Sujet Précédent Sujet Suivant

Pc bugué

hentouane -  
 Utilisateur anonyme -
Bonjour,

Mon PC est archi buguer, ils est lent, et quand je me connecte à internet, j'ai plein de pub qui s'ouvre ou de message d'alerte en tout genre, pourriez vous m'aider, avant qu'une crise de nerf de ma part ne signe l'arrêt de mort du pc..

J'ai lu sur les forum qu'il fallait faire un scan avec hikjak... Je vous le poste en espérant que vous puissiez m'aider

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:40:01, on 02/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.3.28.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
A voir également:

38 réponses

  • 1
  • 2
Réponse 1 / 38
manu_dog Messages postés 536 Statut Membre 41
 
Commence par ceci

Télécharge BTFix 1.017 (de bibi26)
BTFix vous propose de détecter et de désinstaller les barres d'outils publicitaires, qui s'invitent souvent lors de l'installation d'applications. Ce programme vous permet d'éliminer facilement les toolbars indésirables telles que Zango, MyWebSearch, MySearch, WhenU, Spam Blocker Utility, EZshopper, Browser Accelerator et beaucoup d'autres.

http://cluster1.easy-hebergement.net/

RECHERCHE
* Décompresse l'archive sur ton Bureau (Clique-Droit/Extraire tout).
* Ouvre le dossier "BTFix"
* Double clique sur "BTFix.exe"
* Clique sur "Rechercher"
* Un rapport va apparaître, copie/colle-le dans ta prochaine réponse
NETTOYAGE
* Démarre l'ordinateur en MSE comme ceci http://www.coupdepoucepc.com/modules/news/article.php?storyid=253 > ==> (Une fois le chargement du BIOS terminé, il y a un écran noir. Appuie sur la touche F8 ou F5, à répétition jusqu'à l'affichage du menu des options avancées de Windows. Ensuite, en utilisant les touches du curseur, sélectionne "mode sans échec" et appuie sur [Entrée]. Choisis ton compte usuel et non pas "Administrateur".)
* Ouvre "BTFix"
* Clique sur "Nettoyer" * Un rapport va apparaître, copie/colle-le dans ta prochaine réponse

Poursuis avec cette analyse, STP:

Télécharge et installe Malwarebyte's Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe

Suivre ce tutoriel https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

A la fin du scan >>> clique sur « Afficher les résultats » >>> « Enregistrer le Rapport »
Suppression des éléments détectés >>>> clique sur « Supprimer la sélection »
S'il t'est demandé de redémarrer >>> clique sur "Yes"

Un rapport de scan s'ouvre, poste le rapport.

Merci
0
Réponse 2 / 38
Utilisateur anonyme
 
Salut quels sont tes logiciel de sécurité stp ?
0
Utilisateur anonyme
 
Et aussi dans HiJackThis coche ces lignes puis cliques sur fix xheded:

O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

ET ACTIVE TON PARE-FEU.
0
Réponse 3 / 38
hentouane
 
Mes logiciels de secu sont avavt et spyware terminator
0
Utilisateur anonyme
 
Re alors désinstalle tous tes logiciel de sécurité. Et installe AntiVir,Malwarebytes Anti-Malware et Kerio.

AntiVir: https://www.01net.com/outils/telecharger/windows/Securite/antivirus-antitrojan/fiches/tele13198.html
Tutoriel AntiVir: https://www.malekal.com/avira-free-security-antivirus-gratuit/

Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm

Kerio: https://www.01net.com/outils/telecharger/windows/Securite/firewall/fiches/tele22418.html
Tutoriel Kerio: https://forums.cnetfrance.fr

PS: TU LES INSTALLES SEULEMENT. TU FAIS UNE MISE A JOUR A ANTIVIR ET MALWAREBYTES ANTI-MALWARE. VOILA FAIT VITE.
0
Réponse 4 / 38
hentouane
 
le pare feu c'est activer la prtection en temps réel de spyware ?
0
Utilisateur anonyme
 
ok fais le message n°5 stp.Merci
0
VIRUS_KILLER Messages postés 2075 Statut Contributeur 68 > Utilisateur anonyme
 
Bonjour
Pour suivre,,,,,,,,
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 38
hentouane
 
ok, jsui en plein dedans, j'ai désinstallé spy et avst, et j'installe les logiciels que tu m'a donné et je les met en routes. Mais ca va prendre un peu de temps
0
Utilisateur anonyme
 
ok bonne chance.
0
Réponse 6 / 38
VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
 
Alors hentouane tu a fini?
0
Réponse 7 / 38
hentouane
 
oui, c bon, j'ai tout installé et tout mis a jour, sauf sunbelt... je n'ai pas trouvé la mise a jour
0
Réponse 8 / 38
hentouane
 
par contre, j'ai redémarré l'ordi, et sunbelt, arrête pas de me bloquer une tentative d'intrusion, toujours la même.. Que dois-je faire pour la suite ?
0
Utilisateur anonyme
 
Ok quelle sont les solutions? Y'a t'il un endroit ou il te demande quoi faire. Sinon regarde le tutoriel.

PS: PAS DE MISE A JOUR et DÉSACTIVE LE PARE-FEU WINDOWS.
0
Réponse 9 / 38
hentouane
 
ben il le bloque, et il demande si je veux leur envoyer un rapport, mais la c'est bon, yen a plus. Le pare feu windows, il est ou ?
0
VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
 
Tu n'a pas besoin de l'activer puisque tu a déja sunbelt.
Sinon,utilise les 2 il y aura un conflit donc > Gros plantage Systeme.
0
Réponse 10 / 38
hentouane
 
ok, mais on m'as dit qu'il fallait le désactiver, mais je ne sais pas ou il se trouve. En plus j'ai un autre pb, je crois que spyware n'est pas désinstallé, même s'il est inactif
0
Réponse 11 / 38
VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
 
Demarrer>Panneau de configuartion>Ajouter ou supprimer des programmes.
0
Utilisateur anonyme
 
Pour le désactivé:

Pour le désactiver , cliquez sur Démarrer, Panneau de configuration. Cliquez ensuite sur le menu de gauche intitulé Affichage classique. Recherchez l'icône nommé Pare-feu Windows (voir l'image ci-dessous) et effectuez un double-clic.
Cliquez sur la gauche sur le menu Activer ou désactiver le Pare-feu Windows
Cliquez sur Desactivé , puis sur OK.

0
Réponse 12 / 38
hentouane
 
non, ben j'en ai pas en fait. Qu'est ce que je dois faire pour la suite svp ( en tout cas c'est sympa de m'aider, je ne pensais pas avoir de réponse si vite)
0
Utilisateur anonyme
 
Tu fais un scan en mode sans échec. Tu lances le scan et si il détecte un virus (normalement oui) tu cliques sur "delete" et "apply sélection to all following détections. (pour qu'il le supprimes automatiquement). A la fin du scan tu cliques sur "report" tu redémarre en mode normal puis tu me postes le rapport.

Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm
0
Réponse 13 / 38
VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
 
Bon fait un scan
Antivir et Malware bytes antimalware
et pose le nous.
0
Utilisateur anonyme
 
VIRUS8KILLER JE LUI AI DEMANDE DE FAIRE UNE ANALYSE AVEC ANTIVIR EN MODE SANS ECHEC. TU FAIS ANTIVIR PUIS TU DONNES LE RAPPORT SIMPLEMENT. FAIS JUSTE ANTIVIR STP.
0
Réponse 14 / 38
hentouane
 
ok, je fais ça de suite, merci encore
0
Réponse 15 / 38
VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
 
Fixe egalement les ligne suivantes sur dans hijackthis :
O4 - HKUS\.DEFAULT\..\RunOnce: [Suite] regedit -s c:\windows\temp\adj_hp.reg (User 'Default user')
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Propriétaire\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O2 - BHO: InternetProgram - {88C9B3C7-06B6-5C05-CFEC-C09DBC10CC30} - C:\Program Files\InternetProgram\InternetProgram-2.dll
0
Réponse 16 / 38
VIRUS_KILLER Messages postés 2075 Statut Contributeur 68
 
Sinon pour ce qui concerne le Boosting je te propose de défragmenter souvent ton disque.
Manip:
Demarrer>Tous les programmes>Accessoires>Outils Systeme>Défragmenteur de disque.
Sinon,tu en a un beaucoup + rapide que celui de Windows.
Jkdefrag : http://ftpclubic45.clubic.com/...
Réduit aussi le nombre de programme Demarrer avec Windows.
Déssinstale les programmes inutils.
Voila,moi je respecte,ces régles donc j'ai jamais de problemes maitenant.
Bonne chance!
0
Réponse 17 / 38
hentouane
 
bonjour, pardon pour le retard, mais le sacn était super lent et j'ai du partir entre temps. Bref, je vous poste le scan de antivir...

Avira AntiVir Personal
Report file date: samedi 3 mai 2008 10:28

Scanning for 1247983 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: COMPUTER

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18/03/2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 07/02/2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28/02/2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21/02/2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 13:08:58
ANTIVIR2.VDF : 7.0.3.197 1260032 Bytes 22/04/2008 13:05:04
ANTIVIR3.VDF : 7.0.3.242 273920 Bytes 02/05/2008 13:05:04
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 02/05/2008 13:05:10
AESCN.DLL : 8.1.0.15 119157 Bytes 02/05/2008 13:05:09
AERDL.DLL : 8.1.0.20 418165 Bytes 02/05/2008 13:05:09
AEPACK.DLL : 8.1.1.4 364918 Bytes 02/05/2008 13:05:08
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 02/05/2008 13:05:08
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 02/05/2008 13:05:07
AEHELP.DLL : 8.1.0.14 115063 Bytes 02/05/2008 13:05:06
AEGEN.DLL : 8.1.0.18 299381 Bytes 02/05/2008 13:05:05
AEEMU.DLL : 8.1.0.5 430450 Bytes 07/04/2008 15:34:43
AECORE.DLL : 8.1.0.27 168310 Bytes 02/05/2008 13:05:05
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23/01/2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18/02/2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23/01/2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28/02/2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23/01/2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10/03/2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 06/03/2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: samedi 3 mai 2008 10:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned
Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'fvjyjx.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ps2.EXE' - '1' Module(s) have been scanned
Scan process 'WDBtnMgr.exe' - '1' Module(s) have been scanned
Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
32 processes with 32 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '28' files ).

Starting the file scan:

Begin scan in 'C:\' <HP_PAVILION>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP402\A0514127.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP424\A0540250.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP452\A0560910.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583409.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583410.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583411.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583464.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583465.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583466.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583467.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583470.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583471.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583817.exe
[DETECTION] Contains detection pattern of the dropper DR/NaviPromo.AO.51
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583821.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583822.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583823.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583824.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583825.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583826.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583827.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583828.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583829.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583830.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583831.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583832.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583833.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583834.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583835.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583836.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583837.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583838.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583839.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583840.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583841.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583842.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583843.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583844.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583845.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583846.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583847.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583848.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583849.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583850.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583851.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583852.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583853.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583854.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583855.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583856.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583857.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583858.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583859.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583860.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583861.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583862.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583863.exe
[DETECTION] Is the Trojan horse TR/Agent.cok.1
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583864.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583865.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583866.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583867.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583868.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583869.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583870.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583871.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583872.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583873.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583874.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583875.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583876.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583877.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583878.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583879.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583880.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583881.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583882.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583883.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583884.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583885.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583886.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583887.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583888.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583889.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583890.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583891.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583892.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583893.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583894.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583895.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583896.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583897.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583898.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583899.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583900.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583901.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583902.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583903.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583904.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583905.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583906.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583907.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583908.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583909.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583910.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583911.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583912.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583913.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583914.exe
[DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583915.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583916.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583917.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583918.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583919.exe
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was deleted!
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP477\A0583920.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <HP_RECOVERY>

End of the scan: samedi 3 mai 2008 13:43
Used time: 3:15:11 min

The scan has been done completely.

11203 Scanning directories
473963 Files were scanned
113 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
113 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
473850 Files not concerned
19636 Archives were scanned
3 Warnings
113 Notes
0
Utilisateur anonyme
 
Il a detect et supprimée 113 virus maintenant fais ceci:

2) Redémarre en "Mode sans échec"

Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît rapidement, appuie sur la touche [F8] (ou [F5] sur certains pc) jusqu'à l'affichage du menu des options avancées de Windows.
Sélectionner "Mode sans échec" et appuie sur [Entrée]
Il faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Regarde ici si besoin : http://pageperso.aol.fr/loraline60/mode_sans_echec.htm

Ouvre le fichier texte sauvegardé sur le Bureau afin de suivre les instructions comme il faut.

3) Scan avec Malwarebyte's Anti-Malware

Lance Malwarebyte's Anti-Malware
Onglet "Recherche" >>> coche Executer un exame complet >>> Rechercher sélectionne tes disques durs puis clique sur Lancer l’examen
A la fin du scan >>> clique sur Afficher les résultats puis sur Enregistrer le rapport
Suppression des éléments détectés >>>> clique sur Supprimer la sélection
S'il t'es demandé de redémarrer >>> clique sur "Yes"

--> Un rapport de scan s'ouvre, enregistre sur ton Bureau et poste ce rapport en réponse.
0
Réponse 18 / 38
hentouane
 
Voila pour le rapport du malware,

Par contre mon firewall (kerio n'arrête pas de me dire qu'un fichier sous windows\system32 est une tentative d'intrsion bloquée, y'a t'il un moyen de remédier à cela ???

Malwarebytes' Anti-Malware 1.11
Version de la base de données: 714

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 197211
Temps écoulé: 8 hour(s), 17 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 5
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 10
Fichier(s) infecté(s): 38

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webmediaplayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Spyware-Secure (Rogue.Spyware-Secure) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fbrowsingadvisor_is1 (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\WebMediaPlayer (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\updates (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowserAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\FBrowsingAdvisor\XPCOMEvents.dll (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5C1DC89A-9FE9-48CF-90DE-1EAEB9DEE399}\RP431\A0544393.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\sqlite3.dll (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\uninst.exe (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\WebMediaPlayer.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\resources\webmedias (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\skins\classic.skn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\WebMediaPlayer\updates\update.upd (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\MessengerSkinner.url (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\download\defaultPack.cab (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\appconfig.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnBnr.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnIn.rgn (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnInOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormal.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnNormalBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOver.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.bmp (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\btnOverBnr.gif (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\languages.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\MessengerSkinner\resources\languages_v2.xml (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\IXPCOMEvents.xpt (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\Logo.png (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\main.db (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.dat (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\Program Files\FBrowsingAdvisor\unins000.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbybofx_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ksgpbz_navps.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hbybofx_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ksgpbz_nav.dat (Adware.EGDAccess) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\nvs2.inf (Adware.EGDAccess) -> Quarantined and deleted successfully.
0
Réponse 19 / 38
hentouane
 
up
0
Utilisateur anonyme
 
Ok poste moi un rapport HijackThis stp.
0
Réponse 20 / 38
hentouane
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:11:19, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\windows\system32\hbybofx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.hpe.com/h41271/404D.aspx?cc=us&ll=en&url=http://domainredirects.ext.hpe.com/fr6.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [hbybofx] c:\windows\system32\hbybofx.exe hbybofx
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - .DEFAULT User Startup: ddrive.js (User 'Default user')
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
0
Utilisateur anonyme
 
Ok alors merci et tu coches ces lignes puis clique sur fix cheded:

C:\windows\system32\hbybofx.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [hbybofx] c:\windows\system32\hbybofx.exe hbybofx
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)

Puis reposte moi un nouveau rapport stp.
0