Pc bugué

hentouane -  
 Utilisateur anonyme -
Bonjour,

Mon PC est archi buguer, ils est lent, et quand je me connecte à internet, j'ai plein de pub qui s'ouvre ou de message d'alerte en tout genre, pourriez vous m'aider, avant qu'une crise de nerf de ma part ne signe l'arrêt de mort du pc..

J'ai lu sur les forum qu'il fallait faire un scan avec hikjak... Je vous le poste en espérant que vous puissiez m'aider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:01, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 7345 bytes
Configuration: Windows XP
Firefox 2.0.0.14

38 réponses

  • 1
  • 2
Résumé de la discussion

Le problème central est un PC lent et bloqué par des publicités et des alertes, suggérant une infection nécessitant une analyse antivirus et le dépistage des logiciels malveillants comme HijackThis.
Plusieurs solutions ont été évoquées, notamment l’analyse des rapports HijackThis, le redémarrage en mode sans échec et l’utilisation d’outils anti-malware comme Malwarebytes pour détecter et supprimer les éléments nuisibles.
Les mesures essentielles consistent à exécuter un scan en mode sans échec avec Malwarebytes, supprimer les éléments détectés, puis vérifier les éléments de démarrage et les barres d’outils indésirables.
En complément, après défragmentation et suppression des malwares, une mise à jour d’Internet Explorer et un contrôle régulier des sauvegardes peuvent prévenir de nouvelles intrusions et améliorer la stabilité.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. manu_dog Messages postés 536 Statut Membre 42
     
    Commence par ceci

    Télécharge BTFix 1.017 (de bibi26)
    BTFix vous propose de détecter et de désinstaller les barres d'outils publicitaires, qui s'invitent souvent lors de l'installation d'applications. Ce programme vous permet d'éliminer facilement les toolbars indésirables telles que Zango, MyWebSearch, MySearch, WhenU, Spam Blocker Utility, EZshopper, Browser Accelerator et beaucoup d'autres.

    http://cluster1.easy-hebergement.net/

    RECHERCHE
    * Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
    * Ouvre le dossier "BTFix"
    * Double clique sur "BTFix.exe"
    * Clique sur "Rechercher"
    * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
    NETTOYAGE
    * Démarre l'ordinateur en MSE comme ceci http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 > ==> (Une fois le chargement du BIOS terminé, il y a un écran noir. Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows. Ensuite, en utilisant les touches du curseur, sélectionne "mode sans échec" et appuie sur [Entrée]. Choisis ton compte usuel et non pas "Administrateur".)
    * Ouvre "BTFix"
    * Clique sur "Nettoyer" * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

    Poursuis avec cette analyse, STP:

    Télécharge et installe Malwarebyte's Anti-Malware
    http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Suivre ce tutoriel https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

    A la fin du scan >>> clique sur « Afficher les résultats » >>> « Enregistrer le Rapport »
    Suppression des éléments détectés >>>> clique sur « Supprimer la sélection »
    S'il t'est demandé de redémarrer >>> clique sur "Yes"

    Un rapport de scan s'ouvre, poste le rapport.

    Merci
    0
  2. Utilisateur anonyme
     
    Salut quels sont tes logiciel de sécurité stp ?
    0
    1. Utilisateur anonyme
       
      Et aussi dans HiJackThis coche ces lignes puis cliques sur fix xheded:

      O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll

      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

      ET ACTIVE TON PARE-FEU.
      0
  3. hentouane
     
    Mes logiciels de secu sont avavt et spyware terminator
    0
    1. Utilisateur anonyme
       
      Re alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware et Kerio.

      AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
      Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

      Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
      Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

      Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
      Tutoriel Kerio: https://forums.cnetfrance.fr

      PS: TU LES INSTALLES SEULEMENT. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE. VOILA FAIT VITE.
      0
  4. hentouane
     
    le pare feu c'est activer la prtection en temps réel de spyware ?
    0
    1. Utilisateur anonyme
       
      ok fais le message n°5 stp.Merci
      0
      1. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68 > Utilisateur anonyme
         
        Bonjour
        Pour suivre,,,,,,,,
        0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. hentouane
     
    ok, jsui en plein dedans, j'ai désinstallé spy et avst, et j'installe les logiciels que tu m'a donné et je les met en routes. Mais ca va prendre un peu de temps
    0
    1. Utilisateur anonyme
       
      ok bonne chance.
      0
  7. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    Alors hentouane tu a fini?
    0
  8. hentouane
     
    oui, c bon, j'ai tout installé et tout mis a jour, sauf sunbelt... je n'ai pas trouvé la mise a jour
    0
  9. hentouane
     
    par contre, j'ai redémarré l'ordi, et sunbelt, arrête pas de me bloquer une tentative d'intrusion, toujours la même.. Que dois-je faire pour la suite ?
    0
    1. Utilisateur anonyme
       
      Ok quelle sont les solutions? Y'a t'il un endroit ou il te demande quoi faire. Sinon regarde le tutoriel.

      PS: PAS DE MISE A JOUR et DÉSACTIVE LE PARE-FEU WINDOWS.
      0
  10. hentouane
     
    ben il le bloque, et il demande si je veux leur envoyer un rapport, mais la c'est bon, yen a plus. Le pare feu windows, il est ou ?
    0
    1. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
       
      Tu n'a pas besoin de l'activer puisque tu a déja sunbelt.
      Sinon,utilise les 2 il y aura un conflit donc > Gros plantage Systeme.
      0
  11. hentouane
     
    ok, mais on m'as dit qu'il fallait le désactiver, mais je ne sais pas ou il se trouve. En plus j'ai un autre pb, je crois que spyware n'est pas désinstallé, même s'il est inactif
    0
  12. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    Demarrer>Panneau de configuartion>Ajouter ou supprimer des programmes.
    0
    1. Utilisateur anonyme
       
      Pour le désactivé:

      Pour le désactiver , cliquez sur Démarrer, Panneau de configuration. Cliquez ensuite sur le menu de gauche intitulé Affichage classique. Recherchez l'icône nommé Pare-feu Windows (voir l'image ci-dessous) et effectuez un double-clic.
      Cliquez sur la gauche sur le menu Activer ou désactiver le Pare-feu Windows
      Cliquez sur Desactivé , puis sur OK.

      0
  13. hentouane
     
    non, ben j'en ai pas en fait. Qu'est ce que je dois faire pour la suite svp ( en tout cas c'est sympa de m'aider, je ne pensais pas avoir de réponse si vite)
    0
    1. Utilisateur anonyme
       
      Tu fais un scan en mode sans échec. Tu lances le scan et si il détecte un virus (normalement oui) tu cliques sur "delete" et "apply sélection to all following détections. (pour qu'il le supprimes automatiquement). A la fin du scan tu cliques sur "report" tu redémarre en mode normal puis tu me postes le rapport.

      Redémarre en "Mode sans échec"

      Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
      Sélectionner "Mode sans échec" et appuie sur [Entrée]
      Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
      Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
      0
  14. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    Bon fait un scan
    Antivir et Malware bytes antimalware
    et pose le nous.
    0
    1. Utilisateur anonyme
       
      VIRUS8KILLER JE LUI AI DEMANDE DE FAIRE UNE ANALYSE AVEC ANTIVIR EN MODE SANS ECHEC. TU FAIS ANTIVIR PUIS TU DONNES LE RAPPORT SIMPLEMENT. FAIS JUSTE ANTIVIR STP.
      0
  15. hentouane
     
    ok, je fais ça de suite, merci encore
    0
  16. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    Fixe egalement les ligne suivantes sur dans hijackthis :
    O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
    O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll
    0
  17. VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
     
    Sinon pour ce qui concerne le Boosting je te propose de défragmenter souvent ton disque.
    Manip:
    Demarrer>Tous les programmes>Accessoires>Outils Systeme>Défragmenteur de disque.
    Sinon,tu en a un beaucoup + rapide que celui de Windows.
    Jkdefrag : http://ftpclubic45.clubic.com/...
    Réduit aussi le nombre de programme Demarrer avec Windows.
    Déssinstale les programmes inutils.
    Voila,moi je respecte,ces régles donc j'ai jamais de problemes maitenant.
    Bonne chance!
    0
  18. hentouane
     
    bonjour, pardon pour le retard, mais le sacn était super lent et j'ai du partir entre temps. Bref, je vous poste le scan de antivir...

    Avira AntiVir Personal
    Report file date: samedi 3 mai 2008 10:28

    Scanning for 1247983 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Normally booted
    Username: SYSTEM
    Computer name: COMPUTER

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
    LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
    LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
    ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 13:05:04
    ANTIVIR3.VDF : 7.0.3.242 273920 Bytes 02/05/2008 13:05:04
    Engineversion : 8.1.0.37
    AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
    AESCRIPT.DLL : 8.1.0.28 233851 Bytes 02/05/2008 13:05:10
    AESCN.DLL : 8.1.0.15 119157 Bytes 02/05/2008 13:05:09
    AERDL.DLL : 8.1.0.20 418165 Bytes 02/05/2008 13:05:09
    AEPACK.DLL : 8.1.1.4 364918 Bytes 02/05/2008 13:05:08
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 02/05/2008 13:05:08
    AEHEUR.DLL : 8.1.0.21 1196407 Bytes 02/05/2008 13:05:07
    AEHELP.DLL : 8.1.0.14 115063 Bytes 02/05/2008 13:05:06
    AEGEN.DLL : 8.1.0.18 299381 Bytes 02/05/2008 13:05:05
    AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
    AECORE.DLL : 8.1.0.27 168310 Bytes 02/05/2008 13:05:05
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
    AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
    AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
    AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
    NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: samedi 3 mai 2008 10:28

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'firefox.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'alg.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
    Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
    Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
    Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
    Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
    Scan process 'cisvc.exe' - '1' Module(s) have been scanned
    Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'fvjyjx.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'ps2.EXE' - '1' Module(s) have been scanned
    Scan process 'WDBtnMgr.exe' - '1' Module(s) have been scanned
    Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    32 processes with 32 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '28' files ).

    Starting the file scan:

    Begin scan in 'C:\' <HP_PAVILION>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP402\A0514127.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP424\A0540250.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP452\A0560910.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583409.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583410.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583411.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583464.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583465.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583466.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583467.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583470.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583471.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583817.exe
    [DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.51
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583821.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583822.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583823.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583824.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583825.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583826.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583827.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583828.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583829.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583830.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583831.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583832.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583833.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583834.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583835.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583836.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583837.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583838.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583839.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583840.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583841.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583842.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583843.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583844.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583845.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583846.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583847.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583848.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583849.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583850.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583851.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583852.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583853.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583854.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583855.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583856.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583857.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583858.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583859.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583860.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583861.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583862.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583863.exe
    [DETECTION] Is the Trojan horse TR/Agent.cok.1
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583864.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583865.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583866.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583867.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583868.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583869.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583870.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583871.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583872.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583873.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583874.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583875.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583876.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583877.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583878.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583879.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583880.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583881.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583882.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583883.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583884.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583885.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583886.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583887.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583888.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583889.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583890.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583891.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583892.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583893.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583894.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583895.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583896.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583897.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583898.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583899.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583900.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583901.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583902.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583903.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583904.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583905.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583906.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583907.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583908.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583909.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583910.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583911.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583912.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583913.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583914.exe
    [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583915.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583916.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583917.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583918.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583919.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [NOTE] The file was deleted!
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583920.exe
    [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
    [NOTE] The file was deleted!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <HP_RECOVERY>

    End of the scan: samedi 3 mai 2008 13:43
    Used time: 3:15:11 min

    The scan has been done completely.

    11203 Scanning directories
    473963 Files were scanned
    113 viruses and/or unwanted programs were found
    0 Files were classified as suspicious:
    113 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    3 Files cannot be scanned
    473850 Files not concerned
    19636 Archives were scanned
    3 Warnings
    113 Notes
    0
    1. Utilisateur anonyme
       
      Il a detect et supprimée 113 virus maintenant fais ceci:

      2) Redémarre en "Mode sans échec"

      Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
      Sélectionner "Mode sans échec" et appuie sur [Entrée]
      Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
      Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

      Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

      3) Scan avec Malwarebyte's Anti-Malware

      Lance Malwarebyte's Anti-Malware
      Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
      A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
      Suppression des éléments détectés >>>> clique sur Supprimer la sélection
      S'il t'es demandé de redémarrer >>> clique sur "Yes"

      --> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
      0
  19. hentouane
     
    Voila pour le rapport du malware,

    Par contre mon firewall (kerio n'arrête pas de me dire qu'un fichier sous windows\system32 est une tentative d'intrsion bloquée, y'a t'il un moyen de remédier à cela ???

    Malwarebytes' Anti-Malware 1.11
    Version de la base de données: 714

    Type de recherche: Examen complet (C:\|D:\|)
    Eléments examinés: 197211
    Temps écoulé: 8 hour(s), 17 minute(s), 53 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 5
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 10
    Fichier(s) infecté(s): 38

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\download (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

    Fichier(s) infecté(s):
    C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP431\A0544393.exe (Adware.Agent) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\WebMediaPlayer.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\WebMediaPlayer\updates\update.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\MessengerSkinner.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\download\defaultPack.cab (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\appconfig.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnOver.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\MessengerSkinner\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hbybofx_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ksgpbz_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\hbybofx_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\ksgpbz_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
    C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
    0
  20. hentouane
     
    up
    0
    1. Utilisateur anonyme
       
      Ok poste moi un rapport HijackThis stp.
      0
  21. hentouane
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 15:11:19, on 05/05/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\ps2.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\windows\system32\hbybofx.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\WINDOWS\System32\cisvc.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Canon\CAL\CALMAIN.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\PROGRA~1\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr6.hpwis.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
    O4 - HKCU\..\Run: [hbybofx] c:\windows\system32\hbybofx.exe hbybofx
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
    0
    1. Utilisateur anonyme
       
      Ok alors merci et tu coches ces lignes puis clique sur fix cheded:

      C:\windows\system32\hbybofx.exe
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKCU\..\Run: [hbybofx] c:\windows\system32\hbybofx.exe hbybofx
      O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

      Puis reposte moi un nouveau rapport stp.
      0
  • 1
  • 2