"TR/Dldr.Zlob.moa" et "Contains sus
Résolu
arnaudwolf
Messages postés
43
Statut
Membre
-
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
green day Messages postés 26722 Statut Modérateur, Contributeur sécurité -
bonjour a tous
voila depuis hier plusieur pages s'ouvre avec explorer en me disant que je suis infecté et tout le tralala lol
donc je telecharger la demo de bitdefender j'ai fait un scan en mode sans echec parsque apparament le virus empecher antivir de se mettre ajour se qui l'empecher de le detecter je pense
voila le resultat :
//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 06/05/2008 10:12:45
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\Windows
C:\Program Files
Dossiers : 11865
Fichiers : 138689
Processus Mémoire analysés : 0
Archives : 6
Fichiers enpaquetés : 4988
Virus trouvés : 5
Fichiers infectés : 6
Processus Mémoire infectés : 0
Fichiers suspects : 1
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 5
Erreurs I/O : 38
Temps d'analyse :=00:51:52
Fichiers/seconde :44
Définitions virus : 1189825
Plugins d'analyse : 16
Plugins archives : 42
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5
Options d'analyse
Détection
[X] Analyser le secteur de boot
[ ] Processus mémoire
[ ] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[ ] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Users\bigwolf\AppData\Local\Temp\1210061565.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[ ] Clés de registres
[ ] Cookies
Résumé:
C:\Program Files\NetProject\sbmdl.dll Infecté: Trojan.Downloader.Zlob.ABUV
C:\Program Files\NetProject\sbmdl.dll Désinfection impossible
C:\Program Files\NetProject\sbmdl.dll Déplacement impossible
C:\Program Files\NetProject\sbmntr.exe Infecté: Trojan.Downloader.Zlob.ABUV
C:\Program Files\NetProject\sbmntr.exe Désinfection impossible
C:\Program Files\NetProject\sbmntr.exe Déplacé
C:\Program Files\NetProject\sbsm.exe Infecté: Trojan.Zlob.CJM
C:\Program Files\NetProject\sbsm.exe Désinfection impossible
C:\Program Files\NetProject\sbsm.exe Déplacé
C:\Program Files\NetProject\sbun.exe Infecté: Trojan.Zlob.CJD
C:\Program Files\NetProject\sbun.exe Désinfection impossible
C:\Program Files\NetProject\sbun.exe Déplacé
C:\Program Files\NetProject\scu.exe Infecté: Trojan.Downloader.Zlob.ABMQ
C:\Program Files\NetProject\scu.exe Désinfection impossible
C:\Program Files\NetProject\scu.exe Déplacé
C:\Program Files\NetProject\wamdl.dll Infecté: Trojan.Zlob.2.Gen
C:\Program Files\NetProject\wamdl.dll Désinfection impossible
C:\Program Files\NetProject\wamdl.dll Déplacé
ensuite j'ai fait marcher mon spybot en mode sans echec il a trouver des fichier nommé zob je crois plusieur, mais j'arrive plus a trouver le rapport bizar, donc j'ai corriger le tout.
quand j'ai redemarer le pc en mode normal j'ai mis a jours antivir et effacé bitdefender,
antivir a trouver les fameu virus voila le rapport
Avira AntiVir Personal
Report file date: 2008-05-06 13:42
Scanning for 1253212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BIGWOLF
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-22 18:45:53
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-22 18:45:53
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-22 18:45:53
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-22 18:45:53
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 23:15:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 2008-05-05 11:40:36
ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 2008-05-06 11:40:37
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-22 18:45:54
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 2008-04-30 18:38:32
AESCN.DLL : 8.1.0.15 119157 Bytes 2008-04-30 18:38:31
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-26 18:38:00
AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-04-29 18:38:56
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-22 18:45:54
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 2008-04-30 18:38:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-22 18:45:54
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-04-26 18:37:40
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-22 18:45:54
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-22 18:45:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-22 18:45:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-22 18:45:53
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-22 18:45:53
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-22 18:45:53
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-22 18:45:53
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-22 18:45:53
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-22 18:45:53
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-22 18:45:53
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-22 18:45:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-22 18:45:50
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-05-06 13:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '4' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\bigwolf\AppData\Local\Temp\zfe2.exe
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[3] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABUV
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.mnz
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.moa
[NOTE] The file was moved to '48854b3d.qua'!
End of the scan: 2008-05-06 14:42
Used time: 59:48 min
The scan has been done completely.
14816 Scanning directories
265705 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
265702 Files not concerned
1730 Archives were scanned
1 Warnings
1 Notes
j'ai aussi fait un raport avec combofix
voila le resulttat
ComboFix 08-05-01.3 - bigwolf 2008-05-06 14:44:37.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1191 [GMT 2:00]
Endroit: C:\Users\bigwolf\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url
C:\Windows\system32\drivers\IDSVIX86.sys
C:\Windows\system32\drivers\runtime2.sys
C:\Windows\system32\IDSVIX86.sys
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
---- Previous Run -------
.
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
----- BITS: Possible sites infect‚s -----
hxxp://rad.msn.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\Legacy_IDSVIX86
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 12:16 . 2008-05-06 12:16 156 --a------ C:\Windows\wininit.ini
2008-05-06 10:12 . 2008-05-06 13:20 81,984 --a------ C:\Windows\System32\bdod.bin
2008-05-06 10:09 . 2008-05-06 13:22 <REP> d-------- C:\Users\All Users\BitDefender
2008-05-06 10:08 . 2008-05-06 13:22 <REP> d----c--- C:\Program Files\Common Files\Softwin
2008-05-06 10:01 . 2008-05-06 10:01 <REP> d-------- C:\Users\bigwolf\.housecall6.6
2008-05-06 07:59 . 2008-05-06 07:59 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\ItsLabel
2008-05-05 16:47 . 2008-05-05 17:12 <REP> d----c--- C:\Program Files\e-anim
2008-05-04 23:01 . 2008-05-04 23:01 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\gtk-2.0
2008-05-04 23:00 . 2008-05-04 23:00 <REP> d-------- C:\Users\bigwolf\.thumbnails
2008-05-04 22:49 . 2008-05-04 23:08 <REP> d-------- C:\Users\bigwolf\.gimp-2.4
2008-05-01 09:44 . 2008-05-01 09:44 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\EmailNotifier
2008-05-01 09:18 . 2008-05-01 09:18 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-05-01 09:18 . 2008-05-01 09:18 286,720 --a------ C:\Windows\PATCH.EXE
2008-05-01 09:18 . 2008-05-01 09:18 69,689 --a------ C:\Windows\UNZIP.DLL
2008-05-01 08:58 . 2008-05-01 08:58 <REP> d-------- C:\Users\All Users\EmailNotifier
2008-05-01 08:58 . 2008-05-01 08:58 <REP> d----c--- C:\Program Files\CA VMN Anti-Spyware
2008-04-27 20:37 . 2008-04-27 20:37 <REP> d-------- C:\Users\bigwolf\Nouveau dossier
2008-04-25 18:59 . 2008-05-06 08:08 <REP> d----c--- C:\Program Files\Norton Security Scan
2008-04-25 18:58 . 2008-04-25 18:59 <REP> d-------- C:\Windows\System32\Adobe
2008-04-25 13:56 . 2005-09-01 11:03 127,488 --------- C:\Windows\System32\drivers\imagesrv.sys
2008-04-25 13:56 . 2005-09-01 11:03 5,888 --------- C:\Windows\System32\drivers\imagedrv.sys
2008-04-25 13:54 . 2004-07-26 16:16 1,568,768 --------- C:\Windows\System32\ImagX7.dll
2008-04-25 13:54 . 2004-07-26 16:16 476,320 --------- C:\Windows\System32\ImagXpr7.dll
2008-04-25 13:54 . 2004-07-26 16:16 471,040 --------- C:\Windows\System32\ImagXRA7.dll
2008-04-25 13:54 . 2004-07-09 08:43 364,544 --------- C:\Windows\System32\TwnLib4.dll
2008-04-25 13:54 . 2004-07-26 16:16 262,144 --------- C:\Windows\System32\ImagXR7.dll
2008-04-25 13:54 . 2001-07-09 10:50 155,648 --a------ C:\Windows\System32\NeroCheck.exe
2008-04-25 13:54 . 2000-06-26 10:45 106,496 --a------ C:\Windows\System32\TwnLib20.dll
2008-04-25 13:53 . 2008-04-25 13:54 <REP> d----c--- C:\Program Files\Ahead
2008-04-23 11:08 . 2008-05-06 13:25 <REP> d----c--- C:\eMule
2008-04-23 10:42 . 2008-04-23 10:42 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\Notepad++
2008-04-23 10:42 . 2008-04-23 10:42 <REP> d----c--- C:\Program Files\Notepad++
2008-04-20 16:52 . 2008-05-01 09:42 524,288 --ahs---- C:\Users\bigwolf\ntuser.dat{33271a4f-0ee9-11dd-8877-0015af3e5d27}.TMContainer00000000000000000002.regtrans-ms
2008-04-20 16:52 . 2008-05-01 09:42 524,288 --ahs---- C:\Users\bigwolf\ntuser.dat{33271a4f-0ee9-11dd-8877-0015af3e5d27}.TMContainer00000000000000000001.regtrans-ms
2008-04-20 16:52 . 2008-05-01 09:42 65,536 --ahs---- C:\Users\bigwolf\ntuser.dat{33271a4f-0ee9-11dd-8877-0015af3e5d27}.TM.blf
2008-04-12 10:26 . 2008-04-12 10:26 <REP> d-------- C:\Users\bigwolf\Program Files
2008-04-09 10:40 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 10:40 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 10:40 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 10:40 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 10:40 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 10:40 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 10:40 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 10:40 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 10:40 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 10:29 . 2008-02-29 06:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 10:29 . 2008-02-21 06:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 10:24 . 2007-12-16 13:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 10:24 . 2007-12-16 13:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 06:03 --------- d-----w C:\Users\bigwolf\AppData\Roaming\EoRezo
2008-05-06 06:02 --------- dc----w C:\Program Files\Beneton Movie GIF
2008-05-05 14:43 --------- d-----w C:\Program Files\Visicom Media
2008-05-03 10:26 --------- d-----w C:\Program Files\vmntoolbar
2008-05-01 07:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-27 18:38 3,846 ----a-w C:\Users\bigwolf\AppData\Roaming\wklnhst.dat
2008-04-25 11:53 --------- dc----w C:\Program Files\Common Files\Ahead
2008-04-23 07:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 15:02 --------- d-----w C:\Program Files\Panda Security
2008-04-10 10:29 --------- d-----w C:\Program Files\Windows Mail
2008-03-30 22:21 --------- d-----w C:\Users\bigwolf\AppData\Roaming\Yahoo! Companion
2008-03-30 22:21 --------- d-----w C:\Program Files\Google
2008-03-30 02:04 --------- d-----w C:\Users\bigwolf\AppData\Roaming\XnView
2008-03-30 01:40 --------- d-----w C:\Program Files\XnView
2008-03-29 11:30 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-29 11:29 --------- dc----w C:\Program Files\Common Files\Real
2008-03-28 17:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 17:32 --------- dc----w C:\Program Files\Common Files\PX Storage Engine
2008-03-28 17:32 --------- d-----w C:\Program Files\DivX
2008-03-09 11:53 --------- d-----w C:\Users\trou de balle\AppData\Roaming\Talkback
2008-03-08 17:27 --------- d--h--r C:\Users\trou de balle\AppData\Roaming\SecuROM
2008-03-07 23:59 --------- dc----w C:\Program Files\CCleaner
2008-03-07 18:30 234,166 ----a-w C:\Windows\EasyGifAnimator_Toolbar_Uninstaller_442.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-14 02:00 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 01:56 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 01:56 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 01:56 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 01:56 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 01:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 01:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 01:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 01:55 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 01:55 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 01:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 01:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 01:55 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-09 04:18 691,545 ----a-w C:\Windows\unins000.exe
2008-01-27 06:54 27,525 ----a-w C:\Users\bigwolf\AppData\Roaming\nvModes.dat
2007-01-01 00:43 174 --sha-w C:\Program Files\desktop.ini
2007-12-19 08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-19 08:36 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-19 08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-11-16 20:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007111620071117\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 16:26 2022912 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 16:26 2022912]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-09-24 16:26 2022912]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:07 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 16:15 816368]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"eMuleAutoStart"="C:\eMule\emule.exe" [2007-05-13 16:57 5308416]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-31 00:19:01 124400]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0D6CFCF-F032-4C36-A8D8-8284A6D23A31}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0D803923-CBC2-4F62-B50F-AF82B2C60771}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C367DB0-477B-4B63-BD84-7368123BB5A6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D7205450-19C7-451E-BC69-F8C6162D6EBF}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CD201523-1A2C-4184-99D0-C62E771D8783}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{29797336-22FB-4DC6-BCA4-540A875BDC70}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{21BB3ABE-6C1D-49F4-A234-DEAABF01B3F8}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D49603BF-E4E0-4BB4-9372-78A67B4E5E1C}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{A8311C70-551E-495C-AA58-63E73703AA13}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{3945DC6C-BE9A-4A04-A8FA-CD50AAD51DD3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{00B0D406-F9F2-4EB6-9048-6CB20C6D50D4}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0D4B8946-B4A6-417D-9BA1-539B74201CA6}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{7ABA62C5-0416-47AA-B312-8A4754E96CF7}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{697A47BB-3779-4D6A-AAC9-C634BBBBD842}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{69A4376C-8D2E-45AF-BAFA-620E7E055E37}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{F91187D1-0E5D-4F72-9449-F09EE2177D08}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{11B938A2-8513-4880-AEC9-871725D8621D}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D68AD715-846B-477D-B177-0F0A5B3944CA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C1B46920-5C39-4427-AA25-DD107DE2CADC}C:\\users\\bigwolf\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\bigwolf\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{DD1C91B6-ECB7-4E8D-8C7A-CEAB97547004}C:\\users\\bigwolf\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\bigwolf\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{3EFB369A-6BF1-41A4-980B-0E6F5745F36A}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
"UDP Query User{3BA30AD8-FB7D-4FE1-9A06-CE166B8AAC67}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 Cam5607;Bison WebCam;C:\Windows\system32\Drivers\BisonC07.sys [2007-07-23 20:35]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 02:50]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-09-27 14:46]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 22:47]
S2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-06 12:30:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-05-06 12:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 14:50:15
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 53
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\System32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-06 14:54:03 - machine was rebooted [bigwolf]
ComboFix-quarantined-files.txt 2008-05-06 12:53:53
Pre-Run: 16,109,281,280 octets libres
Post-Run: 16,525,844,480 octets libres
247 --- E O F --- 2008-04-21 18:41:02
j'en ai fait bocoup peu etre lol mais bon,
j'aimerai savoir comment faire pour me debarasser de ces virus qui aime me coller
merci
voila depuis hier plusieur pages s'ouvre avec explorer en me disant que je suis infecté et tout le tralala lol
donc je telecharger la demo de bitdefender j'ai fait un scan en mode sans echec parsque apparament le virus empecher antivir de se mettre ajour se qui l'empecher de le detecter je pense
voila le resultat :
//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 06/05/2008 10:12:45
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\Windows
C:\Program Files
Dossiers : 11865
Fichiers : 138689
Processus Mémoire analysés : 0
Archives : 6
Fichiers enpaquetés : 4988
Virus trouvés : 5
Fichiers infectés : 6
Processus Mémoire infectés : 0
Fichiers suspects : 1
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 5
Erreurs I/O : 38
Temps d'analyse :=00:51:52
Fichiers/seconde :44
Définitions virus : 1189825
Plugins d'analyse : 16
Plugins archives : 42
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5
Options d'analyse
Détection
[X] Analyser le secteur de boot
[ ] Processus mémoire
[ ] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[ ] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Users\bigwolf\AppData\Local\Temp\1210061565.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[ ] Clés de registres
[ ] Cookies
Résumé:
C:\Program Files\NetProject\sbmdl.dll Infecté: Trojan.Downloader.Zlob.ABUV
C:\Program Files\NetProject\sbmdl.dll Désinfection impossible
C:\Program Files\NetProject\sbmdl.dll Déplacement impossible
C:\Program Files\NetProject\sbmntr.exe Infecté: Trojan.Downloader.Zlob.ABUV
C:\Program Files\NetProject\sbmntr.exe Désinfection impossible
C:\Program Files\NetProject\sbmntr.exe Déplacé
C:\Program Files\NetProject\sbsm.exe Infecté: Trojan.Zlob.CJM
C:\Program Files\NetProject\sbsm.exe Désinfection impossible
C:\Program Files\NetProject\sbsm.exe Déplacé
C:\Program Files\NetProject\sbun.exe Infecté: Trojan.Zlob.CJD
C:\Program Files\NetProject\sbun.exe Désinfection impossible
C:\Program Files\NetProject\sbun.exe Déplacé
C:\Program Files\NetProject\scu.exe Infecté: Trojan.Downloader.Zlob.ABMQ
C:\Program Files\NetProject\scu.exe Désinfection impossible
C:\Program Files\NetProject\scu.exe Déplacé
C:\Program Files\NetProject\wamdl.dll Infecté: Trojan.Zlob.2.Gen
C:\Program Files\NetProject\wamdl.dll Désinfection impossible
C:\Program Files\NetProject\wamdl.dll Déplacé
ensuite j'ai fait marcher mon spybot en mode sans echec il a trouver des fichier nommé zob je crois plusieur, mais j'arrive plus a trouver le rapport bizar, donc j'ai corriger le tout.
quand j'ai redemarer le pc en mode normal j'ai mis a jours antivir et effacé bitdefender,
antivir a trouver les fameu virus voila le rapport
Avira AntiVir Personal
Report file date: 2008-05-06 13:42
Scanning for 1253212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BIGWOLF
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 2008-04-09 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 2008-04-22 18:45:53
AVSCAN.DLL : 8.1.1.0 53505 Bytes 2008-04-22 18:45:53
LUKE.DLL : 8.1.2.9 151809 Bytes 2008-04-22 18:45:53
LUKERES.DLL : 8.1.2.1 12033 Bytes 2008-04-22 18:45:53
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 2008-03-07 23:15:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 2008-05-05 11:40:36
ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 2008-05-06 11:40:37
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 2008-04-22 18:45:54
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 2008-04-30 18:38:32
AESCN.DLL : 8.1.0.15 119157 Bytes 2008-04-30 18:38:31
AERDL.DLL : 8.1.0.20 418165 Bytes 2008-04-26 18:38:00
AEPACK.DLL : 8.1.1.4 364918 Bytes 2008-04-29 18:38:56
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 2008-04-22 18:45:54
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 2008-04-30 18:38:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 2008-04-22 18:45:54
AEGEN.DLL : 8.1.0.18 299381 Bytes 2008-04-26 18:37:40
AEEMU.DLL : 8.1.0.5 430450 Bytes 2008-04-22 18:45:54
AECORE.DLL : 8.1.0.27 168310 Bytes 2008-04-22 18:45:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 2008-04-22 18:45:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 2008-04-22 18:45:53
AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 2008-04-22 18:45:53
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-04-22 18:45:53
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 2008-04-22 18:45:53
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-04-22 18:45:53
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 2008-04-22 18:45:53
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-04-22 18:45:53
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 2008-04-22 18:45:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 2008-04-22 18:45:50
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 2008-05-06 13:42
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SpybotSD.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'emule.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
50 processes with 50 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '4' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Users\bigwolf\AppData\Local\Temp\zfe2.exe
--> Object
[1] Archive type: RSRC
--> Object
--> Object
[3] Archive type: RSRC
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.ABUV
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.mnz
--> Object
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.moa
[NOTE] The file was moved to '48854b3d.qua'!
End of the scan: 2008-05-06 14:42
Used time: 59:48 min
The scan has been done completely.
14816 Scanning directories
265705 Files were scanned
3 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
265702 Files not concerned
1730 Archives were scanned
1 Warnings
1 Notes
j'ai aussi fait un raport avec combofix
voila le resulttat
ComboFix 08-05-01.3 - bigwolf 2008-05-06 14:44:37.2 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1191 [GMT 2:00]
Endroit: C:\Users\bigwolf\Desktop\ComboFix.exe
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\Microsoft\Windows\Start Menu\Online Security Guide.url
C:\ProgramData\Microsoft\Windows\Start Menu\Security Troubleshooting.url
C:\Windows\system32\drivers\IDSVIX86.sys
C:\Windows\system32\drivers\runtime2.sys
C:\Windows\system32\IDSVIX86.sys
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
.
---- Previous Run -------
.
C:\Windows\system32\koos.exe
C:\Windows\system32\kprof
C:\Windows\system32\poof
----- BITS: Possible sites infect‚s -----
hxxp://rad.msn.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\LEGACY_IDSVIX86
-------\Legacy_IDSVIX86
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-04-06 to 2008-05-06 ))))))))))))))))))))))))))))))))))))
.
2008-05-06 12:16 . 2008-05-06 12:16 156 --a------ C:\Windows\wininit.ini
2008-05-06 10:12 . 2008-05-06 13:20 81,984 --a------ C:\Windows\System32\bdod.bin
2008-05-06 10:09 . 2008-05-06 13:22 <REP> d-------- C:\Users\All Users\BitDefender
2008-05-06 10:08 . 2008-05-06 13:22 <REP> d----c--- C:\Program Files\Common Files\Softwin
2008-05-06 10:01 . 2008-05-06 10:01 <REP> d-------- C:\Users\bigwolf\.housecall6.6
2008-05-06 07:59 . 2008-05-06 07:59 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\ItsLabel
2008-05-05 16:47 . 2008-05-05 17:12 <REP> d----c--- C:\Program Files\e-anim
2008-05-04 23:01 . 2008-05-04 23:01 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\gtk-2.0
2008-05-04 23:00 . 2008-05-04 23:00 <REP> d-------- C:\Users\bigwolf\.thumbnails
2008-05-04 22:49 . 2008-05-04 23:08 <REP> d-------- C:\Users\bigwolf\.gimp-2.4
2008-05-01 09:44 . 2008-05-01 09:44 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\EmailNotifier
2008-05-01 09:18 . 2008-05-01 09:18 507,904 --a------ C:\Windows\TMUPDATE.DLL
2008-05-01 09:18 . 2008-05-01 09:18 286,720 --a------ C:\Windows\PATCH.EXE
2008-05-01 09:18 . 2008-05-01 09:18 69,689 --a------ C:\Windows\UNZIP.DLL
2008-05-01 08:58 . 2008-05-01 08:58 <REP> d-------- C:\Users\All Users\EmailNotifier
2008-05-01 08:58 . 2008-05-01 08:58 <REP> d----c--- C:\Program Files\CA VMN Anti-Spyware
2008-04-27 20:37 . 2008-04-27 20:37 <REP> d-------- C:\Users\bigwolf\Nouveau dossier
2008-04-25 18:59 . 2008-05-06 08:08 <REP> d----c--- C:\Program Files\Norton Security Scan
2008-04-25 18:58 . 2008-04-25 18:59 <REP> d-------- C:\Windows\System32\Adobe
2008-04-25 13:56 . 2005-09-01 11:03 127,488 --------- C:\Windows\System32\drivers\imagesrv.sys
2008-04-25 13:56 . 2005-09-01 11:03 5,888 --------- C:\Windows\System32\drivers\imagedrv.sys
2008-04-25 13:54 . 2004-07-26 16:16 1,568,768 --------- C:\Windows\System32\ImagX7.dll
2008-04-25 13:54 . 2004-07-26 16:16 476,320 --------- C:\Windows\System32\ImagXpr7.dll
2008-04-25 13:54 . 2004-07-26 16:16 471,040 --------- C:\Windows\System32\ImagXRA7.dll
2008-04-25 13:54 . 2004-07-09 08:43 364,544 --------- C:\Windows\System32\TwnLib4.dll
2008-04-25 13:54 . 2004-07-26 16:16 262,144 --------- C:\Windows\System32\ImagXR7.dll
2008-04-25 13:54 . 2001-07-09 10:50 155,648 --a------ C:\Windows\System32\NeroCheck.exe
2008-04-25 13:54 . 2000-06-26 10:45 106,496 --a------ C:\Windows\System32\TwnLib20.dll
2008-04-25 13:53 . 2008-04-25 13:54 <REP> d----c--- C:\Program Files\Ahead
2008-04-23 11:08 . 2008-05-06 13:25 <REP> d----c--- C:\eMule
2008-04-23 10:42 . 2008-04-23 10:42 <REP> d-------- C:\Users\bigwolf\AppData\Roaming\Notepad++
2008-04-23 10:42 . 2008-04-23 10:42 <REP> d----c--- C:\Program Files\Notepad++
2008-04-20 16:52 . 2008-05-01 09:42 524,288 --ahs---- C:\Users\bigwolf\ntuser.dat{33271a4f-0ee9-11dd-8877-0015af3e5d27}.TMContainer00000000000000000002.regtrans-ms
2008-04-20 16:52 . 2008-05-01 09:42 524,288 --ahs---- C:\Users\bigwolf\ntuser.dat{33271a4f-0ee9-11dd-8877-0015af3e5d27}.TMContainer00000000000000000001.regtrans-ms
2008-04-20 16:52 . 2008-05-01 09:42 65,536 --ahs---- C:\Users\bigwolf\ntuser.dat{33271a4f-0ee9-11dd-8877-0015af3e5d27}.TM.blf
2008-04-12 10:26 . 2008-04-12 10:26 <REP> d-------- C:\Users\bigwolf\Program Files
2008-04-09 10:40 . 2008-02-15 01:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 10:40 . 2008-02-19 07:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 10:40 . 2008-02-29 08:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 10:40 . 2008-02-29 08:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 10:40 . 2008-02-29 08:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 10:40 . 2008-02-29 08:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 10:40 . 2008-02-29 08:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 10:40 . 2008-02-29 08:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 10:40 . 2008-02-29 08:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-09 10:29 . 2008-02-29 06:16 2,027,008 --a------ C:\Windows\System32\win32k.sys
2008-04-09 10:29 . 2008-02-21 06:43 296,448 --a------ C:\Windows\System32\gdi32.dll
2008-04-09 10:24 . 2007-12-16 13:42 83,968 --a------ C:\Windows\System32\dnsrslvr.dll
2008-04-09 10:24 . 2007-12-16 13:41 24,576 --a------ C:\Windows\System32\dnscacheugc.exe
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-06 06:03 --------- d-----w C:\Users\bigwolf\AppData\Roaming\EoRezo
2008-05-06 06:02 --------- dc----w C:\Program Files\Beneton Movie GIF
2008-05-05 14:43 --------- d-----w C:\Program Files\Visicom Media
2008-05-03 10:26 --------- d-----w C:\Program Files\vmntoolbar
2008-05-01 07:07 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-27 18:38 3,846 ----a-w C:\Users\bigwolf\AppData\Roaming\wklnhst.dat
2008-04-25 11:53 --------- dc----w C:\Program Files\Common Files\Ahead
2008-04-23 07:25 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-04-13 15:02 --------- d-----w C:\Program Files\Panda Security
2008-04-10 10:29 --------- d-----w C:\Program Files\Windows Mail
2008-03-30 22:21 --------- d-----w C:\Users\bigwolf\AppData\Roaming\Yahoo! Companion
2008-03-30 22:21 --------- d-----w C:\Program Files\Google
2008-03-30 02:04 --------- d-----w C:\Users\bigwolf\AppData\Roaming\XnView
2008-03-30 01:40 --------- d-----w C:\Program Files\XnView
2008-03-29 11:30 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-29 11:29 --------- dc----w C:\Program Files\Common Files\Real
2008-03-28 17:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 17:32 --------- dc----w C:\Program Files\Common Files\PX Storage Engine
2008-03-28 17:32 --------- d-----w C:\Program Files\DivX
2008-03-09 11:53 --------- d-----w C:\Users\trou de balle\AppData\Roaming\Talkback
2008-03-08 17:27 --------- d--h--r C:\Users\trou de balle\AppData\Roaming\SecuROM
2008-03-07 23:59 --------- dc----w C:\Program Files\CCleaner
2008-03-07 18:30 234,166 ----a-w C:\Windows\EasyGifAnimator_Toolbar_Uninstaller_442.exe
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-21 02:05 129,784 ------w C:\Windows\System32\PxAFS.DLL
2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-02-14 02:00 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 01:56 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 01:56 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 01:56 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 01:56 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 01:56 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 01:55 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 01:55 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 01:55 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 01:55 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 01:55 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 01:55 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 01:55 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-09 04:18 691,545 ----a-w C:\Windows\unins000.exe
2008-01-27 06:54 27,525 ----a-w C:\Users\bigwolf\AppData\Roaming\nvModes.dat
2007-01-01 00:43 174 --sha-w C:\Program Files\desktop.ini
2007-12-19 08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-12-19 08:36 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-12-19 08:36 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-11-16 20:30 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007111620071117\index.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8287-79A187E26987}]
2007-09-24 16:26 2022912 --a------ C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-8287-79A187E26987}"= "C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL" [2007-09-24 16:26 2022912]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-8287-79A187E26987}"= C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL [2007-09-24 16:26 2022912]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-8287-79a187e26987}]
[HKEY_CLASSES_ROOT\vmntoolbar.VMNTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:07 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 14:34 2159104 C:\Windows\System32\oobefldr.dll]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-07-19 15:32 1120568]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-02-20 16:15 816368]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 14:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"eMuleAutoStart"="C:\eMule\emule.exe" [2007-05-13 16:57 5308416]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Outil de mise … jour Google.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-03-31 00:19:01 124400]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0D6CFCF-F032-4C36-A8D8-8284A6D23A31}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{0D803923-CBC2-4F62-B50F-AF82B2C60771}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3C367DB0-477B-4B63-BD84-7368123BB5A6}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{D7205450-19C7-451E-BC69-F8C6162D6EBF}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CD201523-1A2C-4184-99D0-C62E771D8783}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{29797336-22FB-4DC6-BCA4-540A875BDC70}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{21BB3ABE-6C1D-49F4-A234-DEAABF01B3F8}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D49603BF-E4E0-4BB4-9372-78A67B4E5E1C}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{A8311C70-551E-495C-AA58-63E73703AA13}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{3945DC6C-BE9A-4A04-A8FA-CD50AAD51DD3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{00B0D406-F9F2-4EB6-9048-6CB20C6D50D4}"= UDP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0D4B8946-B4A6-417D-9BA1-539B74201CA6}"= TCP:C:\Program Files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{7ABA62C5-0416-47AA-B312-8A4754E96CF7}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{697A47BB-3779-4D6A-AAC9-C634BBBBD842}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"TCP Query User{69A4376C-8D2E-45AF-BAFA-620E7E055E37}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{F91187D1-0E5D-4F72-9449-F09EE2177D08}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{11B938A2-8513-4880-AEC9-871725D8621D}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{D68AD715-846B-477D-B177-0F0A5B3944CA}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{C1B46920-5C39-4427-AA25-DD107DE2CADC}C:\\users\\bigwolf\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\bigwolf\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{DD1C91B6-ECB7-4E8D-8C7A-CEAB97547004}C:\\users\\bigwolf\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\bigwolf\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{3EFB369A-6BF1-41A4-980B-0E6F5745F36A}C:\\emule\\emule.exe"= UDP:C:\emule\emule.exe:eMule
"UDP Query User{3BA30AD8-FB7D-4FE1-9A06-CE166B8AAC67}C:\\emule\\emule.exe"= TCP:C:\emule\emule.exe:eMule
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 Cam5607;Bison WebCam;C:\Windows\system32\Drivers\BisonC07.sys [2007-07-23 20:35]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 02:50]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-09-27 14:46]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 22:47]
S2 RapiMgr;Connectivité de l'appareil Windows Mobile;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
S2 WcesComm;Connectivité de l'appareil Windows Mobile 2003;C:\Windows\system32\svchost.exe [2006-11-02 11:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-05-06 12:30:00 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-05-06 12:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-06 14:50:15
Windows 6.0.6000 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 53
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Windows\System32\conime.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\wbem\unsecapp.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-05-06 14:54:03 - machine was rebooted [bigwolf]
ComboFix-quarantined-files.txt 2008-05-06 12:53:53
Pre-Run: 16,109,281,280 octets libres
Post-Run: 16,525,844,480 octets libres
247 --- E O F --- 2008-04-21 18:41:02
j'en ai fait bocoup peu etre lol mais bon,
j'aimerai savoir comment faire pour me debarasser de ces virus qui aime me coller
merci
A voir également:
- "TR/Dldr.Zlob.moa" et "Contains sus
- Sennheiser tr 4200 problème - Forum Casque et écouteurs
- &Quot;Bip-bip" intempestif dans mon casque Sennheiser RR 4200" - Forum TV & Vidéo
- Sennheiser tr 120 mode d'emploi - Forum TV & Vidéo
- Local-part of envelope rcpt address contains utf8 but remote server did not offer smtputf8 ✓ - Forum Debian
- Encodage utf8 mail php smtp ✓ - Forum Mail
27 réponses
Salut
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
Télécharge ceci :
Lien : http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Démo : http://pageperso.aol.fr/balltrap34/demohijack.htm
Choisir l'option "do a scan and a logfile", et faire un copier/coller du rapport ainsi générer sur le forum.
++
je tien a dire aussi que j'ai visiter toute les autre discution sur le meme sujet mais j'ai peur de faire une connerie alors je prefere demander de l'aide
salut
merci de repondre voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38:15, on 10/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\EasyMIC.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [EasyMIC] C:\Windows\BisonCam\EasyMIC.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
merci de repondre voila le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:38:15, on 10/01/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\BisonCam\BisonHK.exe
C:\Windows\BisonCam\EasyMIC.exe
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\Explorer.exe
C:\Windows\system32\conime.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BisonHK] C:\Windows\BisonCam\BisonHK.exe
O4 - HKLM\..\Run: [EasyMIC] C:\Windows\BisonCam\EasyMIC.exe
O4 - HKLM\..\Run: [CardReaderMonitor] C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [toolbar_eula_launcher] C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
ok,
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
++
Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
Redémarre ton ordinateur en mode sans échec
Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.cmd pour lancer le script.
Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
++
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
quand j'ouvre SDFix > Run This une fenetre noir s'ouvre, j'appui sur "y" mais rien ne se passe, les seul chiffre et lettre dont il parle sont 1-2-3 et a-b-c-d-u
je fait quoi
je fait quoi
Oups ! tu es sous vista, c'est pas encore compatible, désolée !
télécharge ceci :http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
* Installez le programme sur le bureau :
o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
* Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)
* Démarrez en mode sans échec
* Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
* Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !)
* Un rapport sera généré, enregistrez le de manière à le retrouver
==> poste le stp !
++
télécharge ceci :http://www.commentcamarche.net/telecharger/telecharger 34055379 malwarebyte s anti malware
* Installez le programme sur le bureau :
o S'il manque le fichier COMCTL32.OCX, vous pourrez le télécharger ici
* Faites les mises à jour (clic sur Mises à jour puis Recherche de mises à jour)
* Démarrez en mode sans échec
* Lancez le MalwareByte's Anti-Malware, cliquez sur Exécuter un examen complet puis Rechercher et sélectionnez tous tes disques durs
* Une fois le scan terminé, cliquez sur supprimer (si un message demande à redémarrer le PC, acceptez !)
* Un rapport sera généré, enregistrez le de manière à le retrouver
==> poste le stp !
++
Malwarebytes' Anti-Malware 1.12
Version de la base de données: 723
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 135636
Temps écoulé: 25 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voila le rapport
Version de la base de données: 723
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 135636
Temps écoulé: 25 minute(s), 37 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 1
Valeur(s) du Registre infectée(s): 2
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voila le rapport
le scan est en train de se faire lol,
c'est cool d'être aider par une fille de mon age lol
tu t'y connais vachement lol
c'est cool d'être aider par une fille de mon age lol
tu t'y connais vachement lol
euhhh scuz moi, mais une petite question est ce que tu sais si on peu mettre un code sur un dossier pour pas l'ouvrir???
merci
merci
Avira AntiVir Personal
Report file date: mardi 6 mai 2008 18:15
Scanning for 1253212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BIGWOLF
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 22/04/2008 18:45:53
AVSCAN.DLL : 8.1.1.0 53505 Bytes 22/04/2008 18:45:53
LUKE.DLL : 8.1.2.9 151809 Bytes 22/04/2008 18:45:53
LUKERES.DLL : 8.1.2.1 12033 Bytes 22/04/2008 18:45:53
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:15:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:40:36
ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 06/05/2008 11:40:37
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 22/04/2008 18:45:54
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 30/04/2008 18:38:32
AESCN.DLL : 8.1.0.15 119157 Bytes 30/04/2008 18:38:31
AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 18:38:00
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 18:38:56
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 22/04/2008 18:45:54
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 30/04/2008 18:38:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 22/04/2008 18:45:54
AEGEN.DLL : 8.1.0.18 299381 Bytes 26/04/2008 18:37:40
AEEMU.DLL : 8.1.0.5 430450 Bytes 22/04/2008 18:45:54
AECORE.DLL : 8.1.0.27 168310 Bytes 22/04/2008 18:45:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 22/04/2008 18:45:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 22/04/2008 18:45:53
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 22/04/2008 18:45:53
AVARKT.DLL : 1.0.0.23 307457 Bytes 22/04/2008 18:45:53
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 22/04/2008 18:45:53
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/04/2008 18:45:53
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 22/04/2008 18:45:53
NETNT.DLL : 8.0.0.1 7937 Bytes 22/04/2008 18:45:53
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 22/04/2008 18:45:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 22/04/2008 18:45:50
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 6 mai 2008 18:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
voila mon rapport antivir
Report file date: mardi 6 mai 2008 18:15
Scanning for 1253212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BIGWOLF
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 22/04/2008 18:45:53
AVSCAN.DLL : 8.1.1.0 53505 Bytes 22/04/2008 18:45:53
LUKE.DLL : 8.1.2.9 151809 Bytes 22/04/2008 18:45:53
LUKERES.DLL : 8.1.2.1 12033 Bytes 22/04/2008 18:45:53
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:15:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:40:36
ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 06/05/2008 11:40:37
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 22/04/2008 18:45:54
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 30/04/2008 18:38:32
AESCN.DLL : 8.1.0.15 119157 Bytes 30/04/2008 18:38:31
AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 18:38:00
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 18:38:56
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 22/04/2008 18:45:54
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 30/04/2008 18:38:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 22/04/2008 18:45:54
AEGEN.DLL : 8.1.0.18 299381 Bytes 26/04/2008 18:37:40
AEEMU.DLL : 8.1.0.5 430450 Bytes 22/04/2008 18:45:54
AECORE.DLL : 8.1.0.27 168310 Bytes 22/04/2008 18:45:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 22/04/2008 18:45:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 22/04/2008 18:45:53
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 22/04/2008 18:45:53
AVARKT.DLL : 1.0.0.23 307457 Bytes 22/04/2008 18:45:53
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 22/04/2008 18:45:53
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/04/2008 18:45:53
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 22/04/2008 18:45:53
NETNT.DLL : 8.0.0.1 7937 Bytes 22/04/2008 18:45:53
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 22/04/2008 18:45:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 22/04/2008 18:45:50
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 6 mai 2008 18:15
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
voila mon rapport antivir
Très bien !
oui, tu peux supprimer les quarantaines !
et supprime ce programme si présent : NetProject
ensuite, poste un nouveau stp
++
oui, tu peux supprimer les quarantaines !
et supprime ce programme si présent : NetProject
ensuite, poste un nouveau stp
++
Très bien !
oui, tu peux supprimer les quarantaines !
et supprime ce programme si présent : NetProject
ensuite, poste un nouveau stp
++
oui, tu peux supprimer les quarantaines !
et supprime ce programme si présent : NetProject
ensuite, poste un nouveau stp
++
Avira AntiVir Personal
Report file date: mardi 6 mai 2008 19:19
Scanning for 1253212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BIGWOLF
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 22/04/2008 18:45:53
AVSCAN.DLL : 8.1.1.0 53505 Bytes 22/04/2008 18:45:53
LUKE.DLL : 8.1.2.9 151809 Bytes 22/04/2008 18:45:53
LUKERES.DLL : 8.1.2.1 12033 Bytes 22/04/2008 18:45:53
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:15:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:40:36
ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 06/05/2008 11:40:37
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 22/04/2008 18:45:54
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 30/04/2008 18:38:32
AESCN.DLL : 8.1.0.15 119157 Bytes 30/04/2008 18:38:31
AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 18:38:00
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 18:38:56
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 22/04/2008 18:45:54
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 30/04/2008 18:38:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 22/04/2008 18:45:54
AEGEN.DLL : 8.1.0.18 299381 Bytes 26/04/2008 18:37:40
AEEMU.DLL : 8.1.0.5 430450 Bytes 22/04/2008 18:45:54
AECORE.DLL : 8.1.0.27 168310 Bytes 22/04/2008 18:45:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 22/04/2008 18:45:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 22/04/2008 18:45:53
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 22/04/2008 18:45:53
AVARKT.DLL : 1.0.0.23 307457 Bytes 22/04/2008 18:45:53
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 22/04/2008 18:45:53
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/04/2008 18:45:53
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 22/04/2008 18:45:53
NETNT.DLL : 8.0.0.1 7937 Bytes 22/04/2008 18:45:53
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 22/04/2008 18:45:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 22/04/2008 18:45:50
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 6 mai 2008 19:19
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '4' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: mardi 6 mai 2008 20:45
Used time: 1:25:21 min
The scan has been done completely.
14825 Scanning directories
265953 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
265953 Files not concerned
1734 Archives were scanned
1 Warnings
0 Notes
Report file date: mardi 6 mai 2008 19:19
Scanning for 1253212 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC-DE-BIGWOLF
Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 22/04/2008 18:45:53
AVSCAN.DLL : 8.1.1.0 53505 Bytes 22/04/2008 18:45:53
LUKE.DLL : 8.1.2.9 151809 Bytes 22/04/2008 18:45:53
LUKERES.DLL : 8.1.2.1 12033 Bytes 22/04/2008 18:45:53
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 23:15:57
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 11:40:36
ANTIVIR3.VDF : 7.0.4.7 22528 Bytes 06/05/2008 11:40:37
Engineversion : 8.1.0.37
AEVDF.DLL : 8.1.0.5 102772 Bytes 22/04/2008 18:45:54
AESCRIPT.DLL : 8.1.0.28 233851 Bytes 30/04/2008 18:38:32
AESCN.DLL : 8.1.0.15 119157 Bytes 30/04/2008 18:38:31
AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 18:38:00
AEPACK.DLL : 8.1.1.4 364918 Bytes 29/04/2008 18:38:56
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 22/04/2008 18:45:54
AEHEUR.DLL : 8.1.0.21 1196407 Bytes 30/04/2008 18:38:30
AEHELP.DLL : 8.1.0.14 115063 Bytes 22/04/2008 18:45:54
AEGEN.DLL : 8.1.0.18 299381 Bytes 26/04/2008 18:37:40
AEEMU.DLL : 8.1.0.5 430450 Bytes 22/04/2008 18:45:54
AECORE.DLL : 8.1.0.27 168310 Bytes 22/04/2008 18:45:54
AVWINLL.DLL : 1.0.0.7 14593 Bytes 22/04/2008 18:45:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 22/04/2008 18:45:53
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 22/04/2008 18:45:53
AVARKT.DLL : 1.0.0.23 307457 Bytes 22/04/2008 18:45:53
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 22/04/2008 18:45:53
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/04/2008 18:45:53
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 22/04/2008 18:45:53
NETNT.DLL : 8.0.0.1 7937 Bytes 22/04/2008 18:45:53
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 22/04/2008 18:45:50
RCTEXT.DLL : 8.0.32.0 86273 Bytes 22/04/2008 18:45:50
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mardi 6 mai 2008 19:19
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'SearchFilterHost.exe' - '1' Module(s) have been scanned
Scan process 'SearchProtocolHost.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'unsecapp.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'SmpSys.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SDWinSec.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'DevSvc.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '4' files ).
Starting the file scan:
Begin scan in 'C:\' <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
End of the scan: mardi 6 mai 2008 20:45
Used time: 1:25:21 min
The scan has been done completely.
14825 Scanning directories
265953 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
265953 Files not concerned
1734 Archives were scanned
1 Warnings
0 Notes
