Infecté par trojan+rapports antivirus hijack

stephanie -  
 stephany -
Bonjour,
J'ai un pb depuis quelques temps sur mon ordi, qui fonctionne au ralenti du fait d'un virus, détecté par bitdefender. J'ai fait les choses suivantes:
spybot
ad aware
scanner en ligne avec bitdefender
hijack this
Je joins les deux rapports
Qui peut m'aider? Je suis incapable d'en faire plus seule.
Merci d'avance
Rapport hijack:

Logfile of HijackThis v1.99.1
Scan saved at 11:47:33, on 05/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\htpatch.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Documents and Settings\Sandra\Bureau\Maintenance\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [adiras] adiras.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103135541607
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - https://www.zonealarm.com/
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3C231421-B95A-45CA-87CD-36E3201DA952}: NameServer = 86.64.145.146 84.103.237.146
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Rapport bitdefender:
BitDefender Online Scanner

Rapport d'analyse généré à: Wed, Sep 05, 2007 - 11:45:57

Voie d'analyse: A:\;C:\;D:\;

Statistiques

Temps
01:18:55

Fichiers
111807

Directoires
4659

Secteurs de boot
2

Archives
977

Paquets programmes
5266

Résultats

Virus identifiés
1

Fichiers infectés
27

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
26

Info sur les moteurs

Définition virus
783775

Version des moteurs
AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
7

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\Program Files\318F1976\347A8AA6.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\Program Files\318F1976\347A8AA6.DLL
Echec de la désinfection

C:\Program Files\318F1976\347A8AA6.DLL
Echec de la suppression

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP103\A0034520.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP103\A0034520.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP103\A0034520.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034741.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034741.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034741.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034834.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034834.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034834.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034850.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034850.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0034850.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035140.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035140.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035140.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035152.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035152.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035152.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035319.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035319.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035319.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035368.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035368.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035368.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035483.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035483.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035483.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035530.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035530.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP107\A0035530.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035624.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035624.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035624.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035635.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035635.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035635.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035686.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035686.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035686.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035956.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035956.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035956.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035971.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035971.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0035971.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036009.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036009.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036009.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036050.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036050.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036050.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036098.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036098.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP108\A0036098.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036164.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036164.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036164.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036488.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036488.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036488.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036722.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036722.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036722.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036994.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036994.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0036994.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0037054.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0037054.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP109\A0037054.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP110\A0037192.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP110\A0037192.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP110\A0037192.DLL
Supprimé

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP111\A0037420.DLL
Infecté par: Trojan.Spy.Agent.SF

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP111\A0037420.DLL
Echec de la désinfection

C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP111\A0037420.DLL
Supprimé

C:\WINDOWS\system32\MS3D714B.DLL=>(Embedded EXE o)
Infecté par: Trojan.Spy.Agent.SF

C:\WINDOWS\system32\MS3D714B.DLL=>(Embedded EXE o)
Echec de la désinfection

C:\WINDOWS\system32\MS3D714B.DLL=>(Embedded EXE o)
Supprimé

C:\WINDOWS\system32\MS3D714B.DLL
Echec de la mise à jour
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    AVG antispyxare

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    _________________

    et a squared

    https://www.01net.com/telecharger/

    ________________
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    · Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    · Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    · Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.

    http://kerio.probb.fr/tuto-Clean-h37.html
    _____

    scan avec ton antivirus en mode sans echec (demarre l'ordi en appuayant sur F8)
    ____________

    desactive la restauration syteme pour purger les virus qui seraient dedans puis reactive là (dans DEMARRER puis TOUS LES PROGRAMMES puis ACCESSOIRE puis OUTILS SYSTEME puis RESTAURATION SYSTEME puis parametre)

    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    scan en ligne firefox

    https://www.trendmicro.com/fr_fr/business.html
    0
    1. stephany
       
      J'ai commencé les manips lors du scan en ligne, il détecte les mêmes problèmes, peut être parce que je me suis trompée au moment de la restauration. A quel moment je la désactive? Après ou avant le scan en mode sans échec? et à quel moment je la réactive?une fois le sacn fini en mode sans échec ou après le redémarrage normal?
      Si je n'ai pas fait ce qu'il fallait, je recommence
      Merci
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    que dis avg et a squared?

    fait la desactivation avant le scan en ligne

    _____________

    Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
    http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
    Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
    • Redémarre ton ordinateur
    • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
    • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
    • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
    • Choisis ton compte.
    Déroule la liste des instructions ci-dessous :
    • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
    • Appuie sur Y pour commencer le processus de nettoyage.
    • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
    • Appuie sur une touche pour redémarrer le PC.
    • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
    • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
    • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
    • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
    • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

    _____________

    colle le rapport du scan en ligne

    ---------------

    scan avec ton antivirus en mode sans echec
    0
  3. stephany
     
    Voilà pour le rapport d'AVG:
    ---------------------------------------------------------
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 20:51:21 05/09/2007

    + Résultat de l'analyse:

    [1208] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [1648] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [168] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [1740] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [1756] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [1776] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [184] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [1904] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [1964] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [1984] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [2016] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [2156] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [228] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [248] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [360] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [416] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    [996] C:\Program Files\318F1976\347A8AA6.DLL -> Downloader.Delf.mm : Nettoyé et sauvegardé (mise en quarantaine).
    C:\WINDOWS\Downloaded Program Files\AxInst.exe -> Dropper.CP : Nettoyé et sauvegardé (mise en quarantaine).
    C:\Documents and Settings\Sandra\Cookies\sandra@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@divx.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@adbrite[1].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@ads.adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@adtech[3].txt -> TrackingCookie.Adtech : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@com[1].txt -> TrackingCookie.Com : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@fl01.ct2.comclick[2].txt -> TrackingCookie.Comclick : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@estat[2].txt -> TrackingCookie.Estat : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@fastclick[1].txt -> TrackingCookie.Fastclick : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@ehg-quechoisir.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@ehg-telecomitalia.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@www.paypal[1].txt -> TrackingCookie.Paypal : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@valueclick[2].txt -> TrackingCookie.Valueclick : Nettoyé.
    C:\Documents and Settings\Sandra\Cookies\sandra@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.

    Fin du rapport

    ...et pour Clean:
    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 06/09/2007 a 6:48:34,45

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32
    tentative de suppression de C:\WINDOWS\system32\ftpupd.exe
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.2"
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.3"
    tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.4"

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    Par contre je n'ai pas fait la désactivation avant le scanner en ligne. Je recommence le clean en mode sans échec et le scanner en ligne. Je t'envoie le rapport
    et je continue avec SD fix
    J'espère que j'ai bien compris
    Merci pour ton aide
    0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    fait aussi ca

    utilise msn fix:

    http://sosvirus.changelog.fr/MSNFix.zip

    Décompresse-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
    redemarre en mode sans echec (tapote la touche F8 au demarrage)
    - Exécute l'option R.
    -- Si l'infection est détectée, exécute l'option N.
    --- Sauvegarde ce rapport puis fait un copier/coller de ce rapport sur le forum, ainsi qu'un nouveau scan HijackThis fait en mode normal.

    Note :
    Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal
    Sauvegarder et fermer le rapport pour que Windows termine de se lancer normalement.
    0
  7. stephany
     
    Voilà pour la rapport SDfix:

    SDFix: Version 1.102

    Run by Sandra on 06/09/2007 at 14:10

    Microsoft Windows XP [version 5.1.2600]

    Running From: C:\DOCUME~1\Sandra\Bureau\SDFix

    Safe Mode:
    Checking Services:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting...

    Normal Mode:
    Checking Files:

    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\DUST.EXE - Deleted
    C:\WINDOWS\system32\TFTP1224 - Deleted
    C:\WINDOWS\system32\TFTP1584 - Deleted
    C:\WINDOWS\system32\TFTP2148 - Deleted
    C:\WINDOWS\system32\TFTP2236 - Deleted
    C:\WINDOWS\system32\TFTP2272 - Deleted
    C:\WINDOWS\system32\TFTP2284 - Deleted
    C:\WINDOWS\system32\TFTP2300 - Deleted
    C:\WINDOWS\system32\TFTP2412 - Deleted
    C:\WINDOWS\system32\TFTP2620 - Deleted
    C:\WINDOWS\system32\TFTP3024 - Deleted
    C:\WINDOWS\system32\TFTP3548 - Deleted
    C:\WINDOWS\system32\TFTP3760 - Deleted
    C:\WINDOWS\system32\TFTP3848 - Deleted
    C:\WINDOWS\system32\TFTP3892 - Deleted
    C:\WINDOWS\system32\TFTP3900 - Deleted
    C:\WINDOWS\system32\TFTP3968 - Deleted
    C:\WINDOWS\system32\TFTP400 - Deleted
    C:\WINDOWS\system32\TFTP4004 - Deleted
    C:\WINDOWS\system32\TFTP4092 - Deleted
    C:\WINDOWS\system32\TFTP496 - Deleted
    C:\WINDOWS\system32\TFTP984 - Deleted

    Removing Temp Files...

    ADS Check:

    C:\WINDOWS
    No streams found.

    C:\WINDOWS\system32
    No streams found.

    C:\WINDOWS\system32\svchost.exe
    No streams found.

    C:\WINDOWS\system32\ntoskrnl.exe
    No streams found.

    Final Check:

    Remaining Services:
    ------------------

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"
    "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:MSN Messenger 7.5"

    Remaining Files:
    ---------------

    File Backups: - C:\DOCUME~1\Sandra\Bureau\SDFix\backups\backups.zip

    Files with Hidden Attributes:

    C:\Program Files\318F1976\347A8AA6.DLL
    C:\WINDOWS\system32\MS318F19.DLL
    C:\WINDOWS\system32\MS3D714B.DLL
    C:\Program Files\Fichiers communs\Adobe\ESD\DLMCleanup.exe
    C:\Documents and Settings\Sandra\Application Data\Microsoft\ModŠles\~WRL2610.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0003.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0004.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0005.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0166.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0219.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0442.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL0624.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL1864.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL2640.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL3452.tmp
    C:\Documents and Settings\Sandra\Application Data\Microsoft\Word\~WRL3891.tmp
    C:\Documents and Settings\Sandra\Mes documents\~WRL0002.tmp
    C:\Documents and Settings\Sandra\Mes documents\~WRL1220.tmp
    C:\Documents and Settings\Sandra\Mes documents\~WRL3668.tmp
    C:\Documents and Settings\Sandra\Mes documents\CollŠge\Aufwind 6Š\Kapitel 5\~WRL0003.tmp
    C:\Documents and Settings\Sandra\Mes documents\CollŠge\Aufwind 6Š\Kapitel 5\~WRL0005.tmp
    C:\Documents and Settings\Sandra\Mes documents\CollŠge\Kontakt 3Š LV2\Kapitel 7\~WRL0716.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\D‚couverte du monde\~WRL0004.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\fran‡ais\lecture\RIBAMBELLE\les Indiens\POPOTKA LE PETIT SIOUX\~WRL0004.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\fran‡ais\orthographe et dict‚es\~WRL0003.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\fran‡ais\orthographe et dict‚es\~WRL1021.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\fran‡ais\orthographe et dict‚es\~WRL2655.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\Le tour du monde d'Emile\~WRL0161.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\Le tour du monde d'Emile\~WRL1663.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\Le tour du monde d'Emile\~WRL2678.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\Le tour du monde d'Emile\afrique du sud\~WRL1920.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\CLASSE\CE1\Le tour du monde d'Emile\afrique du sud\~WRL2525.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\organisation ann‚e 2007-2008\~WRL0002.tmp
    C:\Documents and Settings\Sandra\Mes documents\Jean-Ren‚\ECOLE\organisation ann‚e 2007-2008\~WRL0004.tmp
    C:\Documents and Settings\Sandra\Mes documents\Lyc‚e\Alternative Terminale\Unit‚ 1\~WRL0003.tmp
    C:\Documents and Settings\Sandra\Mes documents\Lyc‚e\Textes lyc‚e\Musik\~WRL1266.tmp
    C:\Documents and Settings\Sandra\Mes documents\Lyc‚e\Textes lyc‚e\Musik 2de\~WRL1266.tmp

    Finished

    Est-ce que je continune tout de suite ou j'attends l'analyse du rapport peut-être?
    Merci
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    attend l'analyse puis fais msnfix apres

    ---------------
    combofix (colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    __________
    scan avec ton antivirus en mode sans echec

    ____________
    dis tes pbs et recolle hijackthis
    0
  9. stephany
     
    me revoilà
    petit souci, l'ordi s'est arreté d'un seul coup pendant le scan en ligne avec bitdefender. la seule chose que j'ai remarqué, c'est que sur les 68000 fichiers que j'avais il n'en reste que 49000! j'espère que c'est normal...
    Est-ce que d'après le rapport de SDfix, il y a encore des choses qui ne vont pas?
    Merci
    Je vais retenter le scan en ligne avec bitdefender et j'envoie le rapport
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Trojan Files Found:

    C:\WINDOWS\SYSTEM32\DUST.EXE - Deleted
    C:\WINDOWS\system32\TFTP1224 - Deleted
    C:\WINDOWS\system32\TFTP1584 - Deleted
    C:\WINDOWS\system32\TFTP2148 - Deleted
    C:\WINDOWS\system32\TFTP2236 - Deleted
    C:\WINDOWS\system32\TFTP2272 - Deleted
    C:\WINDOWS\system32\TFTP2284 - Deleted
    C:\WINDOWS\system32\TFTP2300 - Deleted
    C:\WINDOWS\system32\TFTP2412 - Deleted
    C:\WINDOWS\system32\TFTP2620 - Deleted
    C:\WINDOWS\system32\TFTP3024 - Deleted
    C:\WINDOWS\system32\TFTP3548 - Deleted
    C:\WINDOWS\system32\TFTP3760 - Deleted
    C:\WINDOWS\system32\TFTP3848 - Deleted
    C:\WINDOWS\system32\TFTP3892 - Deleted
    C:\WINDOWS\system32\TFTP3900 - Deleted
    C:\WINDOWS\system32\TFTP3968 - Deleted
    C:\WINDOWS\system32\TFTP400 - Deleted
    C:\WINDOWS\system32\TFTP4004 - Deleted
    C:\WINDOWS\system32\TFTP4092 - Deleted
    C:\WINDOWS\system32\TFTP496 - Deleted
    C:\WINDOWS\system32\TFTP984 - Deleted

    sdfix a viré tout ca

    fait le reste

    a plus
    0
  11. stephany
     
    Merci de toujours être de la partie.
    je suis un peu en retard sur les manips.
    je viens de lancer MSN fix dont voici le rapport:
    MSNFix 1.493

    C:\Documents and Settings\Sandra\Mes documents\MSNFix
    Fix exécuté le 08/09/2007 - 13:16:55,56 By Sandra
    mode sans échec

    ************************ Recherche les fichiers présents

    ... C:\log.txt
    ... C:\WINDOWS\SiSport.sys

    ************************ Recherche les dossiers présents

    ... C:\Temp\

    ************************ Suppression des fichiers

    .. OK ... C:\log.txt
    .. OK ... C:\WINDOWS\SiSport.sys

    ************************ Suppression des dossiers

    .. OK ... C:\Temp\

    ************************ Nettoyage du registre

    ************************ Fichiers suspects

    Aucun Fichier trouvé

    Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 08092007_13173093.zip

    ------------------------------------------------------------------------
    Auteur : !aur3n7 Contact: https://www.ionos.fr/
    ------------------------------------------------------------------------

    --------------------------------------------- END ---------------------------------------------

    et voici le rapport de hijack qui a suivi:
    Logfile of HijackThis v1.99.1
    Scan saved at 13:23:10, on 08/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Sandra\Bureau\Maintenance\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103135541607
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - https://www.zonealarm.com/
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Est-ce que tout est OK ou est-ce que je continue avec combo ?
    A bientot
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge MsnCleaner.zip de ElPiedra et décompresse le sur ton bureau. (Clic droit sur le fichier .zip puis Extraire tout).
    Copier l’adresse suivante dans ton lien :
    https://forospyware.com
    · Redémarre le PC en Mode sans échec et connecte toi sous ton nom d'utilisateur habituel.Pour démarrer en mode sans échec.
    · Double-clique sur MsnCleaner.exe pour le lancer.
    · Sous Language, clique sur la petite flèche et choisis French.
    · Clique sur le bouton Analyse.
    · A la fin du scan un rapport va être créé.
    · Si l'outil trouve une infection, clique sur le bouton Supprimer.
    · Redémarre en mode normal.
    · Poste le rapport C:\MsnCleaner.txt dans ta prochaine réponse..

    __________

    combofix (colle le rapport)

    http://mickael.barroux.free.fr/securite/combofix.php

    __________
    scan avec ton antivirus en mode sans echec

    ____________
    dis tes pbs , refait un scan en ligne

    et recolle hijackthis
    ____________
    0
  13. stephany
     
    Voilà où j'en suis:
    J'ai fait un scan en ligne. Il y avait toujours des pbs:
    BitDefender Online Scanner

    Rapport d'analyse généré à: Sat, Sep 08, 2007 - 18:13:00

    Voie d'analyse: A:\;C:\;D:\;

    Statistiques

    Temps
    01:33:28

    Fichiers
    100826

    Directoires
    4626

    Secteurs de boot
    2

    Archives
    952

    Paquets programmes
    5139

    Résultats

    Virus identifiés
    1

    Fichiers infectés
    8

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    7

    Info sur les moteurs

    Définition virus
    799287

    Version des moteurs
    AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\Program Files\318F1976\347A8AA6.DLL
    Infecté par: Trojan.Spy.Agent.SF

    C:\Program Files\318F1976\347A8AA6.DLL
    Echec de la désinfection

    C:\Program Files\318F1976\347A8AA6.DLL
    Echec de la suppression

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000008.DLL
    Infecté par: Trojan.Spy.Agent.SF

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000008.DLL
    Echec de la désinfection

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000008.DLL
    Supprimé

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000056.DLL
    Infecté par: Trojan.Spy.Agent.SF

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000056.DLL
    Echec de la désinfection

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000056.DLL
    Supprimé

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000075.DLL
    Infecté par: Trojan.Spy.Agent.SF

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000075.DLL
    Echec de la désinfection

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP2\A0000075.DLL
    Supprimé

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP3\A0000089.DLL
    Infecté par: Trojan.Spy.Agent.SF

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP3\A0000089.DLL
    Echec de la désinfection

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP3\A0000089.DLL
    Supprimé

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000183.DLL
    Infecté par: Trojan.Spy.Agent.SF

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000183.DLL
    Echec de la désinfection

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000183.DLL
    Supprimé

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000189.DLL
    Infecté par: Trojan.Spy.Agent.SF

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000189.DLL
    Echec de la désinfection

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000189.DLL
    Supprimé

    C:\WINDOWS\system32\MS3D714B.DLL=>(Embedded EXE o)
    Infecté par: Trojan.Spy.Agent.SF

    C:\WINDOWS\system32\MS3D714B.DLL=>(Embedded EXE o)
    Echec de la désinfection

    C:\WINDOWS\system32\MS3D714B.DLL=>(Embedded EXE o)
    Supprimé

    C:\WINDOWS\system32\MS3D714B.DLL
    Echec de la mise à jour

    MSNcleaner donne la chose suivante: je ne retrouve pas le rapport mais cela tenait en une ligne, quelque chose comme:
    aucun fichier trouvé

    rapport combo ci-dessous:

    ComboFix 07-09-08.8 - "Sandra" 2007-09-08 18:42:13.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.193 [GMT 2:00]
    * Created a new restore point
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Program Files\318F1976
    C:\Program Files\318F1976\347A8AA6.DLL
    C:\WINDOWS\system32\1201
    C:\WINDOWS\system32\H18F1976.log
    C:\WINDOWS\system32\HD714BD9.log
    C:\WINDOWS\system32\MS318F19.CPL
    C:\WINDOWS\system32\MS3D714B.CPL
    C:\WINDOWS\system32\MS3D714B.DLL
    C:\WINDOWS\system32\nvs2.inf

    ((((((((((((((((((((((((((((( Fichiers créés 2007-08-08 to 2007-09-08 ))))))))))))))))))))))))))))))))))))
    .

    2007-09-08 18:40 51,200 --a------ C:\WINDOWS\NirCmd.exe
    2007-09-08 18:34 <REP> d-------- C:\BackUpMSNCleaner
    2007-09-06 14:08 <REP> d-------- C:\WINDOWS\ERUNT
    2007-09-05 20:58 <REP> d-------- C:\Program Files\a-squared Free
    2007-08-18 09:06 <REP> d-------- C:\Program Files\Lavasoft
    2007-08-18 09:06 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
    2007-08-18 09:04 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-09-08 10:54 --------- d-------- C:\Program Files\Dictionnaire
    2007-09-08 10:38 --------- d-------- C:\DOCUME~1\Sandra\APPLIC~1\Canon
    2007-08-18 08:57 --------- d-------- C:\DOCUME~1\Sandra\APPLIC~1\Lavasoft
    2007-08-18 08:42 --------- d--h----- C:\Program Files\InstallShield Installation Information
    2007-08-17 20:54 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    2007-08-15 15:15 --------- d--h----- C:\Program Files\3D714BD9
    2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
    2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
    2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
    2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
    2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
    2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
    2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
    2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
    2007-06-26 08:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
    2007-06-19 15:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
    2007-06-13 15:22 1037312 --a------ C:\WINDOWS\explorer.exe
    2007-04-08 09:33 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe
    2005-06-19 05:35 1256444 --a------ C:\Program Files\wrar342fr.exe
    2004-12-23 07:22 7753 --a------ C:\Program Files\hijackthis.log
    2003-10-23 18:52 40960 --a------ C:\Program Files\Uninstall_CDS.exe
    2002-07-26 16:22 2238 --a------ C:\Program Files\CRDEVIMP.CUR
    2002-07-26 16:17 2238 --a------ C:\Program Files\CRSOUSMA.CUR
    2002-02-20 09:04 766 --a------ C:\Program Files\CRSYGMA.CUR
    2002-02-20 08:47 2238 --a------ C:\Program Files\CRGOMME.CUR
    2001-11-23 06:08 712704 --a------ C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
    2001-09-01 00:26 766 --a------ C:\Program Files\crpubli.ico
    1995-09-20 15:16 456976 --a------ C:\Program Files\Fichiers communs\dao3032.dll
    2005-08-05 05:23:07 8,192 --sha-w C:\WINDOWS\o2cLicStore.bin
    .

    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HTpatch"="C:\WINDOWS\htpatch.exe" [2002-10-30 11:40]
    "vptray"="C:\Program Files\NavNT\vptray.exe" [2001-09-26 19:06]
    "SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 12:15]
    "OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 13:00]
    "nwiz"="nwiz.exe" [2003-11-17 04:33 C:\WINDOWS\system32\nwiz.exe]
    "NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-11-17 04:33]
    "InCD"="C:\Program Files\Ahead\InCD\InCD.exe" [2003-09-05 17:55]
    "Cmaudio"="cmicnfg.cpl" []
    "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-02-05 07:47]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2004-12-20 20:41]
    "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 14:20]
    "ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 01:02]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-01-24 21:24]
    "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-01-27 08:55]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
    "Start Uppings"=mssupdate.exe
    "HLL Data Parameter"=hllcxpa.exe

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "lssas Monitoring Startup"=lssas.exe
    "Start Uppings"=mssupdate.exe
    "HLL Data Parameter"=hllcxpa.exe
    "NvMediaCenter"=RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
    "Sygate Personals Firewalls"=ccsrn.exe
    "Tsa2"=C:\PROGRA~1\COMMON~1\tsa\tsm2.exe
    "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background

    C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1\DMARRA~1\
    DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2005-05-21 08:40:23]
    Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 05:44:06]
    Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 22:05:56]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "DisableRegistryTools"=0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mAD80+¿ÔÇè]Iú" ‹üžiC:]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mAD80+¿ÔÇè]Iú" ‹üžiC:\Program Files]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mAD80+¿ÔÇè]Iú" ‹üžiC:\Program Files\ISTsvc]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mAD80+¿ÔÇè]Iú" ‹üžiC:\Program Files\ISTsvc\istsvc.exe]
    C:\WINDOWS\bpjyh.exe

    R3 ovt519;VGA USB Camera;C:\WINDOWS\system32\Drivers\ov519vid.sys
    R3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

    .
    **************************************************************************

    catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-09-08 18:47:15
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-09-08 18:49:03 - machine was rebooted
    C:\ComboFix-quarantined-files.txt ... 2007-09-08 18:49
    .
    --- E O F ---

    j'enchaine avec le scan en mode sans echec
    a+

    Rapport MSNcleaner
    0
  14. stephany
     
    J'ai fini les manips. C'est curieux; lorsque je fais l'analyse bitdefender, le nombre de fichiers verifiés est supérieur au nombre de fichiers détectés. je n'avais jamais remarqué cela avant le pb. Mon anti virus en mode sans echec ne detecte rien.
    J'envoie les rapports demandes:
    bitdefender
    <HTML>
    <HEAD>
    <TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    </HEAD>
    <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

    <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
    <tr>
    <td width="458">
    <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>
    <tr>
    <td colspan="3" width="912">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sat, Sep 08, 2007 - 21:49:27</b></span></font></p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;</span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Statistiques</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Temps</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">00:46:42</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">99967</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Directoires</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4600</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Secteurs de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">2</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">942</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4962</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Résultats</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Virus identifiés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers infectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">7</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers suspects</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Désinfectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers effacés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">7</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Définition virus</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">800186</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Version des moteurs</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">14</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archive des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">38</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Unpack des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">7</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">E-mail plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Système plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Première action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Désinfecté</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Seconde Action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Heuristique</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Acceptez les avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Extensions analysées</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">*;</font></p>
    </td>
    </tr>

    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Excludez les extensions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2"> </font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse d'emails</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyser paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td colspan=2>  
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="252" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
    </td>
    <td width="195" bgcolor="#CCCCCC" align="right">
    <p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Spy.Agent.SF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\catchme2007-09-08_184707.17.zip=>347A8AA6.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Spy.Agent.SF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\catchme2007-09-08_184707.17.zip=>347A8AA6.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\catchme2007-09-08_184707.17.zip=>347A8AA6.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\qoobox\Quarantine\catchme2007-09-08_184707.17.zip</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Mis à jour</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000302.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Spy.Agent.SF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000302.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000302.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000307.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Spy.Agent.SF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000307.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP4\A0000307.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Spy.Agent.SF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000343.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Spy.Agent.SF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000343.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000343.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\MS318F19.DLL=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Spy.Agent.SF</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\MS318F19.DLL=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\MS318F19.DLL=>(Embedded EXE o)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\MS318F19.DLL</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la mise à jour</font></p>
    </td>
    </tr>
    </table>
    </td>

    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    </table>
    <p> </p>

    </body>
    </html>

    et le rapport Hijack:
    Logfile of HijackThis v1.99.1
    Scan saved at 22:11:57, on 08/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\Documents and Settings\Sandra\Bureau\Maintenance\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: e-Carte Bleue Browser Helper Object - {2E03C0FD-4C48-43A7-9A54-00240C70FF16} - C:\WINDOWS\system32\BhoECart.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103135541607
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - https://www.zonealarm.com/
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C231421-B95A-45CA-87CD-36E3201DA952}: NameServer = 86.64.145.144 84.103.237.144
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Je ne suis pas sure que la conversion du rapport bitdefender en fichier text soit tres facile à lire. Dois-je recommencer? Et que faire ensuite?
    Merci pour l'aide
    A bientot
    0
  15. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    quel virus trouvés par bitdefender?
    quels virus n'ont pas été effacés?

    ___________

    telecharge e scan decompresse le (unzip) et scan avec

    http://www.spywareinfo.dk/download/mwav.exe

    _________

    recolle hijackthis et dis tes pbs
    0
  16. stephany
     
    desolée pour l précédent message avec le rapport qui ne donnait pas grand chose.
    Voici plus succint de ce matin avant le spywareinfo:
    BitDefender Online Scanner - Rapport virus en temps réel

    Généré à: Sun, Sep 09, 2007 - 11:11:33

    --------------------------------------------------------------------------------

    Info d'analyse

    Fichiers scannés
    105053

    Infectés Fichiers
    3

    Virus Détectés

    Trojan.Spy.Agent.SF
    3

    --------------------------------------------------------------------------------

    Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
    Je fais la manip suivante
    A+
    0
  17. stephany
     
    Et voici les 2 derniers rapports demandés:
    mwav:
    Sun Sep 09 13:00:48 2007 => **********************************************************
    Sun Sep 09 13:00:48 2007 => eScan AntiVirus Toolkit Utility.
    Sun Sep 09 13:00:48 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
    Sun Sep 09 13:00:48 2007 => **********************************************************
    Sun Sep 09 13:00:48 2007 => Version 4.4.7
    Sun Sep 09 13:00:48 2007 => Log File: C:\KASPER~1\mwav.log
    Sun Sep 09 13:00:50 2007 => Latest Date of files inside MWAV: 04 Sep 2007 00:11:30.
    Sun Sep 09 13:00:53 2007 => AV Library Loaded...
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\kavss.exe
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\Getvlist.exe
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\kavss.dll
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\kavssdi.dll
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\kavssi.dll
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\kavvlg.dll
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\msvlclnt.dll
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\ipc.dll
    Sun Sep 09 13:00:53 2007 => Scanning File C:\KASPER~1\main.avi
    Sun Sep 09 13:00:54 2007 => Scanning File C:\KASPER~1\virus.avi
    Sun Sep 09 13:00:54 2007 => Virus Database Date: 2007/09/04
    Sun Sep 09 13:00:54 2007 => Virus Database Count: 403200

    Sun Sep 09 13:02:00 2007 => **********************************************************
    Sun Sep 09 13:02:00 2007 => eScan AntiVirus Toolkit Utility.
    Sun Sep 09 13:02:00 2007 => Copyright © 2003-2004, MicroWorld Technologies Inc.
    Sun Sep 09 13:02:00 2007 =>
    Sun Sep 09 13:02:00 2007 => Support: support@mwti.net
    Sun Sep 09 13:02:00 2007 => Web: https://www.escanav.com/en/index.asp
    Sun Sep 09 13:02:00 2007 => **********************************************************
    Sun Sep 09 13:02:00 2007 => Version 4.4.7
    Sun Sep 09 13:02:00 2007 => Log File: C:\KASPER~1\mwav.log
    Sun Sep 09 13:02:00 2007 => Latest Date of files inside MWAV: 04 Sep 2007 00:11:30.

    Sun Sep 09 13:02:00 2007 => Options Selected by User:
    Sun Sep 09 13:02:00 2007 => Memory Check: Enabled
    Sun Sep 09 13:02:00 2007 => Registry Check: Enabled
    Sun Sep 09 13:02:00 2007 => StartUp Folder Check: Enabled
    Sun Sep 09 13:02:00 2007 => System Folder Check: Enabled
    Sun Sep 09 13:02:00 2007 => System Area Check: Disabled
    Sun Sep 09 13:02:00 2007 => Services Check: Enabled
    Sun Sep 09 13:02:00 2007 => Drive Check Option Disabled
    Sun Sep 09 13:02:00 2007 => Scanning Type: Scan And Clean
    Sun Sep 09 13:02:00 2007 => Folder Check: Disabled

    Sun Sep 09 13:02:01 2007 => ***** Scanning Memory Files *****
    Sun Sep 09 13:02:01 2007 => Scanning File C:\WINDOWS\system32\services.exe
    Sun Sep 09 13:02:01 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Sep 09 13:02:01 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:01 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:01 2007 => Scanning File C:\WINDOWS\Explorer.EXE
    Sun Sep 09 13:02:01 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
    Sun Sep 09 13:02:01 2007 => Scanning File C:\PROGRA~1\A-SQUA~1\A2SERV~1.EXE
    Sun Sep 09 13:02:01 2007 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~1\AAWSER~1.EXE
    Sun Sep 09 13:02:02 2007 => Scanning File C:\PROGRA~1\NavNT\defwatch.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\PROGRA~1\Ahead\InCD\InCDsrv.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\PROGRA~1\NavNT\rtvscan.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\WINDOWS\htpatch.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\PROGRA~1\NavNT\vptray.exe
    Sun Sep 09 13:02:02 2007 => Scanning File C:\PROGRA~1\ScanSoft\OMNIPA~1.0\OPWARE~1.EXE
    Sun Sep 09 13:02:03 2007 => Scanning File C:\PROGRA~1\Ahead\InCD\InCD.exe
    Sun Sep 09 13:02:03 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Real\UPDATE~1\REALSC~1.EXE
    Sun Sep 09 13:02:03 2007 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
    Sun Sep 09 13:02:03 2007 => Scanning File C:\PROGRA~1\Winamp\winampa.exe
    Sun Sep 09 13:02:03 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
    Sun Sep 09 13:02:03 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe
    Sun Sep 09 13:02:03 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    Sun Sep 09 13:02:04 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
    Sun Sep 09 13:02:04 2007 => Scanning File C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe
    Sun Sep 09 13:02:04 2007 => Scanning File C:\PROGRA~1\SAGEM\SAGEMF~1\dslmon.exe
    Sun Sep 09 13:02:04 2007 => Scanning File C:\WINDOWS\system32\wscntfy.exe
    Sun Sep 09 13:02:04 2007 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
    Sun Sep 09 13:02:04 2007 => Scanning File C:\WINDOWS\system32\MsgSys.EXE
    Sun Sep 09 13:02:04 2007 => Scanning File C:\Kaspersky\mwavscan.com
    Sun Sep 09 13:02:05 2007 => Scanning File C:\Kaspersky\kavss.exe

    Sun Sep 09 13:02:05 2007 => ***** Scanning Registry Files *****

    Sun Sep 09 13:02:05 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
    Sun Sep 09 13:02:05 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
    Sun Sep 09 13:02:05 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
    Sun Sep 09 13:02:05 2007 => *** File C:\WINDOWS\system32\SHELL32.dll having Size Restriction ***
    Sun Sep 09 13:02:05 2007 => Scanning File C:\WINDOWS\system32\SHELL32.dll [**]
    Sun Sep 09 13:02:05 2007 => Scanning File C:\WINDOWS\System32\webcheck.dll
    Sun Sep 09 13:02:05 2007 => Scanning File C:\WINDOWS\System32\stobject.dll

    Sun Sep 09 13:02:05 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
    Sun Sep 09 13:02:05 2007 => {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    Sun Sep 09 13:02:05 2007 => Scanning File C:\PROGRA~1\Adobe\ACROBA~2.0\ActiveX\ACROIE~1.DLL
    Sun Sep 09 13:02:05 2007 => {2E03C0FD-4C48-43A7-9A54-00240C70FF16} = C:\WINDOWS\system32\BhoECart.dll
    Sun Sep 09 13:02:05 2007 => ERROR!!! Invalid Entry = C:\WINDOWS\system32\BhoECart.dll. Removing it.
    Sun Sep 09 13:02:05 2007 => {53707962-6F74-2D53-2644-206D7942484F} = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    Sun Sep 09 13:02:05 2007 => Scanning File C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    Sun Sep 09 13:02:05 2007 => {AA58ED58-01DD-4d91-8333-CF10577473F7} = c:\program files\google\googletoolbar4.dll
    Sun Sep 09 13:02:05 2007 => Scanning File c:\PROGRA~1\google\GOOGLE~4.DLL

    Sun Sep 09 13:02:05 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Sun Sep 09 13:02:05 2007 => Scanning File C:\WINDOWS\Explorer.exe
    Sun Sep 09 13:02:05 2007 => Scanning File C:\WINDOWS\system32\userinit.exe

    Sun Sep 09 13:02:05 2007 => Scanning HKCU\Control Panel\Desktop

    Sun Sep 09 13:02:05 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sun Sep 09 13:02:05 2007 => Scanning File C:\WINDOWS\htpatch.exe
    Sun Sep 09 13:02:05 2007 => Scanning File C:\PROGRA~1\NavNT\vptray.exe
    Sun Sep 09 13:02:06 2007 => Scanning File C:\WINDOWS\SiSUSBrg.exe
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\ScanSoft\OMNIPA~1.0\OPWARE~1.EXE
    Sun Sep 09 13:02:06 2007 => Scanning File C:\WINDOWS\system32\nwiz.exe
    Sun Sep 09 13:02:06 2007 => Scanning File C:\WINDOWS\system32\RUNDLL32.EXE
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\Ahead\InCD\InCD.exe
    Sun Sep 09 13:02:06 2007 => Scanning File C:\WINDOWS\system32\RunDll32.exe
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\FICHIE~1\Real\UPDATE~1\REALSC~1.EXE
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\Winamp\winampa.exe
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\iTunes\ITUNES~1.EXE
    Sun Sep 09 13:02:06 2007 => *** File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe having Size Restriction ***
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\avgas.exe [**]
    Sun Sep 09 13:02:06 2007 => Scanning File C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe

    Sun Sep 09 13:02:06 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    Sun Sep 09 13:02:06 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

    Sun Sep 09 13:02:06 2007 => Scanning HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

    Sun Sep 09 13:02:07 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    Sun Sep 09 13:02:07 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
    Sun Sep 09 13:02:07 2007 => *** File C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe having Size Restriction ***
    Sun Sep 09 13:02:07 2007 => Scanning File C:\PROGRA~1\MSNMES~1\MsnMsgr.Exe [**]
    Sun Sep 09 13:02:07 2007 => Scanning File C:\PROGRA~1\Google\GOOGLE~2\121128~1.546\GOOGLE~1.EXE

    Sun Sep 09 13:02:07 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

    Sun Sep 09 13:02:07 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

    Sun Sep 09 13:02:07 2007 => Scanning HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\txtfile\shell\open\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\comfile\shell\open\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\exefile\shell\open\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\dllfile\shell\open\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\batfile\shell\open\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\piffile\shell\open\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\scrfile\shell\open\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\scrfile\shell\config\command

    Sun Sep 09 13:02:07 2007 => Scanning HKCR\regfile\shell\open\command

    Sun Sep 09 13:02:07 2007 => ***** Scanning StartUp Folders *****

    Sun Sep 09 13:02:07 2007 => ***** Scanning C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Démarrage Folder *****
    Sun Sep 09 13:02:07 2007 => Scanning Folder: C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Démarrage\*.*
    Sun Sep 09 13:02:07 2007 => Scanning File C:\Documents and Settings\Sandra\Menu Démarrer\Programmes\Démarrage\desktop.ini

    Sun Sep 09 13:02:07 2007 => ***** Scanning C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Folder *****
    Sun Sep 09 13:02:07 2007 => Scanning Folder: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\*.*
    Sun Sep 09 13:02:07 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
    Sun Sep 09 13:02:07 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\DSLMON.lnk
    Sun Sep 09 13:02:07 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk
    Sun Sep 09 13:02:07 2007 => Scanning File C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk

    Sun Sep 09 13:02:07 2007 => ***** Scanning Service Files *****
    Sun Sep 09 13:02:07 2007 => Scanning HKLM\SYSTEM\CurrentControlSet\Services
    Sun Sep 09 13:02:07 2007 => Scanning File C:\PROGRA~1\A-SQUA~1\A2SERV~1.EXE
    Sun Sep 09 13:02:08 2007 => Scanning File C:\PROGRA~1\Lavasoft\AD-AWA~1\AAWSER~1.EXE
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ACPI.sys
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\system32\Drivers\adildr.sys
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\system32\drivers\aec.sys
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\System32\drivers\afd.sys
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\System32\alg.exe
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\amdk7.sys
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:08 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atapi.sys
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\audstub.sys
    Sun Sep 09 13:02:09 2007 => Scanning File C:\PROGRA~1\GRISOFT\AVGANT~1.5\GUARD.SYS
    Sun Sep 09 13:02:09 2007 => Scanning File C:\PROGRA~1\Grisoft\AVGANT~1.5\guard.exe
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\AvgAsCln.sys
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:09 2007 => ERROR!!! Invalid Entry \??\C:\DOCUME~1\Sandra\LOCALS~1\Temp\catchme.sys in SYSTEM\CurrentControlSet\Services\catchme...
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\cdrom.sys
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
    Sun Sep 09 13:02:09 2007 => Scanning File C:\WINDOWS\system32\drivers\cmuda.sys
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\PROGRA~1\NavNT\defwatch.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\disk.sys
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\System32\dmadmin.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\drivers\dmboot.sys
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\dmio.sys
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\drivers\DMusic.sys
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\drivers\drmkaud.sys
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\system32\services.exe
    Sun Sep 09 13:02:10 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\fdc.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\drivers\fltmgr.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\gameenum.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\msgpc.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\PROGRA~1\Google\Common\GOOGLE~1\GOOGLE~1.EXE
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\Drivers\HTTP.sys
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:11 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\System32\imapi.exe
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\InCDPass.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\PROGRA~1\Ahead\InCD\InCDsrv.exe
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\drivers\ip6fw.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipinip.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipnat.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\PROGRA~1\iPod\bin\IPODSE~1.EXE
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ipsec.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\irenum.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\isapnp.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\system32\drivers\kmixer.sys
    Sun Sep 09 13:02:12 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\System32\mnmsrvc.exe
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mouclass.sys
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\System32\msdtc.exe
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\System32\msiexec.exe
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\drivers\MSKSSRV.sys
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\drivers\MSPQM.sys
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    Sun Sep 09 13:02:13 2007 => Scanning File C:\WINDOWS\system32\drivers\MSTEE.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\drivers\msmpu401.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\PROGRA~1\NAVNT\NAVAP.SYS
    Sun Sep 09 13:02:14 2007 => Scanning File C:\PROGRA~1\NAVNT\NAVAPEL.SYS
    Sun Sep 09 13:02:14 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070829.009\NAVENG.SYS
    Sun Sep 09 13:02:14 2007 => Scanning File C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070829.009\NAVEX15.SYS
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbios.sys
    Sun Sep 09 13:02:14 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\netbt.sys
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\netdde.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\PROGRA~1\NavNT\rtvscan.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\System32\nvsvc32.exe
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\Drivers\ov519vid.sys
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\parport.sys
    Sun Sep 09 13:02:15 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pci.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\pciide.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\drivers\pfc.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\services.exe
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\System32\lsass.exe
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspptp.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\processr.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\psched.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\ptilink.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\PxHelp20.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasacd.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\raspti.sys
    Sun Sep 09 13:02:16 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdbss.sys
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\sessmgr.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\redbook.sys
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\System32\locator.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\System32\rsvp.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\lsass.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\System32\SCardSvr.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\drivers\scsiport.sys
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\secdrv.sys
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:17 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serenum.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\serial.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sisnic.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\SLIP.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\drivers\splitter.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\spoolsv.exe
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\sr.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\srescan.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\srv.sys
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:18 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\swenum.sys
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\drivers\swmidi.sys
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\System32\dllhost.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\PROGRA~1\SYMANTEC\SYMEVENT.SYS
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\drivers\sysaudio.sys
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\smlogsvc.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\tcpip.sys
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\termdd.sys
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\System32\tlntsvr.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\System32\wdfmgr.exe
    Sun Sep 09 13:02:19 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\update.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\System32\ups.exe
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\drivers\usbaudio.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbhub.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbohci.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbprint.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\usbscan.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\System32\drivers\vga.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\vsdatant.sys
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\System32\vssvc.exe
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:20 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\wanarp.sys
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\system32\drivers\wdmaud.sys
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\wbem\wmiapsrv.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\drivers\ws2ifsl.sys
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\system32\svchost.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe
    Sun Sep 09 13:02:21 2007 => Scanning File C:\WINDOWS\System32\svchost.exe

    Sun Sep 09 13:02:21 2007 => ***** Scanning System32 Folders *****
    Sun Sep 09 13:02:21 2007 => Scanning C:\WINDOWS Directory
    Sun Sep 09 13:02:21 2007 => Scanning Folder: C:\WINDOWS\*.*
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\0.log [**]
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\001221_.tmp
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\002810_.tmp
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\318F1976.log
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\ABC3D.SN
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\adidsl.ini
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\adiras.ini
    Sun Sep 09 13:02:22 2007 => Scanning File C:\WINDOWS\Alternative Uninstaller.exe
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\amcap.exe
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\Ascd_tmp.ini
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\aucfg.ini
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\AuHCcup1.dll
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\AuHCcup1.ini
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\autoclk.exe
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\bdoscandel.exe
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\bdoscandellang.ini
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\bootstat.dat
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\BPMNT.dll
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\Bulles de savon.bmp
    Sun Sep 09 13:02:23 2007 => Scanning File C:\WINDOWS\catchme.exe
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\cdplayer.ini
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\CleanDev.exe
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\clock.avi
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\CMB.inf
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\CMCDPLAY.INI
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\CMIRmDriver.dll
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\CmiRmRedundDir.exe
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\CMISETUP.INI
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\CMIUninstall.exe
    Sun Sep 09 13:02:24 2007 => Scanning File C:\WINDOWS\comsetup.log
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\Contact.INI
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\control.ini [**]
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\CSTBox.INI
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\desktop.ini
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\explorer.exe
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\explorer.scf
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\Fast800.ini
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\FaxSetup.log
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\FeAnim.ini
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\FeMakro.ini
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\GetServer.ini
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\Granit vert.bmp
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\hcextoutput.dll
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\hh.exe
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\htpatch.exe
    Sun Sep 09 13:02:25 2007 => Scanning File C:\WINDOWS\iis6.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\imsins.BAK
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\imsins.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\IsUn040c.exe
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\Jour de pêche.bmp
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB921503.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB933360.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB936021.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB936782.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB937143.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB938127.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB938828.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\KB938829.log
    Sun Sep 09 13:02:26 2007 => Scanning File C:\WINDOWS\loadhttp.dll
    Sun Sep 09 13:02:26 2007 => *** File C:\WINDOWS\LPT$VPN.395 having Size Restriction ***
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\LPT$VPN.395 [**]
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\MAXLINK.INI
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\MedCtrOC.log
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\msdfmap.ini
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\msgsocm.log
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\msmqinst.log
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\msnfix.txt
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\Mur de Santa Fe.bmp
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\netfxocm.log
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\NirCmd.exe
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\notepad.exe
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\ntbtlog.txt
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\ntdtcsetup.log
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\NuNinst.cfg
    Sun Sep 09 13:02:27 2007 => Scanning File C:\WINDOWS\NuNinst.exe
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\o2cLicStore.bin
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\ocgen.log
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\ocmsn.log
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\ODBC.INI
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\ODBCINST.INI
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\OV519.txt
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\ov519cap.exe
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\ov519dib.dll
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\PATCH.EXE
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\patchw32.dll
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\pavsig.txt
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\pcdlib32.dll
    Sun Sep 09 13:02:28 2007 => Scanning File C:\WINDOWS\Plume.bmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\POCE98.DLL
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\POCELANG.DLL
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\PS_setup.ini
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\regedit.exe
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\REGLOCS.OLD
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\Rhododendron.bmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\Rivière Sumida.bmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\Rosace bleue 16.bmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\runtsckl.exe
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\SchedLgU.Txt
    Sun Sep 09 13:02:29 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\SchedLgU.Txt
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\sel3110.exe
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\SET3.tmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\SET38.tmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\SET3A.tmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\SET44.tmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\SET46.tmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\SET7.tmp
    Sun Sep 09 13:02:29 2007 => Scanning File C:\WINDOWS\setupact.log
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\setupapi.log
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\setupapi.log.0.old
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\setupapi.old
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\setuperr.log [**]
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\SiSUSBrg.exe
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\SIS_LIB.DLL
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\slrundll.exe
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\spupdsvc.log
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\Sti_Trace.log [**]
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\system.ini
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\tabletoc.log
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\taskman.exe
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\Tasse à café.bmp
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\TMUPDATE.DLL
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\tmupdate.ini
    Sun Sep 09 13:02:30 2007 => Scanning File C:\WINDOWS\tsc.exe
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\TSC.INI
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\tsc.ptn
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\tsoc.log
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\twain.dll
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\twain_32.dll
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\TwnkCamP.TXT
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\twunk_16.exe
    Sun Sep 09 13:02:31 2007 => Scanning File C:\WINDOWS\twunk_32.exe
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\UNMRW.cfg
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\UNMRW.exe
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\UNNeroVision.cfg
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\UNNeroVision.exe
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\UNNMP.cfg
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\UNNMP.exe
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\unvise32.exe
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\UNZIP.DLL
    Sun Sep 09 13:02:32 2007 => Scanning File C:\WINDOWS\updspapi.log
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\UPGRADE.TXT
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\vb.ini
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\vbaddin.ini
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\Vent de prairie.bmp
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\vidcap32.exe
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\videoimp.ini
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\VI_setup.ini
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\vmmreg32.dll
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\vpc32.INI [**]
    Sun Sep 09 13:02:33 2007 => *** File C:\WINDOWS\VPTNFILE.395 having Size Restriction ***
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\VPTNFILE.395 [**]
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\vsapi32.dll
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\wiadebug.log
    Sun Sep 09 13:02:33 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\wiadebug.log
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\wiaservc.log
    Sun Sep 09 13:02:33 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\wiaservc.log
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\win.ini
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\winamp.ini
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\WindowsShell.Manifest
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\WindowsUpdate.log
    Sun Sep 09 13:02:33 2007 => ERROR!!! ScanFile fails for C:\WINDOWS\WindowsUpdate.log
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\winhelp.exe
    Sun Sep 09 13:02:33 2007 => Scanning File C:\WINDOWS\winhlp32.exe
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\winiini.fin
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\Wininit.ini [**]
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\winio.dll
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\winio.sys
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\winnt.bmp
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\winnt256.bmp
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\wmprfFRA.prx
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\wmsetup.log
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\WMSysPr9.prx
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\WMSysPrx.prx
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\Zapotec.bmp
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\zllsputility.exe
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\zllsputility_loc040c.dll
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\_default.pif
    Sun Sep 09 13:02:34 2007 => Scanning C:\WINDOWS\system32 Directory
    Sun Sep 09 13:02:34 2007 => Scanning Folder: C:\WINDOWS\system32\*.*
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\system32\$winnt$.inf
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\system32\12520437.cpx
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\system32\12520850.cpx
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\system32\6to4svc.dll
    Sun Sep 09 13:02:34 2007 => Scanning File C:\WINDOWS\system32\a3d.dll
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\aaaamon.dll
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\access.cpl
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\acctres.dll
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\accwiz.exe
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\acelpdec.ax
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\acledit.dll
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\aclui.dll
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\activeds.dll
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\activeds.tlb
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\actmovie.exe
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\actxprxy.dll
    Sun Sep 09 13:02:35 2007 => Scanning File C:\WINDOWS\system32\adadix16.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adadix2k.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adadix32.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\AddQuit.ico
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\admparse.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adptif.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adsldp.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adsldpc.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adsmsext.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adsnds.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adsnt.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\adsnw.dll
    Sun Sep 09 13:02:36 2007 => Scanning File C:\WINDOWS\system32\advapi32.dll
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\advpack.dll
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\ahui.exe
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\alg.exe
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\alrsvc.dll
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\amcompat.tlb
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\AMSLIB.DLL
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\amstream.dll
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\ansi.sys
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\apcups.dll
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\append.exe
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\apphelp.dll
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\appmgmts.dll
    Sun Sep 09 13:02:37 2007 => Scanning File C:\WINDOWS\system32\appmgr.dll
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\appwiz.cpl
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\arp.exe
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asctrls.ocx
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asferror.dll
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asfiles.txt [**]
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asinst.cfg
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asr_fmt.exe
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asr_ldm.exe
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asr_pfu.exe
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asuninst.exe
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\asycfilt.dll
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\at.exe
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\ati2cqag.dll
    Sun Sep 09 13:02:38 2007 => Scanning File C:\WINDOWS\system32\ati2dvaa.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ati2dvag.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ati3d1ag.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ati3d2ag.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ati3duag.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ativdaxx.ax
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ativmvxx.ax
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ativtmxx.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\ativvaxx.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\atkctrs.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\atl.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\atl71.dll
    Sun Sep 09 13:02:39 2007 => Scanning File C:\WINDOWS\system32\atmadm.exe
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\atmfd.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\atmlib.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\atmpvcno.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\atrace.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\attrib.exe
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\Audio3D.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\Audiodev.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\audiosrv.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\auditusr.exe
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\authz.dll
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\autochk.exe
    Sun Sep 09 13:02:40 2007 => Scanning File C:\WINDOWS\system32\autoconv.exe
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\autodisc.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\AUTOEXEC.NT
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\autofmt.exe
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\autolfn.exe
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\avicap.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\avicap32.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\avifil32.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\avifile.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\avmeter.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\avtapi.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\avwav.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\basesrv.dll
    Sun Sep 09 13:02:41 2007 => Scanning File C:\WINDOWS\system32\batmeter.dll
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\batt.dll
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bdaplgin.ax
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bidispl.dll
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bios1.rom
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bios4.rom
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bitsprx2.dll
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bitsprx3.dll
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\blackbox.dll
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\blastcln.exe
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bootcfg.exe
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bootok.exe
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bootvid.dll
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bootvrfy.exe
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\bopomofo.uce
    Sun Sep 09 13:02:42 2007 => Scanning File C:\WINDOWS\system32\browselc.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\browser.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\browseui.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\browsewm.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\bthci.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\bthprops.cpl
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\bthserv.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\btpanui.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\C1210.PLG
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\C1210TA.PLG
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\cabinet.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\cabview.dll
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\cacls.exe
    Sun Sep 09 13:02:43 2007 => Scanning File C:\WINDOWS\system32\cadstrin.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\calc.exe
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\camocx.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\capesnpn.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\cards.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\catsrv.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\catsrvps.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\catsrvut.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\cba.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\CBAXFR.DLL
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\ccfgnt.dll
    Sun Sep 09 13:02:44 2007 => Scanning File C:\WINDOWS\system32\ccrpftv6.ocx
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cdfview.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cdm.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cdmodem.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cdosys.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cdplayer.exe.manifest
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\certcli.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\certmgr.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\certmgr.msc
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cewmdm.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cfgbkend.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\cfgmgr32.dll
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\charmap.exe
    Sun Sep 09 13:02:45 2007 => Scanning File C:\WINDOWS\system32\Chaînes.scf
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\chcp.com
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\chkdsk.exe
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\chkntfs.exe
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\ciadmin.dll
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\ciadv.msc
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\cic.dll
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\cidaemon.exe
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\ciodm.dll
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\cipher.exe
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\cisvc.exe
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\ckcnv.exe
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\clb.dll
    Sun Sep 09 13:02:46 2007 => Scanning File C:\WINDOWS\system32\clbcatex.dll
    Sun Sep 09 13:02:47 2007 => Scanning File C:\WINDOWS\system32\clbcatq.dll
    Sun Sep 09 13:02:47 2007 => Scanning File C:\WINDOWS\system32\cleanmgr.exe
    Sun Sep 09 13:02:47 2007 => Scanning File C:\WINDOWS\system32\cliconf.chm
    Sun Sep 09 13:02:48 2007 => Scanning File C:\WINDOWS\system32\cliconfg.dll
    Sun Sep 09 13:02:48 2007 => Scanning File C:\WINDOWS\system32\cliconfg.exe
    Sun Sep 09 13:02:48 2007 => Scanning File C:\WINDOWS\system32\cliconfg.rll
    Sun Sep 09 13:02:48 2007 => Scanning File C:\WINDOWS\system32\clipbrd.exe
    Sun Sep 09 13:02:48 2007 => Scanning File C:\WINDOWS\system32\clipsrv.exe
    Sun Sep 09 13:02:48 2007 => Scanning File C:\WINDOWS\system32\clusapi.dll
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\CLUTIL_S.DLL
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmcfg32.dll
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmd.exe
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmdial32.dll
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmdl32.exe
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmdlib.wsc
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmglue.vxd
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmirmdrv.dll
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmirmdrv.exe
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmmgr32.hlp
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmmon32.exe
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmos.ram
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmpbk32.dll
    Sun Sep 09 13:02:49 2007 => Scanning File C:\WINDOWS\system32\cmprops.dll
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\cmsetacl.dll
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\cmstp.exe
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\cmuda.dll
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\cmutil.dll
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\cnetcfg.dll
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\CNMCP58.exe
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\CNMLM58.DLL
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\CNMVS58.DLL
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\CNQA1210.DLL
    Sun Sep 09 13:02:50 2007 => Scanning File C:\WINDOWS\system32\CNQL1210.DLL
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\CNQU85.DLL
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\cnvfat.dll
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\coclassfast.dll
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\colbact.dll
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\comaddin.dll
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\comcat.dll
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\comctl32.dll
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\COMCTL32.OCA
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\COMCTL32.OCX
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\comdlg32.dll
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\COMDLG32.OCA
    Sun Sep 09 13:02:51 2007 => Scanning File C:\WINDOWS\system32\COMDLG32.OCX
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\comm.drv
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\command.com
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\commdlg.dll
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\comp.exe
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\compact.exe
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\compatui.dll
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\compmgmt.msc
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\compobj.dll
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\compstui.dll
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\comrepl.dll
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\comres.dll
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\comsdupd.exe
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\comsnap.dll
    Sun Sep 09 13:02:52 2007 => Scanning File C:\WINDOWS\system32\comsvcs.dll
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\comuid.dll
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\CONFIG.NT
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\CONFIG.TMP
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\confmsp.dll
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\conime.exe
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\console.dll
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\Contact.INI
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\control.exe
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\convert.exe
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\corpol.dll
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\country.sys
    Sun Sep 09 13:02:53 2007 => Scanning File C:\WINDOWS\system32\credui.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\crtdll.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\crypt32.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cryptdlg.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cryptdll.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cryptext.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cryptnet.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cryptsvc.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cryptui.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cscdll.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cscript.exe
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\cscui.dll
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\CSL.DLL
    Sun Sep 09 13:02:54 2007 => Scanning File C:\WINDOWS\system32\csrsrv.dll
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\csrss.exe
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\csseqchk.dll
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\CSSM32S.DLL
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\CSSM32S.SIG
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\CSSMS_IN.DLL
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\ctfmon.exe
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\ctl3d32.dll
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\ctl3dv2.dll
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\ctype.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_037.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10000.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10006.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10007.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10010.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10017.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10029.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10079.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10081.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_10082.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_1026.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_1250.nls
    Sun Sep 09 13:02:55 2007 => Scanning File C:\WINDOWS\system32\c_1251.nls
    Sun Sep 09 13:02:56 2007 => Scanning File C:\WINDOWS\system32\c_1252.nls
    Sun Se
    0
  18. stephany
     
    Bonjour,
    les fichiers infectés sont toujours presents. En tout cas, ils réapparaissent à chaque redémarrage et analyse.
    Voici les rapports hijack et bitdefender:
    BitDefender Online Scanner - Rapport virus en temps réel

    Généré à: Sun, Sep 09, 2007 - 21:48:25

    --------------------------------------------------------------------------------

    Info d'analyse

    Fichiers scannés
    105103

    Infectés Fichiers
    3

    Virus Détectés

    Trojan.Spy.Agent.SF
    3
    BitDefender Online Scanner

    Rapport d'analyse généré à: Sun, Sep 09, 2007 - 21:33:37

    Voie d'analyse: A:\;C:\;D:\;

    Statistiques

    Temps
    00:40:41

    Fichiers
    100117

    Directoires
    4547

    Secteurs de boot
    2

    Archives
    942

    Paquets programmes
    4953

    Résultats

    Virus identifiés
    1

    Fichiers infectés
    3

    Fichiers suspects
    0

    Avertissements
    0

    Désinfectés
    0

    Fichiers effacés
    3

    Info sur les moteurs

    Définition virus
    800257

    Version des moteurs
    AVCORE v1.0 (build 2411) (i386) (Jul 9 2007 12:10:22)

    Analyse des plugins
    14

    Archive des plugins
    38

    Unpack des plugins
    7

    E-mail plugins
    6

    Système plugins
    1

    Paramètres d'analyse

    Première action
    Désinfecté

    Seconde Action
    Supprimé

    Heuristique
    Oui

    Acceptez les avertissements
    Oui

    Extensions analysées
    *;

    Excludez les extensions

    Analyse d'emails
    Oui

    Analyse des Archives
    Oui

    Analyser paquets programmes
    Oui

    Analyse des fichiers
    Oui

    Analyse de boot
    Oui

    Fichier analysé
    Statut

    C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir=>(Embedded EXE o)
    Infecté par: Trojan.Spy.Agent.SF

    C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir=>(Embedded EXE o)
    Echec de la désinfection

    C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir=>(Embedded EXE o)
    Supprimé

    C:\qoobox\Quarantine\C\WINDOWS\system32\MS3D714B.DLL.vir
    Echec de la mise à jour

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL=>(Embedded EXE o)
    Infecté par: Trojan.Spy.Agent.SF

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL=>(Embedded EXE o)
    Echec de la désinfection

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL=>(Embedded EXE o)
    Supprimé

    C:\System Volume Information\_restore{D5232423-9DA4-4AF6-ABFD-72024B872A99}\RP5\A0000334.DLL
    Echec de la mise à jour

    C:\WINDOWS\system32\MS318F19.DLL=>(Embedded EXE o)
    Infecté par: Trojan.Spy.Agent.SF

    C:\WINDOWS\system32\MS318F19.DLL=>(Embedded EXE o)
    Echec de la désinfection

    C:\WINDOWS\system32\MS318F19.DLL=>(Embedded EXE o)
    Supprimé

    C:\WINDOWS\system32\MS318F19.DLL
    Echec de la mise à jour

    Hijack:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:20:14, on 12/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\htpatch.exe
    C:\Program Files\NavNT\vptray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    C:\Program Files\NavNT\rtvscan.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\MsgSys.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Sandra\Bureau\Maintenance\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.emjysoft.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
    O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
    O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Easy-WebPrint Ajouter à la Liste à Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {1F83CD9E-505E-4F87-BECE-0832A763E36F} (Image Uploader 3.0 Control) - http://www.mypixmania.com/fr/fr/importer/MypixUploader.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1103135541607
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6DB731A3-B074-4118-8B1C-32511C65D836} (FotovistaPhotoUploader.ctrFpu) - http://www.mypixmania.com/fr/fr/tools/activex/fpu.cab
    O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.mypix.com/importer/ImageUploader4.cab
    O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - https://www.zonealarm.com/
    O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
    O16 - DPF: {99B6E512-3893-4155-9964-8EB8E06099CB} (WebSpyWareKiller Class) - https://www.zonealarm.com/
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/...
    O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3C231421-B95A-45CA-87CD-36E3201DA952}: NameServer = 84.103.237.141 86.64.145.141
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Y a-t-il encore quelque chose à faire?
    Merci pour l'aide

    --------------------------------------------------------------------------------

    Ce sommaire du processus d'analyse sera utilisé par les laboratoires Antivirus BitDefender pour créer des statistiques agréguées sur l'activité des virus dans le monde.
    0