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101796.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101801.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101801.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101812.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101812.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101815.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101815.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101816.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101816.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101881.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101881.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101882.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101882.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101886.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101886.EXE

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102082.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102082.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102083.exe

Infecté par: Win32.Worm.VB.NPM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102083.exe

Supprimé

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102086.EXE

Infecté par: Win32.Worm.VB.NRM

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102086.EXE

Supprimé

C:\WINDOWS\Config\Svchost.exe

Infecté par: Win32.Worm.VB.NPM

C:\WINDOWS\Config\Svchost.exe

Supprimé

C:\WINDOWS\Config\System.exe

Infecté par: Win32.Worm.VB.NPM

C:\WINDOWS\Config\System.exe

Supprimé

C:\WINDOWS\System.exe

Infecté par: Win32.Worm.VB.NRM

C:\WINDOWS\System.exe

Echec de la suppression

C:\WINDOWS\System.exe

Echec de la suppression

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101678.EXE

Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101678.EXE

Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101695.EXE

Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101695.EXE

Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101721.EXE

Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101721.EXE

Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101804.EXE

Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101804.EXE

Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101889.EXE

Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101889.EXE

Supprimé

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102089.EXE

Infecté par: Win32.Worm.VB.NRM

D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102089.EXE

Supprimé

D:\Recycled\INFO.EXE

Infecté par: Win32.Worm.VB.NRM

D:\Recycled\INFO.EXE

Répondre

Inscrivez-vous ou connectez-vous pour masquer ceci.

voici le rapport Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.19
Version de la base de données: 912
Windows 5.1.2600 Service Pack 2

19:59:52 09/07/2008
mbam-log-7-9-2008 (19-59-52).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 118565
Temps écoulé: 41 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Répondre à MrZabo

Le fichier infecté étant apparement C:\WINDOWS\System.exe

Répondre à MrZabo

Bonsoir,

Télécharge Hijackthis (de Trend Micro) sur ton Bureau.

Double clique sur HJTInstall.exe pour lancer l'installation.
Clique sur Install.
Double clique sur le raccourci d'HijackThis qui vient d'être créé pour le lancer. (Clique droit -> lancer en tant qu'admin si sous Vista)
Accepte la licence en cliquant sur Yes.
Clique sur Do a system scan and save a logfile.
Poste ici le rapport généré.

Note : Le rapport se trouve également ici : C:\Program Files\Trend Micro\Hijackthis\Hijackthis.log

Aide : Comment utiliser HijackThis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut et merci à toi.

Voici le rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:09:22, on 09/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5721 bytes

Répondre à MrZabo

Re,

Télécharge SDFix (d’Andy Manchesta).

Enregistre le sur ton le bureau.
Lance le.
Fais install afin qu’il puisse s’extraire.

Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\
Double clique sur RunThis.bat (L’extension bat peut ne pas apparaître)
Appuie sur Y pour le lancer.
Il te sera demandé d'appuyer sur une touche pour redemarrer , fais le
Il est probable que le redémarrage soit un peu plus long que d’habitude.
Une fois l’apparition de ton Bureau, il affichera Finished
Appuie sur une touche.
Un rapport est généré , poste le dans ta réponse.

Il se trouve également. dans le dossier SDFix >Report.txt<

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

voici le rapport:

SDFix: Version 1.204
Run by HP_Propri‚taire on 10/07/2008 at 20:43

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

Checking Services :

Restoring Default Security Values
Restoring Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted
C:\WINDOWS\config\svchost.exe - Deleted

Could Not Remove C:\WINDOWS\System.exe

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-10 20:55:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*isabled:AOL France"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*isabled:Windows Live Messenger (Phone)"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

C:\WINDOWS\System.exe Found

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 12 Sep 2005 218 A.SHR --- "C:\BOOT.BAK"
Sun 18 Sep 2005 22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.sys"
Thu 15 Sep 2005 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 25 Sep 2005 401 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv12.bak"
Sat 16 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Mon 21 Aug 2006 9,216 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Mes fichiers re‡us\~WRL2688.tmp"
Wed 24 Mar 2004 22,528 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Moniteur Educateur\~WRL0005.tmp"
Wed 30 Mar 2005 21,504 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Moniteur Educateur\~WRL0015.tmp"
Mon 2 Feb 2004 45,568 A..H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Moniteur Educateur\~WRL2826.tmp"
Tue 22 Aug 2006 20,992 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Application Data\Microsoft\Word\~WRL0004.tmp"
Wed 20 Feb 2008 613,888 ...H. --- "C:\Documents and Settings\HP_Propri‚taire\Mes documents\Machina Deus Ex\cover cd figurines\~WRL3293.tmp"

Finished!

Répondre à MrZabo

Re,

Oh !

Sélectionne l'intégralité du cadre ci-dessous :

Files to delete:
C:\WINDOWS\System.exe

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de Remove.txt

Télécharge The Avenger (de Swandog46).

Dézippe le sur ton Bureau.
Lance le en double cliquant sur l’exécutable puis fais ok.
Sélectionne Load Script from File et clique sur l'cône en forme de dossier à droite.
Sélectionne ton fichier remove.txt se trouvant sur le Bureau.
Clique sur le feu vert puis sur oui.
Le programme va te demander de redémarrer ton pc, accepte.
Poste le rapport : C:\avenger.txt

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Re

Quelques précisions par rapport à the avenger..

Lorque je selectionne Load Script from File je n'ai pas à cliker sur le dossier à droite, il me demande de chercher le fichier. Donc je pense bien que c'est le remove.txt ok ?

Puis, je n'ai pas de feu vert, juste un bouton executer, je clik ? Je pense qu'il va donc "delete C:\WINDOWS\System.exe" exact ? Et ce n'est pas un fichier important pour le fonctionnement de windows ?

Désol de mes questionnements cons !

Répondre à MrZabo

J'ai lancé un post dans un autre forum, mais celui-ci reste le principal !
XmichouX a l'air de toucher sa bille !;-)

Zabo

Répondre à MrZabo

Mon canned est obsolète, je vais le maj.

Euh il ne faut pas faire plusieurs sujets ...

Le fichier est nocif.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Pas de souci, je continue ici.

Donc pour les questions que je me posais, tout est ok, je peux faire le scan the avenger ?

merci encore

Répondre à MrZabo

Ouaip

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

OK, je viens de faire the avenger. Le PC a redémarré normalement par contre une fenetre m'affiche "windows pas de disque" et le message exception processing message ....blahblah blah, des chifres + lettre
Je dois choisir entre annuler, recommencer ou continuer.

Malgré ce message, j'ai accès à tout sur mon pc...bizarre bizarre ?

Voici le rapport the avenger:

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "C:\WINDOWS\System.exe" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Répondre à MrZabo

RE,

J'ai simplement fermer la fenêtre pour ce message, j'ai redémarré mon pc, tout semble ok

Répondre à MrZabo

Re,

Poste un nouveau rapport HijackThis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Hello,

Voici le nouveau rapport HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:03, on 12/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Thoosje Vista Sidebar.lnk = C:\Program Files\Thoosje Sidebar V2.3\Thoosje Vista Sidebar.exe
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5933 bytes

Répondre à MrZabo

Re,

Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :

F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\PROGRA~1\Agnitum\OUTPOS~1.0\Plugins\BrowserBar\ie_bar.dll (file missing)

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !

*************

Télécharge MalwareByte's Anti-Malware sur ton Bureau.

Installe-le en double-cliquant sur le fichier Download_mbam-setup.exe.

Une fois l'installation et la mise à jour effectuées :
Redémarre en mode sans échec
/!\ Ne jamais démarrer en mode sans échec via MSCONFIG /!\

Exécute maintenant MalwareByte's Anti-Malware. Si cela n'est pas déjà fait, sélectionne "Exécuter un examen complet".
Afin de lancer la recherche, clic sur"Rechercher".
Une fois le scan terminé, une fenêtre s'ouvre, clic sur OK. Deux possibilités s'offrent à toi :

-- si le programme n'a rien trouvé, appuie sur OK. Un rapport va apparaître, ferme-le.
-- si des infections sont présentes, clic sur "Afficher les résultats" puis sur "Supprimer la sélection". Enregistre le rapport sur ton Bureau afin de le poster dans ta prochaine réponse.

REMARQUE : Si MalwareByte's Anti-Malware a besoin de redémarrer pour terminer la suppression, accepte en cliquant sur Ok.

Aide : Comment utiliser MBAM.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

RE

Plus de 4 heures de scan en mode sans echec sur Malwaresbytes et il en reste encore pour un bon moment je pense...normal ?

Répondre à MrZabo

RE

Je vais devoir suspendre l'analyse, je pars en province pendant quelques jours. De retour jeudi, je reprendrai l'analyse Malware bytes et je posterai le rapport.

Je passerai tout de même sur le forum voir si y'a des infos.

Zabo

Répondre à MrZabo

Pas de problème. Ça dépend de la taille du disque dur et du nombre d'infections trouvées pour le scan.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut,

Je n'aurai pas le temps de reprendre le scan avant lundi. J'envoie un post lundi.

Zabo

Répondre à MrZabo

Salut,

Après 15h de scan en mode sans echec, Malwarebytes n'a trouvé aucun virus ou fichiers infectés.
Le PC est-il sain maintenant ou d'autres démarches sont à faire ?

Répondre à MrZabo

Ok, poste un nouveau rapport HijackThis

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:08:21, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [OutpostFeedBack] C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe /dumps_startup
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AutoTBar] c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [slide.exe] C:\Program Files\Slide\Slide.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5558 bytes

Répondre à MrZabo

Plus de soucis ?

Relance Hijackthis (clique droit -> lancer en tant qu'adminstrateur sous Vista), do a system scan only, coche ces lignes (si toujours présentes) :

F3 - REG:win.ini: load=System
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,System
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe

Ferme toutes les applications en cours (particulièrement ton navigateur Internet).
Puis Fix Checked !

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut,

Oui, pas de souci. L'ordi s'allume nickel et ferme pareil jusqu'à maintenant. Plus rapide, ça rame moins.

Je viens de faire Hijackthis comme demandé.

Zabo

Répondre à MrZabo

Ok, tu n'as pas d'antivirus.

Télécharge AntiVir sur ton Bureau.

Double clique sur l'exécutable téléchargé pour lancer l'installation.
A la fin de l'installation, clique sur Finish.
Ouvre Antivir, assure-toi qu’il soit bien à jour !
Dans l'onglet Local Protection, choisis Scanner.
Active la recherche de rootkits via le + de rootkit search, puis dans manual selection, coche tout (tes partitions de disque dur).
Clique sur la loupe du milieu pour lancer le scan en tant qu'Administrateur.
Poste moi le rapport généré : Pour cela, clique sur l'onglet Overview, puis choisis Reports, tu trouveras son rapport..

Note : Pour une éradication des menaces plus efficace, lance le scan en mode sans échec.

Aide : Comment installer et utiliser AntiVir.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

ok, voici le rapport antivir en mode normal, je lance maintenant le scan en mode sans echec et je le posterai.

Avira AntiVir Personal
Report file date: mercredi 23 juillet 2008 20:33

Scanning for 1493153 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: HP_Propriétaire
Computer name: PCZABO

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 18:30:49
ANTIVIR3.VDF : 7.0.5.159 123904 Bytes 23/07/2008 18:30:49
Engineversion : 8.1.1.11
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
AEHEUR.DLL : 8.1.0.43 1339767 Bytes 23/07/2008 18:30:56
AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
AEGEN.DLL : 8.1.0.29 307573 Bytes 23/07/2008 18:30:53
AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
AECORE.DLL : 8.1.1.6 172405 Bytes 23/07/2008 18:30:51
AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 8.0.0.1 98561 Bytes 23/07/2008 18:30:50
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922

Start of the scan: mercredi 23 juillet 2008 20:33

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32\cd042efbbd7f7af1647644e76e06692b
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32\bca643cdc5c2726b20d2ecedcc62c59b
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32\2c81e34222e8052573023a60d06dd016
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32\2582ae41fb52324423be06337561aa48
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32\caaeda5fd7a9ed7697d9686d4b818472
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32\a4a1bcf2cc2b8bc3716b74b2b4522f5d
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32\4d370831d2c43cd13623e232fed27b7b
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32\1d68fe701cdea33e477eb204b76f993d
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32\1fac81b91d8e3c5aa4b0a51804d844a3
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32\f5f62a6129303efb32fbe080bb27835b
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32\fd4e2e1a3940b94dceb5a6a021f2e3c6
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\threadingmodel
[INFO] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32\8a8aec57dd6508a385616fbc86791ec2
[INFO] The registry entry is invisible.
'362719' objects were checked, '24' hidden objects were found.

End of the scan: mercredi 23 juillet 2008 20:39
Used time: 05:54 min

The scan has been done completely.

0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes
362719 Objects were scanned with rootkit scan
24 Hidden objects were found

Répondre à MrZabo

Voci le rapport antivir en mode sans echec, par contre le scan a pris 4 sec, normal ?!

Aussi, à l'instant ou j'allais ecrire le message, antivir a detecté le virus : Virus or unwanted program 'Worm/VB.NPM.1 [worm]'
detected in file 'C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103154.exe.
Action performed: Move file to quarantine

C'est toujours le même, je l'ai mis en quarantaine, je peux le supprimer ?

Zabo

Le scan mode sans echec:

Avira AntiVir Personal
Report file date: mercredi 23 juillet 2008 20:53

Scanning for 1493153 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Propriétaire
Computer name: PCZABO

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 18:30:49
ANTIVIR3.VDF : 7.0.5.159 123904 Bytes 23/07/2008 18:30:49
Engineversion : 8.1.1.11
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
AEHEUR.DLL : 8.1.0.43 1339767 Bytes 23/07/2008 18:30:56
AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
AEGEN.DLL : 8.1.0.29 307573 Bytes 23/07/2008 18:30:53
AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
AECORE.DLL : 8.1.1.6 172405 Bytes 23/07/2008 18:30:51
AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 8.0.0.1 98561 Bytes 23/07/2008 18:30:50
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Rootkit search
Configuration file...............: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\PROFILES\rootkit.avp
Logging..........................: high
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Scan memory......................: off
Process scan.....................: off
Scan registry....................: off
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Expanded search settings.........: 0x00300922

Start of the scan: mercredi 23 juillet 2008 20:53

Starting search for hidden objects.
The driver could not be initialized.

End of the scan: mercredi 23 juillet 2008 20:53
Used time: 00:02 min

The scan has been done completely.

0 Scanning directories
0 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
0 Files not concerned
0 Archives were scanned
0 Warnings
0 Notes

Répondre à MrZabo

Pour info:

Je viens de faire un system scan par antivir, il a trouvé 248 "viruses and/or unwanted programs", je les ai tous ignorer.

Je poste le rapport si besoin:

Avira AntiVir Personal
Report file date: mercredi 23 juillet 2008 21:24

Scanning for 1493153 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PCZABO

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
ANTIVIR2.VDF : 7.0.5.144 1690624 Bytes 21/07/2008 18:30:49
ANTIVIR3.VDF : 7.0.5.159 123904 Bytes 23/07/2008 18:30:49
Engineversion : 8.1.1.11
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
AEHEUR.DLL : 8.1.0.43 1339767 Bytes 23/07/2008 18:30:56
AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
AEGEN.DLL : 8.1.0.29 307573 Bytes 23/07/2008 18:30:53
AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
AECORE.DLL : 8.1.1.6 172405 Bytes 23/07/2008 18:30:51
AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 8.0.0.1 98561 Bytes 23/07/2008 18:30:50
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercredi 23 juillet 2008 21:24

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb04.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
C:\WINDOWS\System.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
Scan process 'System.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System.exe'
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

27 processes with 27 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '18' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\Autorun.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[NOTE] The file was moved to '48fb8607.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Recycled\INFO.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48cd8d23.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/Autorun.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
--> backups/Svchost.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
--> backups/System.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101216.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101233.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101308.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101326.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP757\A0101372.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101493.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101516.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101535.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101582.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101598.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101614.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101640.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101673.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101690.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101716.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101728.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101799.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101814.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101883.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102084.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102144.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102152.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102153.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102154.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102156.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102168.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102169.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102170.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102172.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102182.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102183.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102184.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102186.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102193.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102194.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102195.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102197.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102204.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102206.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102210.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102211.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102212.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102251.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102253.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102261.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102262.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102263.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102265.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102280.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102281.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102282.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102284.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102295.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102296.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102297.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102298.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102300.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102313.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102314.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102315.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102317.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102327.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102328.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102329.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102331.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102340.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102341.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102342.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102344.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102516.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102517.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102518.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102520.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102544.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102545.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102546.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102548.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102556.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102557.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102558.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102560.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102568.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102569.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102570.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102572.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102582.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102583.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102584.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102586.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102595.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102596.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102597.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102599.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102611.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102612.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102613.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102615.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103019.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103020.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103021.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103023.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103037.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103038.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103039.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103041.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103055.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103056.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103057.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103059.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103069.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103070.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103071.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103073.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103087.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103088.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103089.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103091.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103099.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103100.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103101.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103103.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103111.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103112.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103113.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103115.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103123.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103124.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103125.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103127.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103136.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103137.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103138.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103140.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103155.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103156.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103158.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103166.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103167.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103168.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103170.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103179.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103180.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103181.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103183.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103191.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103192.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103193.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103195.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103203.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103204.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103205.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103207.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\WINDOWS\System.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\WINDOWS\Config\Svchost.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
C:\WINDOWS\Config\System.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
Begin scan in 'D:\' <HP_RECOVERY>
D:\Autorun.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101311.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP756\A0101329.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP757\A0101375.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101496.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101519.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP758\A0101538.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101585.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101602.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101617.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP759\A0101642.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101676.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101693.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP760\A0101719.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP761\A0101802.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0101887.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102087.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102146.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102157.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102159.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102173.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102175.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102187.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP762\A0102189.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102198.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102200.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102207.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102209.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102254.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102256.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102266.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102268.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102285.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP763\A0102287.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102301.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102303.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102318.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102320.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102332.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102334.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102345.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP764\A0102347.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102521.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102523.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102549.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102551.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102561.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102563.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102573.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP765\A0102575.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102587.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102589.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102600.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102602.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102616.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0102618.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103024.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103026.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103042.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP766\A0103044.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103060.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103062.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103074.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP767\A0103076.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103092.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103094.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103104.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103106.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103116.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103118.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103128.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103130.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103141.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP768\A0103143.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103159.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103161.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103171.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP769\A0103173.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103184.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103186.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103196.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103198.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103208.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP771\A0103210.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101219.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP755\A0101237.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[WARNING] The file was ignored!
D:\Recycled\INFO.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] The file was ignored!

End of the scan: mercredi 23 juillet 2008 22:19
Used time: 54:38 min

The scan has been done completely.

9045 Scanning directories
431527 Files were scanned
248 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
2 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
431279 Files not concerned
15191 Archives were scanned
248 Warnings
2 Notes

Répondre à MrZabo

Re,

Refais le scan et mets tout en quarantaine (mode sans échec).

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut,

J'ai fait le scan en mode sans echec et j'ai tout mis en quarantaine, sauf des fichier ou je n'avais le choix qu'entre ignore ou delete, j'ai choisis ignore...

Zabo

Répondre à MrZabo

Poste le rapport.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Et oui....quel c..., j'avais zappé !!

le voila:

Avira AntiVir Personal
Report file date: dimanche 27 juillet 2008 11:09

Scanning for 1512830 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: HP_Propriétaire
Computer name: PCZABO

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 18:30:44
ANTIVIR2.VDF : 7.0.5.174 2027008 Bytes 25/07/2008 23:09:36
ANTIVIR3.VDF : 7.0.5.176 40960 Bytes 26/07/2008 21:54:19
Engineversion : 8.1.1.12
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.59 307579 Bytes 23/07/2008 18:30:59
AESCN.DLL : 8.1.0.23 119156 Bytes 23/07/2008 18:30:59
AERDL.DLL : 8.1.0.20 418165 Bytes 23/07/2008 18:30:58
AEPACK.DLL : 8.1.2.1 364917 Bytes 23/07/2008 18:30:57
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 23/07/2008 18:30:56
AEHEUR.DLL : 8.1.0.44 1343863 Bytes 24/07/2008 16:52:44
AEHELP.DLL : 8.1.0.15 115063 Bytes 23/07/2008 18:30:54
AEGEN.DLL : 8.1.0.31 311669 Bytes 24/07/2008 16:52:41
AEEMU.DLL : 8.1.0.6 430451 Bytes 23/07/2008 18:30:52
AECORE.DLL : 8.1.1.7 172406 Bytes 24/07/2008 16:52:40
AEBB.DLL : 8.1.0.1 53617 Bytes 23/07/2008 18:30:51
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 8.0.0.2 98561 Bytes 25/07/2008 23:09:37
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 27 juillet 2008 11:09

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
C:\WINDOWS\System.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
Scan process 'System.exe' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\System.exe'
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

12 processes with 12 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.

The registry was scanned ( '23' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\Autorun.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[NOTE] The file was moved to '49003bd5.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Recycled\INFO.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48d268e5.qua'!
C:\SDFix\backups\backups.zip
[0] Archive type: ZIP
--> backups/Autorun.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
--> backups/Svchost.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
--> backups/System.exe
[1] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48ef68fe.qua'!
C:\WINDOWS\System.exe
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
C:\WINDOWS\Config\Svchost.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48ef744f.qua'!
C:\WINDOWS\Config\System.exe
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48ff7452.qua'!
Begin scan in 'D:\' <HP_RECOVERY>
D:\Autorun.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[NOTE] The file was moved to '49008180.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103393.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48bd86b6.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103450.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '493375ef.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103463.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48bd86b7.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103504.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[NOTE] The file was moved to '493375e0.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103506.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48bd86b8.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103516.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[NOTE] The file was moved to '493375e1.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103518.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48bd86b9.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103527.inf
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.2
[NOTE] The file was moved to '493375e2.qua'!
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103529.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48bd86bb.qua'!
D:\Recycled\INFO.EXE
[0] Archive type: RSRC
--> Object
[DETECTION] Contains detection pattern of the worm WORM/VB.NPM.1
[NOTE] The file was moved to '48d286d8.qua'!

End of the scan: dimanche 27 juillet 2008 16:30
Used time: 5:21:15 min

The scan has been done completely.

9663 Scanning directories
440068 Files were scanned
20 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
16 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
440048 Files not concerned
15196 Archives were scanned
6 Warnings
16 Notes

Répondre à MrZabo

C'est revenu ..

Télécharge ComboFix (de sUBs) sur ton Bureau.

Désactive temporairement toute protection résidente ! (Antivirus, antispywares..)
Double clique sur ComboFix.exe.
Accepte la licence en cliquant sur Oui.
Lorsque l'opération sera terminée, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Le rapport se trouve ici : %systemdrive%\ComboFix.txt (%systemdrive% étant la partition où est installée Windows; C:\ en général)

Aide : Comment utiliser ComboFix.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Voila, c'est fait, voici le rapport:

ComboFix 08-07-27.2 - HP_Propriétaire 2008-07-27 21:09:38.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.136 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\config\svchost.exe
C:\WINDOWS\system.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-27 to 2008-07-27 ))))))))))))))))))))))))))))))))))))
.

2008-07-26 02:16 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-07-26 02:11 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Native Instruments
2008-07-26 02:08 . 2008-07-26 02:08 <REP> d-------- C:\Program Files\VirSyn Software Synthesizer
2008-07-26 02:06 . 2008-07-26 02:06 <REP> d-------- C:\Program Files\Steinberg
2008-07-26 02:05 . 2008-07-26 02:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-26 01:54 . 2008-07-26 02:25 <REP> d-------- C:\Program Files\VstPlugins
2008-07-26 01:54 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-07-26 01:53 . 2008-07-26 01:55 <REP> d-------- C:\Program Files\Image-Line
2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Program Files\Avira
2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-18 08:25 . 2008-07-18 08:25 <REP> d-------- C:\Program Files\Bonjour
2008-07-18 08:16 . 2008-07-18 08:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-18 08:16 . 2008-07-18 08:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-11 19:13 . 2008-07-11 20:58 <REP> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-07-10 20:37 . 2008-07-10 20:37 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-10 20:33 . 2008-07-10 21:00 <REP> d-------- C:\SDFix
2008-07-09 23:08 . 2008-07-09 23:08 <REP> d-------- C:\Program Files\Trend Micro
2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 23:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 23:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-27 18:07 --------- d-----w C:\Program Files\eMule
2008-07-18 06:26 --------- d-----w C:\Program Files\iTunes
2008-07-18 06:26 --------- d-----w C:\Program Files\iPod
2008-07-18 06:24 --------- d-----w C:\Program Files\QuickTime
2008-07-12 10:24 --------- d-----w C:\Program Files\Soulseek
2008-07-12 10:21 --------- d-----w C:\Program Files\Easy CD-DA Extractor 4.7.1
2008-07-12 10:20 --------- d-----w C:\Program Files\DivX
2008-06-24 06:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-22 13:36 --------- d-----w C:\Program Files\EasyBox
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-09-18 15:19 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 19:05 196608]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"midi2"= KORGUMDD.DRV

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R1 pctvNT;Studio PCTV;C:\WINDOWS\system32\DRIVERS\pctvW2k.sys [2000-02-08 17:56]
R3 TESTCAP;Studio PCTV (Audio);C:\WINDOWS\system32\DRIVERS\PCTVAud.sys [2000-02-08 10:25]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2005-12-20 03:07]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 09:21]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 09:24]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd18164-74d8-11db-b1e3-0013d328d3b3}]
\Shell\AutoRun\command - J:\LaunchU3.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-04-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-slide.exe - C:\Program Files\Slide\Slide.exe
HKLM-Run-OutpostFeedBack - C:\PROGRA~1\Agnitum\OUTPOS~1.0\feedback.exe
HKLM-Run-AutoTBar - c:\Program Files\HP\Digital Imaging\bin\AUTOTBAR.EXE

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O17 -: HKLM\CCS\Interface\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177

O16 -: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
C:\WINDOWS\Downloaded Program Files\oscan8.inf
C:\WINDOWS\bdoscandellang.ini
C:\WINDOWS\bdoscandel.exe
C:\WINDOWS\Downloaded Program Files\live.ini
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi
C:\WINDOWS\Downloaded Program Files\lang.ini
C:\WINDOWS\Downloaded Program Files\ipsupd.dll
C:\WINDOWS\Downloaded Program Files\bdupd.dll
C:\WINDOWS\Downloaded Program Files\libfn.dll
C:\WINDOWS\Downloaded Program Files\bdcore.dll
C:\WINDOWS\Downloaded Program Files\oscan8.ocx

O16 -: {88764F69-3831-4EC1-B40B-FF21D8381345} - hxxps://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
C:\WINDOWS\Downloaded Program Files\AdSignerADP.inf
C:\WINDOWS\system32\msvcp60.dll
C:\WINDOWS\system32\atl.dll
C:\WINDOWS\Downloaded Program Files\AdVerifierADP.dll
C:\WINDOWS\Downloaded Program Files\AdSignerADP.dll

O16 -: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://copainsdavant.linternaute.com/html_include_bibliotheque/objimageuploader/ImageUploader5.cab
C:\WINDOWS\Downloaded Program Files\ImageUploader5.inf
C:\WINDOWS\system32\unicows.dll
C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-27 21:12:44
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-27 21:16:59
ComboFix-quarantined-files.txt 2008-07-27 19:16:26

Pre-Run: 24,491,200,512 octets libres
Post-Run: 24,596,180,992 octets libres

164 --- E O F --- 2008-07-09 07:39:37

Répondre à MrZabo

C'est mieux ?
Poste un nouveau rapport HijackThis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Rien de mieux apparemment. Antivir m'a repéré des virus sur System information....que j'ai mis en quarantaine.

Voici le rapport hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:38:37, on 27/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5170 bytes

Répondre à MrZabo

Re,

Fais une analyse antivirus en ligne sur Kaspersky avec Internet Explorer.

Autorise les Active x.
Clique sur Démarrer Online Scanner.
Sélectionne le poste de travail comme analyse. Enregistres sous le rapport en format .txt.
Colle son rapport ici.
Poste un nouveau rapport Hijackthis.

Aide : Comment faire un scan en ligne avec Kaspersky.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut

Impossible pour moi de faire le scan kaspersky. IE bloque l'installation du controle active X, il ne me donne même pas le choix, IE refuse categoriquement, j'ai même désactivé le pare feu windows...rien.

Répondre à MrZabo

c ok, je devais installer Java avant. Je lance le scan

Répondre à MrZabo

RE,

Voici les rapport Kaspersky et hijackThis:

Kaspersky:

KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, July 29, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, July 29, 2008 16:40:54
Records in database: 1023241
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics
Files scanned 102009
Threat name 3
Infected objects 8
Suspicious objects 0
Duration of the scan 02:15:41

File name Threat name Threats count
C:\Documents and Settings\HP_Propriétaire\Mes documents\Logiciels\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Documents and Settings\HP_Propriétaire\Mes documents\Logiciels\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\QooBox\Quarantine\C\WINDOWS\Config\Svchost.exe.vir Infected: Virus.Win32.AutoRun.aim 1
C:\QooBox\Quarantine\C\WINDOWS\System.exe.vir Infected: Worm.Win32.AutoRun.aha 1
C:\Recycled\INFO.EXE Infected: Worm.Win32.AutoRun.aha 1
C:\WINDOWS\Config\System.exe Infected: Virus.Win32.AutoRun.aim 1
D:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP774\A0103547.EXE Infected: Worm.Win32.AutoRun.aha 1
D:\Recycled\INFO.EXE Infected: Worm.Win32.AutoRun.aha 1
The selected area was scanned.

Et HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:47, on 29/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCD [...] 586-jc.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 5993 bytes

Répondre à MrZabo

Re,

Sélectionne l'intégralité du cadre ci-dessous :

File::
C:\Recycled\INFO.EXE
C:\WINDOWS\Config\System.exe
D:\Recycled\INFO.EXE
C\WINDOWS\Config\Svchost.exe
C\WINDOWS\System.exe

Copie/colle le dans le Bloc Notes (Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Enregistre le sous sur ton bureau sous le nom de CFScript.txt
Glisse maintenant le fichier CFScript.txt dans ComboFix.exe comme ci-dessous :

Cela va relancer Combofix. Poste le contenu du rapport ComboFix.txt après redémarrage s'il y en a un.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut,

Tu as écrit "File::", c'est bien celà ? ou c'est "File:" ?

Répondre à MrZabo

Hello,

C'est bien File::

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut,

Voici le rapport combofix:

ComboFix 08-07-27.2 - HP_Propriétaire 2008-07-30 16:41:52.2 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.115 [GMT 2:00]
Endroit: C:\Documents and Settings\HP_Propriétaire\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Propriétaire\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE ::
C:\Recycled\INFO.EXE
C:\WINDOWS\Config\System.exe
D:\Recycled\INFO.EXE
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Recycled\INFO.EXE
C:\WINDOWS\Config\System.exe
D:\Recycled\INFO.EXE

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-28 to 2008-07-30 ))))))))))))))))))))))))))))))))))))
.

2008-07-29 18:47 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-26 02:16 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Fichiers communs\Native Instruments
2008-07-26 02:11 . 2008-07-26 02:18 <REP> d-------- C:\Program Files\Native Instruments
2008-07-26 02:08 . 2008-07-26 02:08 <REP> d-------- C:\Program Files\VirSyn Software Synthesizer
2008-07-26 02:06 . 2008-07-26 02:06 <REP> d-------- C:\Program Files\Steinberg
2008-07-26 02:05 . 2008-07-26 02:05 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-26 01:54 . 2008-07-26 02:25 <REP> d-------- C:\Program Files\VstPlugins
2008-07-26 01:54 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-07-26 01:53 . 2008-07-26 01:55 <REP> d-------- C:\Program Files\Image-Line
2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Program Files\Avira
2008-07-23 20:29 . 2008-07-23 20:29 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-18 08:25 . 2008-07-18 08:25 <REP> d-------- C:\Program Files\Bonjour
2008-07-18 08:16 . 2008-07-18 08:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-18 08:16 . 2008-07-18 08:16 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-11 19:13 . 2008-07-11 20:58 <REP> d-------- C:\Program Files\Thoosje Sidebar V2.3
2008-07-10 20:37 . 2008-07-10 20:37 <REP> d-------- C:\WINDOWS\ERUNT
2008-07-10 20:33 . 2008-07-10 21:00 <REP> d-------- C:\SDFix
2008-07-09 23:08 . 2008-07-09 23:08 <REP> d-------- C:\Program Files\Trend Micro
2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\HP_Propriétaire\Application Data\Malwarebytes
2008-07-01 23:02 . 2008-07-01 23:02 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-01 23:02 . 2008-06-28 14:16 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-01 23:02 . 2008-06-28 14:16 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-13 21:36 . 2008-07-30 16:42 <REP> d--hs---- C:\Recycled
2008-06-11 07:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 07:50 . 2008-06-14 19:59 272,768 --------- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 06:14 --------- d-----w C:\Program Files\eMule
2008-07-29 16:47 --------- d-----w C:\Program Files\Java
2008-07-27 19:41 --------- d-----w C:\Program Files\EasyBox
2008-07-18 06:26 --------- d-----w C:\Program Files\iTunes
2008-07-18 06:26 --------- d-----w C:\Program Files\iPod
2008-07-18 06:24 --------- d-----w C:\Program Files\QuickTime
2008-07-12 10:24 --------- d-----w C:\Program Files\Soulseek
2008-07-12 10:21 --------- d-----w C:\Program Files\Easy CD-DA Extractor 4.7.1
2008-07-12 10:20 --------- d-----w C:\Program Files\DivX
2008-06-24 06:15 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:41 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:41 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-04-14 02:50 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2004-08-09 22:30 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2005-09-18 15:19 22 --sha-w C:\WINDOWS\SMINST\HPCD.sys
.

((((((((((((((((((((((((((((( snapshot@2008-07-27_21.15.59.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-11-10 10:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-09 23:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 10:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-09 23:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 12:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 00:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 20:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-15 19:05 196608]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-02-12 10:06 262401]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 10:50 413696]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.VP31"= vp31vfw.dll
"midi2"= KORGUMDD.DRV

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\EasyBox\\vlc\\vlc.exe"=
"C:\\Program Files\\EasyBox\\apache\\apache.exe"=

R1 pctvNT;Studio PCTV;C:\WINDOWS\system32\DRIVERS\pctvW2k.sys [2000-02-08 17:56]
R3 TESTCAP;Studio PCTV (Audio);C:\WINDOWS\system32\DRIVERS\PCTVAud.sys [2000-02-08 10:25]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;C:\WINDOWS\system32\DRIVERS\fbxusb32.sys [2004-10-20 15:23]
S3 KORGUMDS;KORG USB-MIDI Driver for Windows XP;C:\WINDOWS\system32\Drivers\KORGUMDS.SYS [2005-12-20 03:07]
S3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-06-10 09:21]
S3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-06-10 09:24]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 13:16]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 13:17]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 13:17]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 13:18]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 13:15]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\SE2Eobex.sys [2006-05-01 13:18]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 13:15]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{afd18164-74d8-11db-b1e3-0013d328d3b3}]
\Shell\AutoRun\command - J:\LaunchU3.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-04-18 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-30 16:46:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-07-30 16:50:23
ComboFix-quarantined-files.txt 2008-07-30 14:49:40
ComboFix2.txt 2008-07-27 19:17:00

Pre-Run: 19,313,680,384 octets libres
Post-Run: 19,303,428,096 octets libres

160 --- E O F --- 2008-07-09 07:39:37

Répondre à MrZabo

C'est mieux ?
Poste un novueau rapport HijackTHis.

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

Salut

Et bien je peux pas te dire. Depuis les 1eres démarches mon PC est plus rapide, mais antivir me signale tjs la presence des même fichiers infectés, après le sont ils réellement ? Je les met à chaque fois en quarantaine, je peux les supprimer sinon ?

Voici le rapport hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:28:30, on 31/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - .DEFAULT User Startup: AutoTBar.exe (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/pr [...] NPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/ [...] DP-1.1.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD44/JSCD [...] 586-jc.cab
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://copainsdavant.linternaute.c [...] oader5.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ [...] wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E67885A0-82A9-482F-B96A-AA1FAEE72E6B}: NameServer = 212.27.32.176,212.27.32.177
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 6078 bytes

Répondre à MrZabo

Re,

Normalement, cette fois-ci c'est bon. On va quand même vérifier.

Supprime C:\Qoobox

Fais un nouveau scan AntiVir ou bien Kaspersky

------------------------------ >> Centre de Formation Helpers <<
Répondre à XmichouX

A l'aide: PC infecté par Worm.VB.NRM et Win32.Worm.VB.NPM

Forum Sécurité - Virus : A l'aide: PC infecté par Worm.VB.NRM et Win32.Worm.VB.NPM

Attention