Virtumonde et PrivacyRemover
Résolu
Black-Pops
Messages postés
43
Date d'inscription
Statut
Membre
Dernière intervention
-
Black-Pops Messages postés 43 Date d'inscription Statut Membre Dernière intervention -
Black-Pops Messages postés 43 Date d'inscription Statut Membre Dernière intervention -
Bonjour,
Désolé d'ouvrir encore un sujet là dessus,mais comme beaucoup de gens j'ai le message d'erreur sur mon bureau et ces deux saletés de spyware.
Voici mon rapport HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:02, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\WINDOWS.0\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS.0\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS.0\system32\carpserv.exe
C:\WINDOWS.0\system32\lphc1mtj0ec77.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.0\System32\wbem\wmiprvse.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\oembios.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lphc1mtj0ec77] C:\WINDOWS.0\system32\lphc1mtj0ec77.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
Désolé d'ouvrir encore un sujet là dessus,mais comme beaucoup de gens j'ai le message d'erreur sur mon bureau et ces deux saletés de spyware.
Voici mon rapport HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:02, on 25/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\system32\csrss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\Explorer.EXE
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\WINDOWS.0\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS.0\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS.0\system32\carpserv.exe
C:\WINDOWS.0\system32\lphc1mtj0ec77.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS.0\System32\wbem\wmiprvse.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\WINDOWS.0\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\oembios.exe,
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [lphc1mtj0ec77] C:\WINDOWS.0\system32\lphc1mtj0ec77.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
28 réponses
Bonjour,
Désinstalle PROPREMENT Avast, c'est important, et installe soit Antivir ( si tu reste en gratuit), soit Nod32 (payant)
ou encore Kaspersky (payant).
Tu peux le constater de toi-même :
http://forum.malekal.com/ftopic3528.php
Si tu décides d'installer Antivir, fais ceci :
- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien : https://www.avira.com/ sur ton Bureau.
- Télécharge le désinstalleur d'Avast sur ton Bureau : https://www.avast.com/fr-fr/uninstall-utility
- Mets toi hors connexion, puis désinstalle avast, avec le désinstalleur! Redémarre ton PC comme demandé et supprime le dossier C:\Program Files\Alwils Software
- Double-clique sur l'installeur d'Antivir. Une fois celui-ci installé, reconnecte toi afin d’effectuer sa mise à jour, et le paramétrer. Ferme le scan qui s'est lancé de manière automatique.
Paramètre le comme,
ici : http://speedweb1.free.fr/frames2.php?page=tuto5
ou là : https://www.malekal.com/avira-free-security-antivirus-gratuit/
- Redémarre en mode sans échec
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît, tapotes la touche
[F8] (ou [F5] sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows. Sélectionne "Mode sans échec" et
appuyer sur [Entrée], il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Tutoriel ci-besoin :
https://forum.pcastuces.com/sujet.asp?f=25&s=3902
- Lance Avira antivir.
- Clique sur Local protection (colonne à gauche), puis sur « Scanner », puis vérifie à RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux), que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut). Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
- Mets tout ce qu il trouve en "Quarantine"
- Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport.
- Redémarre en mode normal puis poste le rapport d'Antivir.
Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php
- Télécharge Malwarebyte's à l'adresse ci-dessous, puis redémarre en mode sans échec. Pour cela, tapotes F8 au démarrage, avant que le logo de windows n'apparaisse. Fais un scan complet, et supprimes tout ce qu'il te trouve. Ensuite sauvegarde le résultat (à la fin du scan, l'option "afficher le résultat", apparait).
https://www.generation-nt.com/malwarebytes-anti-malware-protection-agents-malveillants-securite-anti-malwares-telecharger-telechargement-47800.html
- Lorsque tu as fini ça, refais un log hijackthis.
Désinstalle PROPREMENT Avast, c'est important, et installe soit Antivir ( si tu reste en gratuit), soit Nod32 (payant)
ou encore Kaspersky (payant).
Tu peux le constater de toi-même :
http://forum.malekal.com/ftopic3528.php
Si tu décides d'installer Antivir, fais ceci :
- Télécharge Avira antivir PersonalEdition Classic a partir de ce lien : https://www.avira.com/ sur ton Bureau.
- Télécharge le désinstalleur d'Avast sur ton Bureau : https://www.avast.com/fr-fr/uninstall-utility
- Mets toi hors connexion, puis désinstalle avast, avec le désinstalleur! Redémarre ton PC comme demandé et supprime le dossier C:\Program Files\Alwils Software
- Double-clique sur l'installeur d'Antivir. Une fois celui-ci installé, reconnecte toi afin d’effectuer sa mise à jour, et le paramétrer. Ferme le scan qui s'est lancé de manière automatique.
Paramètre le comme,
ici : http://speedweb1.free.fr/frames2.php?page=tuto5
ou là : https://www.malekal.com/avira-free-security-antivirus-gratuit/
- Redémarre en mode sans échec
Au redémarrage de l'ordinateur, une fois le chargement du BIOS terminé, il y a un écran noir qui apparaît, tapotes la touche
[F8] (ou [F5] sur certains PC) jusqu'à l'affichage du menu des options avancées de Windows. Sélectionne "Mode sans échec" et
appuyer sur [Entrée], il te faudra choisir ta session habituelle, pas le compte "Administrateur" ou une autre.
Tutoriel ci-besoin :
https://forum.pcastuces.com/sujet.asp?f=25&s=3902
- Lance Avira antivir.
- Clique sur Local protection (colonne à gauche), puis sur « Scanner », puis vérifie à RootKit search et Manuelle détection (en développant avec la petite croix devant chacun d'eux), que tous tes disques durs soient bien cochés, puis clique sur la loupe (en dessous de statut). Une fenêtre va s’ouvrir « Luke Filewalker » .. le scan va démarrer.
- Mets tout ce qu il trouve en "Quarantine"
- Une fois le scan achevé, ferme les deux fenêtres d'Antivir et sauvegarde le rapport.
- Redémarre en mode normal puis poste le rapport d'Antivir.
Tuto http://www.malekal.com/tutorial_antivir.html et/ou http://www.libellules.ch/tuto_antivir.php
- Télécharge Malwarebyte's à l'adresse ci-dessous, puis redémarre en mode sans échec. Pour cela, tapotes F8 au démarrage, avant que le logo de windows n'apparaisse. Fais un scan complet, et supprimes tout ce qu'il te trouve. Ensuite sauvegarde le résultat (à la fin du scan, l'option "afficher le résultat", apparait).
https://www.generation-nt.com/malwarebytes-anti-malware-protection-agents-malveillants-securite-anti-malwares-telecharger-telechargement-47800.html
- Lorsque tu as fini ça, refais un log hijackthis.
Tes premiers liens marchent pas, j'ai télécharger antivir sur le site allemand mais je peut pas télécharger le désinstalleur d'avast.
Si je le désinstalle normalement ca marche ou pas ?
Si je le désinstalle normalement ca marche ou pas ?
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Met désinstalleur avast dans google tu tomberas sur le lien normalement. Sinon fais malwarebyte en mode sans échec et post le log.
J'ai trouvé cette méthode sur le site : http://www.commentcamarche.net/faq/sujet 6862 supprimer le trojan vundo virtumonde
Tu pense que ca marcherait, parceque là sans les liens ca va etre un peu chaud ^_^
Merci beaucoup.
Tu pense que ca marcherait, parceque là sans les liens ca va etre un peu chaud ^_^
Merci beaucoup.
Tout pc est différent et tu n'y fait pas exception. Là tu ne te réfères qu'à un seul exemple. Maintenant ce que tu peux faire c'est de déjà faire malwarebyte meme si avast n'est pas encore désinstallé.
Voila, j'ai suivi tes conseils, j'ai fait l'analyse Malwarebyte, non sans mal puisque le virus fait redémarrer l'ordi au bout d'un temps d'inactivité donc j'ai été obligé de rester pas loin du PC.
Merci beaucoup de ton aide en tout cas.
[Edit : Maintenant les liens de ton message marchent, je pense que si ca ne marchait pas avant et maintenant oui, c'est vraiment qu'il y a un rapport.]
Voila le rapport :
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1087
Windows 5.1.2600 Service Pack 2
01:43:53 26/08/2008
mbam-log-08-26-2008 (01-43-46).txt
Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 78564
Temps écoulé: 1 hour(s), 36 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc1mtj0ec77 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows.0\system32\oembios.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\oembios.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\WINDOWS.0\system32\sysproc64 (Trojan.Agent) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS.0\system32\blphc1mtj0ec77.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\oembios.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS.0\system32\lphc1mtj0ec77.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\phc1mtj0ec77.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\cd12A.tmp (Heuristics.Malware) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> No action taken.
Merci beaucoup de ton aide en tout cas.
[Edit : Maintenant les liens de ton message marchent, je pense que si ca ne marchait pas avant et maintenant oui, c'est vraiment qu'il y a un rapport.]
Voila le rapport :
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1087
Windows 5.1.2600 Service Pack 2
01:43:53 26/08/2008
mbam-log-08-26-2008 (01-43-46).txt
Type de recherche: Examen complet (A:\|C:\|D:\|)
Eléments examinés: 78564
Temps écoulé: 1 hour(s), 36 minute(s), 0 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 5
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 33
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc1mtj0ec77 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: c:\windows.0\system32\oembios.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.Agent) -> Data: system32\oembios.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS.0\system32\userinit.exe,C:\WINDOWS.0\system32\oembios.exe,) Good: (userinit.exe) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
Dossier(s) infecté(s):
C:\WINDOWS.0\system32\sysproc64 (Trojan.Agent) -> No action taken.
Fichier(s) infecté(s):
C:\WINDOWS.0\system32\blphc1mtj0ec77.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\sysproc64\sysproc32.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\sysproc64\sysproc86.sys (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\oembios.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssadw.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssl.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssserf.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssmain.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssinit.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdsslog.dll (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\tdssservers.dat (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt1.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt2.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt3.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt4.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt6.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttA.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttC.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttE.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS.0\system32\lphc1mtj0ec77.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS.0\system32\phc1mtj0ec77.bmp (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temp\cd12A.tmp (Heuristics.Malware) -> No action taken.
C:\Documents and Settings\Bigbang\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS.0\system32\drivers\etc\services (Heuristics.Reserved.Word.Exploit) -> No action taken.
Tu es sûr d'avoir fait malwarebyte en mode sans échec ? Ton rapport m'aide beaucoup c'est déjà ça, mais comme il n'a rien corrigé, je doute que tu l'aies fait en mode sans échec. Si tu ne l'a pas fait, tu dois le refaire et reposter.
Si si je l'ai fait en mode sans echec.
D'ailleurs, après l'analyse il m'a posté ce résultat en me disant qu'il n'a pas agit pour tout ces virus.
Puis après avoir enregistré le rapport il a supprimé tout ce qu'il a trouvé.
J'ai du redémarrer l'ordinateur pour supprimer les derniers.
D'ailleurs, après l'analyse il m'a posté ce résultat en me disant qu'il n'a pas agit pour tout ces virus.
Puis après avoir enregistré le rapport il a supprimé tout ce qu'il a trouvé.
J'ai du redémarrer l'ordinateur pour supprimer les derniers.
Voila !
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:42, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\WINDOWS.0\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS.0\system32\carpserv.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:21:42, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS.0\System32\smss.exe
C:\WINDOWS.0\system32\winlogon.exe
C:\WINDOWS.0\system32\services.exe
C:\WINDOWS.0\system32\lsass.exe
C:\WINDOWS.0\system32\svchost.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS.0\system32\spoolsv.exe
C:\WINDOWS.0\system32\cisvc.exe
C:\WINDOWS.0\system32\CTsvcCDA.exe
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS.0\System32\svchost.exe
C:\WINDOWS.0\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS.0\system32\carpserv.exe
C:\WINDOWS.0\system32\ctfmon.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\NETGEAR\WG111 Configuration Utility\WG111CFG.exe
C:\Program Files\Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter\WLANUTL.exe
C:\WINDOWS.0\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS.0\system32\cidaemon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ustart.org
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS.0\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Smart Wizard Wireless Settings.lnk = ?
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS.0\system32\CTsvcCDA.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
Voila le rapport Antivir :
Avira AntiVir Personal
Report file date: mardi 26 août 2008 14:11
Scanning for 1574623 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Bigbang
Computer name: RONAN
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 11:43:53
ANTIVIR3.VDF : 7.0.6.71 81408 Bytes 26/08/2008 11:43:54
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 26/08/2008 11:44:21
AESCN.DLL : 8.1.0.23 119156 Bytes 26/08/2008 11:44:19
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 26/08/2008 11:44:18
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 26/08/2008 11:44:14
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 26/08/2008 11:44:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 26/08/2008 11:44:02
AEEMU.DLL : 8.1.0.7 430452 Bytes 26/08/2008 11:43:59
AECORE.DLL : 8.1.1.8 172406 Bytes 26/08/2008 11:43:56
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 26/08/2008 11:43:55
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, A:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mardi 26 août 2008 14:11
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '50' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Bigbang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-5eeb4808.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.A.39 exploit
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt12.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt14.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt18.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt1C.tmp
[DETECTION] Is the TR/Monder.hjn Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttD.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttF.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\nsy20.tmp\euladlg.dll
[DETECTION] Is the TR/FakeAV.AM Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temporary Internet Files\Content.IE5\CDQ7WHIZ\pipo[1]
[DETECTION] Is the TR/Dldr.Small.aces Trojan
[NOTE] The file was deleted!
C:\WINDOWS.0\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\browser.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: mardi 26 août 2008 15:13
Used time: 1:02:34 Hour(s)
The scan has been done completely.
4999 Scanning directories
138841 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
9 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
36 Files cannot be scanned
138796 Files not concerned
1007 Archives were scanned
36 Warnings
9 Notes
Avira AntiVir Personal
Report file date: mardi 26 août 2008 14:11
Scanning for 1574623 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Bigbang
Computer name: RONAN
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 11:43:53
ANTIVIR3.VDF : 7.0.6.71 81408 Bytes 26/08/2008 11:43:54
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 09/07/2008 08:46:50
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 26/08/2008 11:44:21
AESCN.DLL : 8.1.0.23 119156 Bytes 26/08/2008 11:44:19
AERDL.DLL : 8.1.0.20 418165 Bytes 09/07/2008 08:46:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 26/08/2008 11:44:18
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 26/08/2008 11:44:14
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 26/08/2008 11:44:12
AEHELP.DLL : 8.1.0.15 115063 Bytes 09/07/2008 08:46:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 26/08/2008 11:44:02
AEEMU.DLL : 8.1.0.7 430452 Bytes 26/08/2008 11:43:59
AECORE.DLL : 8.1.1.8 172406 Bytes 26/08/2008 11:43:56
AEBB.DLL : 8.1.0.1 53617 Bytes 24/04/2008 08:50:42
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 26/08/2008 11:43:55
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, A:, D:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox,
Macro heuristic..................: on
File heuristic...................: high
Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR,
Start of the scan: mardi 26 août 2008 14:11
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!
Starting to scan the registry.
The registry was scanned ( '50' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Bigbang\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-54e206d6-5eeb4808.zip
[0] Archive type: ZIP
--> vmain.class
[DETECTION] Contains recognition pattern of the EXP/Java.Gimsh.A.39 exploit
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt12.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt14.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt18.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.tt1C.tmp
[DETECTION] Is the TR/Monder.hjn Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttD.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\.ttF.tmp.vbs
[DETECTION] Contains recognition pattern of the VBS/Agent.1002 VBS script virus
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temp\nsy20.tmp\euladlg.dll
[DETECTION] Is the TR/FakeAV.AM Trojan
[NOTE] The file was deleted!
C:\Documents and Settings\Bigbang\Local Settings\Temporary Internet Files\Content.IE5\CDQ7WHIZ\pipo[1]
[DETECTION] Is the TR/Dldr.Small.aces Trojan
[NOTE] The file was deleted!
C:\WINDOWS.0\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\browser.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\gdi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\mf3216.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS.0\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'D:\'
Search path D:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
End of the scan: mardi 26 août 2008 15:13
Used time: 1:02:34 Hour(s)
The scan has been done completely.
4999 Scanning directories
138841 Files were scanned
9 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
9 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
36 Files cannot be scanned
138796 Files not concerned
1007 Archives were scanned
36 Warnings
9 Notes