Win32:tibs-ado[trj]

C'est bon, j'ai retrouvé la manip pour SmitFrauddFix,

Voilà le rapport


SmitFraudFix v2.309

Rapport fait à 13:46:08,48, 28/03/2008
Executé à partir de C:\Program Files\Mozilla Firefox\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\WinReanimator\WinReanimator.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\braviax.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Louise et Lili


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Louise et Lili\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\LOUISE~1\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///C:/DOCUME~1/LOUISE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"SubscribedURL"="file:///C:/DOCUME~1/LOUISE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg"
"FriendlyName"=""

[HKEY_CURRENT_\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"init"="C:\\WINDOWS\\system32\\init.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 192.168.1.1

Description: NVIDIA nForce Networking Controller - Miniport d'ordonnancement de paquets
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 194.117.200.10

HKLM\SYSTEM\CCS\Services\Tip\..\{31992CA2-736B-4480-8ED1-E35C99666B34}: DhNameServer=192.168.1.1 194.117.200.10
HKLM\SYSTEM\CCS\Services\Tip\..\{828CD6A2-31EB-412C-AF42-015CB9799F90}: DhNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tip\..\{31992CA2-736B-4480-8ED1-E35C99666B34}: DhNameServer=192.168.1.1 194.117.200.10
HKLM\SYSTEM\CS2\Services\Tip\..\{31992CA2-736B-4480-8ED1-E35C99666B34}: DhNameServer=192.168.1.1 194.117.200.10
HKLM\SYSTEM\CS2\Services\Tip\..\{828CD6A2-31EB-412C-AF42-015CB9799F90}: DhNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tip\..\{31992CA2-736B-4480-8ED1-E35C99666B34}: DhNameServer=192.168.1.1 194.117.200.10
HKLM\SYSTEM\CS3\Services\Tip\..\{828CD6A2-31EB-412C-AF42-015CB9799F90}: DhNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CCS\Services\Tip\Parameters: DhNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS1\Services\Tip\Parameters: DhNameServer=192.168.1.1 194.117.200.10
HKLM\SYSTEM\CS2\Services\Tip\Parameters: DhNameServer=192.168.1.1 192.168.1.1
HKLM\SYSTEM\CS3\Services\Tip\Parameters: DhNameServer=192.168.1.1 192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

________________




colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html

Panda en ligne :
http://pandasoftware.fr

Kaspersky en ligne
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
__________________
recolle un rapport hijakchtis et dis tes soucis

Salut !


Voilà le rapport que j'ai trouvé dans C: Je ne sais pas si il est complet parce que j'en avais un autre mais l'ordi a planté à la fin du scan de Combofix et en le rallumant je n'ai trouvé que ça. L'autre est peut être caché ailleurs !

2006-12-22 02:07 86070 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\pthreadVC2.dll.vir
2007-12-26 22:04 479232 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll.vir
2007-12-26 22:04 522 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest.vir
2007-12-26 22:04 548864 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\Microsoft.VC80.CRT\msv80.dll.vir
2007-12-26 22:04 626688 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll.vir
2007-12-28 20:10 598528 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\htmlayout.dll.vir
2008-01-09 23:36 5 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Louise et Lili\RavMonLog.vir
2008-01-16 01:24 544768 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\WinReanimator.dll.vir
2008-02-29 23:45 595116 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\WinReanimator.exe.vir
2008-03-27 12:00 308712 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\install.exe.vir
2008-03-27 12:00 308712 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\winivstr.exe.vir
2008-03-27 12:26 102400 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\unzip32.dll.vir
2008-03-27 12:26 1150 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\un.ico.vir
2008-03-27 12:26 1605 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All s\Menu Démarrer\Programmes\WinReanimator\Uninstall.lnk.vir
2008-03-27 12:26 1613 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All s\Menu Démarrer\Programmes\WinReanimator\WinReanimator.lnk.vir
2008-03-28 14:32 447961 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\data\daily.cvd.vir
2008-03-28 22:27 3298 --a------ C:\Qoobox\Quarantine\C\Program Files\WinReanimator\WinReanimator.cfg.vir
2008-03-30 20:43 39 --a------ C:\Qoobox\Quarantine\catchme.log



Voilà aussi le nouveau rapport Hijakchtis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:04:46, on 30/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe
C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\VSTASCAN\vsaccess.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [vmtalk] C:\Program Files\Fichiers communs\Talkway\vmtalk.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [braviax] C:\WINDOWS\system32\braviax.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE ( 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE ( 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE ( 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE ( 'Default ')
O4 - Startup: Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe
O4 - Startup: UMAX VistaAccess.lnk = C:\VSTASCAN\vsaccess.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://D:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://.microsoft.com//E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image er 3.5 Control) - http://www.photoways.com/clients/Imageer3.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupControl Class) - http://messenger.msn.com//MsnMessengerSetuper.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game05.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {DEB21AD3-FDA4-42F6-B57D-EE696A675EE8} (IPSer Control) - http://asp08.photoprintit.de/microsite/3462/defaults/activex/IPSer.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/LOUISE~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg

J'ai retrouvé l'autre rapport de Combofix

Le voilà !

ComboFix 08-03-30.2 - Louise et Lili 2008-03-30 20:42:07.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.126 [GMT 2:00]
Endroit: C:\Documents and Settings\Louise et Lili\Bureau\Killbagle.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All s\Menu Démarrer\Programmes\WinReanimator
C:\Documents and Settings\All s\Menu Démarrer\Programmes\WinReanimator\Uninstall.lnk
C:\Documents and Settings\All s\Menu Démarrer\Programmes\WinReanimator\WinReanimator.lnk
C:\Documents and Settings\Louise et Lili\ravmonlog
C:\Program Files\WinReanimator
C:\Program Files\WinReanimator\data\daily.cvd
C:\Program Files\WinReanimator\htmlayout.dll
C:\Program Files\WinReanimator\install.exe
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcm80.dll
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msv80.dll
C:\Program Files\WinReanimator\Microsoft.VC80.CRT\msvcr80.dll
C:\Program Files\WinReanimator\pthreadVC2.dll
C:\Program Files\WinReanimator\un.ico
C:\Program Files\WinReanimator\unzip32.dll
C:\Program Files\WinReanimator\WinReanimator.cfg
C:\Program Files\WinReanimator\WinReanimator.dll
C:\Program Files\WinReanimator\WinReanimator.exe
C:\WINDOWS\system32\winivstr.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-30 ))))))))))))))))))))))))))))))))))))
.

2008-03-28 14:46 . 2008-03-28 14:46 4,008 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-28 14:45 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-03-28 14:45 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-03-28 14:45 . 2008-03-22 16:49 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-03-28 14:45 . 2008-03-26 09:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-03-28 14:45 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-03-28 14:45 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-03-28 14:45 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-03-28 14:39 . 2008-03-28 14:39 <REP> d-------- C:\_OTMoveIt
2008-03-27 22:58 . 2008-03-27 23:00 1,414,248 --a------ C:\SDFix.exe
2008-03-27 22:56 . 2008-03-28 14:30 6,656 --a------ C:\WINDOWS\system32\univrs32.dat
2008-03-27 22:54 . 2008-03-27 23:01 <REP> d-------- C:\SDFix
2008-03-27 12:23 . 2008-03-27 12:23 19,198 --a------ C:\Documents and Settings\All s\Application Data\zuroremifo.vbs
2008-03-27 12:23 . 2008-03-27 12:23 15,834 --a------ C:\Program Files\Fichiers communs\ibemofa.reg
2008-03-27 12:23 . 2008-03-27 12:23 14,356 --a------ C:\Documents and Settings\All s\Application Data\qycyfu.scr
2008-03-27 12:23 . 2008-03-27 12:23 12,102 --a------ C:\WINDOWS\system32\gogesibe.dl
2008-03-27 12:23 . 2008-03-27 12:23 11,301 --a------ C:\WINDOWS\dubodobo.scr
2008-03-27 12:23 . 2008-03-27 12:23 10,355 --a------ C:\WINDOWS\xazoqo._dl
2008-03-27 12:23 . 2008-03-27 12:23 10,139 --a------ C:\WINDOWS\eqynumyf.inf
2008-03-27 12:20 . 2008-03-27 12:20 <REP> d-------- C:\Program Files\Trend Micro
2008-03-21 17:16 . 2008-03-21 17:16 268 --ah----- C:\sqmdata03.sqm
2008-03-21 17:16 . 2008-03-21 17:16 244 --ah----- C:\sqmnoopt03.sqm
2008-03-21 17:16 . 2008-03-21 17:16 208 --ah----- C:\sqmdata04.sqm
2008-03-21 17:16 . 2008-03-21 17:16 172 --ah----- C:\sqmnoopt04.sqm
2008-03-19 17:15 . 2008-03-19 17:15 268 --ah----- C:\sqmdata02.sqm
2008-03-19 17:15 . 2008-03-19 17:15 244 --ah----- C:\sqmnoopt02.sqm
2008-03-03 11:43 . 2008-03-03 11:43 268 --ah----- C:\sqmdata01.sqm
2008-03-03 11:43 . 2008-03-03 11:43 244 --ah----- C:\sqmnoopt01.sqm
2008-02-21 14:43 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-02-21 14:43 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-02-21 14:43 . 2007-12-04 14:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-02-21 14:43 . 2007-12-04 16:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-02-21 14:43 . 2007-12-04 16:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-02-21 14:43 . 2007-12-04 16:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-02-21 14:43 . 2007-12-04 16:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-02-21 14:43 . 2007-12-04 16:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-02-21 14:04 . 2008-02-21 14:10 <REP> d-------- C:\MSNFix
2008-02-21 11:56 . 2008-02-21 11:56 <REP> d-------- C:\Nettoyant virus
2008-02-14 18:18 . 2008-02-26 19:20 16 --a------ C:\WINDOWS\Temp.ini
2008-02-14 18:11 . 2008-02-14 18:11 <REP> d-------- C:\WINDOWS\PHOTOCD
2008-02-14 18:11 . 1998-01-13 16:53 196,608 --a------ C:\WINDOWS\kp32.dll
2008-02-14 18:11 . 1998-01-20 12:12 133,120 --a------ C:\WINDOWS\sprof32.dll
2008-02-14 18:11 . 1998-06-04 14:21 47,616 -r------- C:\WINDOWS\ucmsp_32.dll
2008-02-14 18:11 . 1997-10-14 10:26 37,376 --a------ C:\WINDOWS\kpsys32.dll
2008-02-14 18:11 . 2008-03-30 20:35 780 --a------ C:\WINDOWS\vista32.ini
2008-02-14 18:11 . 2008-02-14 18:11 189 --a------ C:\WINDOWS\KPCMS.INI
2008-02-14 18:11 . 2008-02-14 18:11 36 --a------ C:\WINDOWS\umaxdrv.ini
2008-02-14 18:09 . 1999-04-16 11:34 172,032 --a------ C:\WINDOWS\VistaSaver.scr
2008-02-14 18:09 . 2008-02-14 18:09 500 --a------ C:\WINDOWS\Upmagic.ini
2008-02-14 18:09 . 1999-01-15 18:12 36 --a------ C:\WINDOWS\Vss.ini
2008-02-14 18:08 . 2008-02-14 18:08 <REP> d-------- C:\WINDOWS\system32\COLOR
2008-02-14 18:08 . 2008-02-14 18:09 <REP> d-------- C:\Program Files\NewSoft
2008-02-14 18:08 . 2008-02-14 18:08 <REP> d-------- C:\My PageManager
2008-02-14 18:08 . 1997-10-13 14:19 11,776 --a------ C:\WINDOWS\system32\pmsbfn32.dll
2008-02-14 18:08 . 2008-02-14 18:08 794 --a------ C:\Presto! PageManager.lnk
2008-02-14 18:08 . 2008-02-14 18:08 410 --a------ C:\WINDOWS\umxaddin.ini
2008-02-14 18:07 . 1996-11-06 13:04 302,592 --a------ C:\WINDOWS\unin040c.exe
2008-02-14 18:06 . 2001-08-23 18:47 216,576 --a------ C:\WINDOWS\system32\um34scan.dll
2008-02-14 18:06 . 2001-08-23 18:47 216,576 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll
2008-02-14 18:06 . 2008-02-26 19:20 26 --a------ C:\WINDOWS\Debug.ini

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-11 15:35 --------- d-----w C:\Program Files\eMule
2008-02-16 16:52 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-02-14 16:10 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-02-13 09:45 --------- d-----w C:\Program Files\Java
2008-01-02 12:08 5,843,256 ----a-w C:\Program Files\Firefox Setup 2.0.0.11.exe
2008-01-02 10:56 7,639,560 ----a-w C:\Program Files\Azureus_3.0.3.4_windows.exe
2007-12-07 01:07 663,552 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 15:44 196608]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-22 18:25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2004-06-18 10:31 67584 C:\WINDOWS\SOUNDMAN.EXE]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control \atiptaxx.exe" [2004-11-30 21:10 344064]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\evntsvc.exe" [2005-10-22 15:08 146432]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 17:05 81920]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"vmtalk"="C:\Program Files\Fichiers communs\Talkway\vmtalk.exe" [2003-07-24 17:21 61440]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 16:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 16:14 217088]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 07:51 438359]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 19:38 35328]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-03-14 19:05 257088]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]
"braviax"="C:\WINDOWS\system32\braviax.exe" [ ]

[HKEY_S\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 01:09 15360]

C:\Documents and Settings\Louise et Lili\Menu D‚marrer\Programmes\D‚marrage\
Club Internet.lnk - C:\Program Files\Club-Internet\Lanceur\lanceur.exe [2007-12-26 15:17:06 5484544]
UMAX VistaAccess.lnk - C:\VSTASCAN\vsaccess.exe [2008-02-14 18:10:53 258048]

C:\Documents and Settings\All s\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-21 11:47:40 110592]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2006-10-09 14:24:09 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"D:\\RealOnePlayer\\realplay.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15341:T"= 15341:T:NortonAV
"17995:T"= 17995:T:NortonAV
"16350:T"= 16350:T:NortonAV
"14103:T"= 14103:T:NortonAV
"17261:T"= 17261:T:NortonAV
"14039:T"= 14039:T:NortonAV
"16516:T"= 16516:T:NortonAV
"15442:T"= 15442:T:NortonAV

S3 USB_RNDIS_51;Broadcom USB Remote NDIS Device Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 08:04]

[HKEY_CURRENT_\software\microsoft\windows\currentversion\explorer\mountpoints2\{5b4fca9e-6e6d-11dc-9a03-0013d48c1c0c}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a

.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-01-29 05:34:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 20:44:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-30 20:44:43
ComboFix-quarantined-files.txt 2008-03-30 18:44:28
Pre-Run: 9,635,352,576 octets libres
Post-Run: 9,660,416,000 octets libres
.
2008-03-21 20:26:28 --- E O F ---





Voila aussi le résultat d'un scan de Bitdefender





Fichier journal de BitDefender
Produit : BitDefender Total Security 2008
Version : BitDefender UIScanner V.11
Date du journal : 21:30:34 30/03/2008
Chemin du journal : C:\Documents and Settings\Louise et Lili\Application Data\BitDefender\Desktop\Profiles\Logs\my_documents\1206905434_1_00.xml

Analyse des chemins :Chemin0000: C:\Documents and Settings\Louise et Lili\Mes documents
Chemin0001: C:\Documents and Settings\Louise et Lili\Bureau
Chemin0002: C:\Documents and Settings\Louise et Lili\Menu Démarrer\Programmes\Démarrage


Options d’analyse :Analyse contre les virus : Oui
Détecter les adwares : Oui
Analyse contre les spywares : Oui
Analyse des applications : Oui
Détecter les numéroteurs : Oui
Analyse contre les Rootkits : Non


Options de sélection de cible :Analyse les clés du registre : Oui
Analyse des cookies : Oui
Analyser le secteur de boot : Non
Analyse des processus mémoire : Oui
Analyser les archives : Oui
Analyser les fichiers enpaquetés : Oui
Analyser les emails : Oui
Analyser tous les fichiers : Oui
Analyse heuristique : Oui
Extensions analysées :
Extensions exclues :


Traitement cibleAction par défaut pour les objets infectés : Désinfecter
Action par défaut pour les objets suspects : Aucun
Action par défaut pour les objets camouflés : Aucun


Résumé de l'analyseNombre de signatures de virus : 1055867
Plugins archives : 41
Plug-ins messagerie : 6
Plugins d'analyse : 12
Plugins archives : 41
Plug-ins système : 4
Plug-ins décompression : 7


Résumé de l'analyse généraleEléments analysés : 1186
Eléments infectés : 0
Eléments suspects : 0
Eléments résolus : 0
Virus individuels trouvés : 0
Répertoires analysés : 141
Secteur de boot analysés : 0
Archives analysés : 13
Erreurs I/O : 0
Temps d'analyse : 00:00:01:06
Fichiers par seconde : 12


Résumé des processus analysésAnalysé(s) : 53
Infecté(s) : 0


Résumé des clés de registre analyséesAnalysé(s) : 328
Infecté(s) : 0


Résumé des cookies analysésAnalysé(s) : 0
Infecté(s) : 0


Problèmes non résolus :Nom de l'objet Nom de la menace Etat final


Problèmes résolusNom de l'objet Nom de la menace Etat final


Objets non scannés :Nom de l'objet Raison Etat final

Et voilà le rapport d'antivir...

Par contre je n'ai pas compris l'autre manip pour modifier MSNFix


AntiVir PersonalEdition Classic
Report file date: dimanche 6 avril 2008 13:56

Scanning for 1181591 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
name: SYSTEM
Computer name: LOUISA

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 12:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 11:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 14:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 11:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 11:54:43
ANTIVIR2.VDF : 7.0.3.85 434176 Bytes 27/03/2008 11:54:43
ANTIVIR3.VDF : 7.0.3.122 195072 Bytes 05/04/2008 11:54:43
AVEWIN32.DLL : 7.6.0.81 3424768 Bytes 06/04/2008 11:54:44
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 06:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 06/04/2008 11:54:44
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 06:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 11:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 06:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 11:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 11:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 08:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 6 avril 2008 13:56

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned
Scan process 'mpbtn.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'vsaccess.exe' - '1' Module(s) have been scanned
Scan process 'lanceur.exe' - '1' Module(s) have been scanned
Scan process 'GoogleToolbarNotifier.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'winampa.exe' - '1' Module(s) have been scanned
Scan process 'MotiveSB.exe' - '1' Module(s) have been scanned
Scan process 'LogiTray.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'vmtalk.exe' - '1' Module(s) have been scanned
Scan process 'CFD.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'evntsvc.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
42 processes with 42 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '34' files ).


Starting the file scan:

Begin scan in 'C:\' <Windows>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Louise et Lili\Bureau\SmitfraudFix.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.59
[INFO] The file was moved to '4861bb45.qua'!
C:\MSNFix\21022008_13061148.zip
[0] Archive type: ZIP
--> backup/DSC01497.zip
[1] Archive type: ZIP
--> img091307-www.photoshop.com
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
--> backup/spoolms.exe
[DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen
[INFO] The file was moved to '4828bbef.qua'!
C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '4863bde5.qua'!
C:\Program Files\Panda Security\NanoScan\Engine\psnflg.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '4866bdeb.qua'!
C:\System Volume Information\_restore{02639C84-D592-4A97-B70E-4DD4E5311FB6}\RP555\A0058177.exe
[DETECTION] Contains detection pattern of the Phish-File/Email PHISH/FraudTool.Reanimator.A
[INFO] The file was moved to '4828be0f.qua'!
C:\System Volume Information\_restore{02639C84-D592-4A97-B70E-4DD4E5311FB6}\RP569\A0073611.exe
[DETECTION] Contains detection pattern of the dropper DR/Tool.Reboot.F.59
[INFO] The file was moved to '4828be44.qua'!
C:\System Volume Information\_restore{02639C84-D592-4A97-B70E-4DD4E5311FB6}\RP569\A0073612.dll
[DETECTION] Contains detection pattern of the Windows virus W95/Blumblebee.1738
[INFO] The file was moved to '4828be47.qua'!
C:\System Volume Information\_restore{02639C84-D592-4A97-B70E-4DD4E5311FB6}\RP569\A0073613.dll
[DETECTION] Is the Trojan horse TR/Agent.bux.1
[INFO] The file was moved to '4828be4b.qua'!
C:\_OTMoveIt\MovedFiles\03282008_133926\WINDOWS\system32\braviax.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[INFO] The file was moved to '4859c110.qua'!
Begin scan in 'D:\' <Divers Louise>


End of the scan: dimanche 6 avril 2008 14:31
Used time: 35:11 min

The scan has been done completely.

5830 Scanning directories
279954 Files were scanned
10 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
9 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
279944 Files not concerned
2175 Archives were scanned
1 Warnings
0 Notes