Sujet Précédent Sujet Suivant

Virus win 32

Résolu
aspireacer -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
j arrive pas a supprimer win 32 , j essaie de suivre les instruction qu on me donne sur le forum mais internet devient tellement lent que j arrive pas arepondre de suite et du coup celui qui a commencé a m aider n est plus là? quelqu un a un peu de temps pour m aider?????????????????????
A voir également:

19 réponses

Réponse 1 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance MBAM, va dans Quarantaine et supprime tout.

---> Poste un nouveau rapport HijackThis.
1
aspireacer
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:35:12, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 2 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Salut,

- Télécharge HijackThis v2.0.2 sur ton Bureau :
http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

- Double-clique sur HJTInstall afin de lancer l'installation.

- Clique sur Install ensuite sur I Accept.

- Clique sur Do a system scan and save a logfile.

- Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
-1
aspireacer
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:47:37, on 18/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Pack Securite\Common\FSM32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pack Securite\Common\FSMA32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\Pack Securite\Common\FSMB32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Pack Securite\Common\FCH32.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
C:\Program Files\Pack Securite\Common\FAMEH32.EXE
C:\Program Files\Pack Securite\FSPC\fspc.exe
C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\baccar\Bureau\RSIT.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 3 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
As-tu des pages de pubs ?
-1
aspireacer
 
elle sont bloquées
0
Réponse 4 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://blog.sosordi.net/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
-1
aspireacer
 
je suis entrain de le mettre ajour c normal que ça soit lent?
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Sinon change de serveur pour MBAM.
-1
aspireacer
 
ca y est g le rapport
Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1286
Windows 5.1.2600 Service Pack 2

18/10/2008 23:24:44
mbam-log-2008-10-18 (23-24-44).txt

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 80699
Temps écoulé: 12 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\TS2009 (Rogue.TotalSecure) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\System Volume Information\_restore{455575A3-A8F5-40CA-8FE2-434270A33185}\RP23\A0005379.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\TS2009\scan.exe (Rogue.TotalSecure) -> Quarantined and deleted successfully.
C:\Program Files\TS2009\totalsecure.s1 (Rogue.TotalSecure) -> Quarantined and deleted successfully.
0
Réponse 6 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ton PC va bien ?
-1
aspireacer
 
apparement, merci. est ce que tu peux me conseiller un antivirus?
0
Réponse 7 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
F-Secure, tu le payes ?
-1
aspireacer
 
salut destrio, pour fsecure je le paye chez neuf
0
Réponse 8 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Pourquoi veux-tu le changer ?
-1
aspireacer
 
c normal qu'il me protege pas contre ce virus? on plus on dit que norton est le meilleur, je ne sais pas si c vrai
0
Réponse 9 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Norton n'est pas un des meilleurs.
-1
aspireacer
 
donc il vaut mieu garder f secure?
0
Réponse 10 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Perso, je ne vois pas l'intérêt de payer un antivirus, après c'est en fonction de la personne.
-1
aspireacer
 
moi non plus en plus c 5E par mois ce qui fais le double du pris en un an d un antivirus que j achete mais vu que g un mois d essaie qui finira dans deux jours, je voulais essayer en attendant une autre solution. t as quelque chose ame proposer?
0
Réponse 11 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Je te propose Antivir.
-1
aspireacer
 
il faut désinstaller f secure avant de l installer? et je le telecharge sur cmc?
0
Réponse 12 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Oui.

La version officielle française n'est pas encore sortie mais tu as la pré-version (qui fonctionne très bien, je l'ai) :
https://www.mediafire.com/?sharekey=1ab12433e284b403d2db6fb9a8902bda
-1
aspireacer
 
ok merci, je l installe et je te tient au courant
0
aspireacer > aspireacer
 
resalut
g telechargé antivir et voila le rapprt


Avira AntiVir Personal
Report file date: dimanche 19 octobre 2008 18:39

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: baccar
Computer name: BACCAR-XGPPCVOZ

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Windows System Directory
Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 19 octobre 2008 18:39

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ACU.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
39 processes with 39 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\WINDOWS\system32'


End of the scan: dimanche 19 octobre 2008 18:40
Used time: 01:51 Minute(s)

The scan has been done completely.

190 Scanning directories
5328 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
0 Files cannot be scanned
5328 Files not concerned
3 Archives were scanned
0 Warnings
0 Notes
0
Réponse 13 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Le scan, c'est toi qui l'a arrêté ?
-1
aspireacer
 
non tout seul, je recommence
0
aspireacer > aspireacer
 
voila le nouveau rapport

Avira AntiVir Personal
Report file date: dimanche 19 octobre 2008 20:28

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BACCAR-XGPPCVOZ

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 19 octobre 2008 20:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ACU.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\'
E:\System Volume Information\System Volume Information .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{455575A3-A8F5-40CA-8FE2-434270A33185}\RP10\A0003736.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000627.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000628.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\NokiaN73Tools.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\Office2007 Serial.txt.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\RP0 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\JetAudio dump.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\RP1 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028800.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028897.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028921.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028940.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028963.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0030012.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0031012.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\RP10 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\A0031019.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\RP11 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\RP12 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\NokiaN73Tools.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.67 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\RP13 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\Make Windows Original.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\RP14 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\Office2007 Serial.txt.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\RP15 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\JetAudio dump.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\RP16 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\InstallMSN11En.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\RP17 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\Lock Folder.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\RP18 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039242.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039244.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039245.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039256.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039267.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040238.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040249.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040252.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040254.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043257.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043261.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043263.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044254.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044257.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045272.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045276.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045278.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0046278.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\A0014226.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\InstallMSN11En.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\RP2 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0014263.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0017646.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0019286.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020285.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020317.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\RP3 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020353.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020361.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\RP4 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0021373.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0023362.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0024362.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\RP5 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\A0025375.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\Make Windows Original.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\RP6 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0025381.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026426.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026470.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026497.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\Office2007 Serial.txt.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\RP7 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026506.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026532.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0027532.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\RP8 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\A0028793.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\Make Windows Original.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\RP9 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.137 worm
[NOTE] The file was deleted!


End of the scan: dimanche 19 octobre 2008 21:05
Used time: 36:55 Minute(s)

The scan has been done completely.

2221 Scanning directories
163281 Files were scanned
90 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
90 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
163190 Files not concerned
2089 Archives were scanned
1 Warnings
90 Notes
0
aspireacer > aspireacer
 
voila le nouveau rapport

Avira AntiVir Personal
Report file date: dimanche 19 octobre 2008 20:28

Scanning for 1369550 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: BACCAR-XGPPCVOZ

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
Engineversion : 8.1.1.19
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 19 octobre 2008 20:28

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
Scan process 'Apache.exe' - '1' Module(s) have been scanned
Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'ACU.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'acs.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '50' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'E:\'
E:\System Volume Information\System Volume Information .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{455575A3-A8F5-40CA-8FE2-434270A33185}\RP10\A0003736.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000627.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000628.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\NokiaN73Tools.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\Office2007 Serial.txt.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\RP0 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\JetAudio dump.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\RP1 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028800.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028897.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028921.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028940.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028963.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0030012.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0031012.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\RP10 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\A0031019.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\RP11 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\RP12 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\NokiaN73Tools.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.67 worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\RP13 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\Make Windows Original.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\RP14 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\Office2007 Serial.txt.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\RP15 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\JetAudio dump.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\RP16 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\InstallMSN11En.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\RP17 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\Lock Folder.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\RP18 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039242.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039244.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039245.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039256.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039267.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040238.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040249.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040252.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040254.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043257.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043261.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043263.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044254.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044257.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045272.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045276.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045278.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0046278.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\A0014226.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\InstallMSN11En.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\RP2 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0014263.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0017646.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0019286.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020285.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020317.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\RP3 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020353.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020361.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\RP4 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0021373.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0023362.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0024362.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\RP5 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\A0025375.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\Make Windows Original.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\RP6 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0025381.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026426.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026470.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026497.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\Office2007 Serial.txt.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\RP7 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026506.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026532.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0027532.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\RP8 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\WinrRarSerialInstall.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\A0028793.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\Make Windows Original.0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
[NOTE] The file was deleted!
E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\RP9 .0xe
[DETECTION] Contains recognition pattern of the WORM/Mabezat.B.137 worm
[NOTE] The file was deleted!


End of the scan: dimanche 19 octobre 2008 21:05
Used time: 36:55 Minute(s)

The scan has been done completely.

2221 Scanning directories
163281 Files were scanned
90 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
90 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
163190 Files not concerned
2089 Archives were scanned
1 Warnings
90 Notes
0
Réponse 14 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
C'est mieux.

---> Poste un nouveau rapport HijackThis.
-1
aspireacer
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:18:56, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 15 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Relance HijackThis et choisis Do a system scan only

---> Coche les cases qui sont devant les lignes suivantes :

O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

---> Redémarre ton PC et poste un nouveau rapport HijackThis.
-1
aspireacer
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:38:52, on 19/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ItsLabel\ItsTV.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
0
Réponse 16 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Désinstalle HijackThis.

On peut passer à la dernière étape si tu n'as plus de problème.
-1
aspireacer
 
oui bien sur
0
Réponse 17 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
https://www.ccleaner.com/ccleaner/download

---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

---> Supprime le contenu de la quarantaine d'Antivir.

---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
https://www.vulgarisation-informatique.com/creer-point-restauration.php

---> Tiens à jour Windows.
-1
aspireacer
 
c fait je suis entrain de mettre a jour windows
0
Réponse 18 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Ok.
-1
aspireacer
 
merci beaucoup, bonne soirée
0
Réponse 19 / 19
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 305
 
Bonne soirée ;)
-1

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses