Virus win 32

Résolu
aspireacer -  
Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   -
Bonjour,
j arrive pas a supprimer win 32 , j essaie de suivre les instruction qu on me donne sur le forum mais internet devient tellement lent que j arrive pas arepondre de suite et du coup celui qui a commencé a m aider n est plus là? quelqu un a un peu de temps pour m aider?????????????????????
Configuration: Windows XP
Internet Explorer 7.0

19 réponses

Résumé de la discussion

Suppression d'une infection Win32 sous Windows XP et lenteur de la connexion Internet entravent l'assistance en ligne. Les réponses suggèrent d'utiliser MBAM en quarantaine et de supprimer les éléments détectés, puis de partager un rapport HijackThis afin d'affiner le diagnostic et de poursuivre le nettoyage. Un rapport Avira AntiVir Personal détaillé montre des détections répétées de vers tels que WORM/Mabezat.b et WORM/Agent, avec des suppressions réalisées sur des éléments du dossier System Volume Information et d'autres emplacements système. Des indices indiquent que des fichiers du système de restauration et des sauvegardes ont été touchés, nécessitant des analyses supplémentaires et une coordination des outils pour éviter les récidives.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance MBAM, va dans Quarantaine et supprime tout.

    ---> Poste un nouveau rapport HijackThis.
    1
    1. aspireacer
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:35:12, on 18/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\acs.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Atheros\ACU.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Pack Securite\Common\FSM32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
      C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\Pack Securite\Common\FSMA32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      C:\Program Files\Pack Securite\Common\FSMB32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\Pack Securite\Common\FCH32.EXE
      C:\Program Files\Pack Securite\Common\FAMEH32.EXE
      C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
      C:\Program Files\Pack Securite\FSPC\fspc.exe
      C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
      C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
      C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
      O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
      O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
      O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
      O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
      O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      0
  2. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Salut,

    - Télécharge HijackThis v2.0.2 sur ton Bureau :
    http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe

    - Double-clique sur HJTInstall afin de lancer l'installation.

    - Clique sur Install ensuite sur I Accept.

    - Clique sur Do a system scan and save a logfile.

    - Le bloc-notes s'ouvrira, fais un copier/coller de tout son contenu ici dans ton prochain message.
    -1
    1. aspireacer
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 22:47:37, on 18/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\acs.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Atheros\ACU.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Pack Securite\Common\FSM32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
      C:\Program Files\Pack Securite\Anti-Virus\FSGK32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\Pack Securite\Common\FSMA32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      C:\Program Files\Pack Securite\Common\FSMB32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\Pack Securite\Common\FCH32.EXE
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      C:\Program Files\Pack Securite\Anti-Virus\fsqh.exe
      C:\Program Files\Pack Securite\Common\FAMEH32.EXE
      C:\Program Files\Pack Securite\FSPC\fspc.exe
      C:\Program Files\Pack Securite\FSGUI\fsguidll.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      C:\Program Files\Pack Securite\Anti-Virus\fssm32.exe
      C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
      C:\WINDOWS\System32\wbem\wmiapsrv.exe
      C:\Program Files\Pack Securite\FSAUA\program\fsus.exe
      C:\Program Files\Pack Securite\Anti-Virus\fsav32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\baccar\Bureau\RSIT.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Pack Securite\Common\FSM32.EXE" /splash
      O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Pack Securite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
      O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
      O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Pack Securite\FSPC\fspcmsie.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
      O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Pack Securite\Anti-Virus\fsgk32st.exe
      O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Pack Securite\FSAUA\program\fsaua.exe
      O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Pack Securite\FWES\Program\fsdfwd.exe
      O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Pack Securite\Common\FSMA32.EXE
      O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      0
  3. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    As-tu des pages de pubs ?
    -1
    1. aspireacer
       
      elle sont bloquées
      0
  4. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    - Télécharge et installe MalwareByte's Anti-Malware :
    http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

    - Mets-le à jour

    - Redémarre en mode sans échec (Recommandé) :
    https://blog.sosordi.net/

    - Choisis ta session habituelle

    - Fais un scan complet avec MalwareByte's Anti-Malware

    - Supprime tout ce que le logiciel trouve, enregistre le rapport

    - Redémarre en mode normal et poste le rapport ici

    Tutorial :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
    -1
    1. aspireacer
       
      je suis entrain de le mettre ajour c normal que ça soit lent?
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Sinon change de serveur pour MBAM.
    -1
    1. aspireacer
       
      ca y est g le rapport
      Malwarebytes' Anti-Malware 1.29
      Version de la base de données: 1286
      Windows 5.1.2600 Service Pack 2

      18/10/2008 23:24:44
      mbam-log-2008-10-18 (23-24-44).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|)
      Eléments examinés: 80699
      Temps écoulé: 12 minute(s), 24 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 1
      Fichier(s) infecté(s): 3

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      C:\Program Files\TS2009 (Rogue.TotalSecure) -> Quarantined and deleted successfully.

      Fichier(s) infecté(s):
      C:\System Volume Information\_restore{455575A3-A8F5-40CA-8FE2-434270A33185}\RP23\A0005379.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
      C:\Program Files\TS2009\scan.exe (Rogue.TotalSecure) -> Quarantined and deleted successfully.
      C:\Program Files\TS2009\totalsecure.s1 (Rogue.TotalSecure) -> Quarantined and deleted successfully.
      0
  7. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ton PC va bien ?
    -1
    1. aspireacer
       
      apparement, merci. est ce que tu peux me conseiller un antivirus?
      0
  8. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    F-Secure, tu le payes ?
    -1
    1. aspireacer
       
      salut destrio, pour fsecure je le paye chez neuf
      0
  9. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Pourquoi veux-tu le changer ?
    -1
    1. aspireacer
       
      c normal qu'il me protege pas contre ce virus? on plus on dit que norton est le meilleur, je ne sais pas si c vrai
      0
  10. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Norton n'est pas un des meilleurs.
    -1
    1. aspireacer
       
      donc il vaut mieu garder f secure?
      0
  11. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Perso, je ne vois pas l'intérêt de payer un antivirus, après c'est en fonction de la personne.
    -1
    1. aspireacer
       
      moi non plus en plus c 5E par mois ce qui fais le double du pris en un an d un antivirus que j achete mais vu que g un mois d essaie qui finira dans deux jours, je voulais essayer en attendant une autre solution. t as quelque chose ame proposer?
      0
  12. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Je te propose Antivir.
    -1
    1. aspireacer
       
      il faut désinstaller f secure avant de l installer? et je le telecharge sur cmc?
      0
  13. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Oui.

    La version officielle française n'est pas encore sortie mais tu as la pré-version (qui fonctionne très bien, je l'ai) :
    https://www.mediafire.com/?sharekey=1ab12433e284b403d2db6fb9a8902bda
    -1
    1. aspireacer
       
      ok merci, je l installe et je te tient au courant
      0
      1. aspireacer > aspireacer
         
        resalut
        g telechargé antivir et voila le rapprt


        Avira AntiVir Personal
        Report file date: dimanche 19 octobre 2008 18:39

        Scanning for 1369550 virus strains and unwanted programs.

        Licensed to: Avira AntiVir PersonalEdition Classic
        Serial number: 0000149996-ADJIE-0001
        Platform: Windows XP
        Windows version: (Service Pack 2) [5.1.2600]
        Boot mode: Normally booted
        Username: baccar
        Computer name: BACCAR-XGPPCVOZ

        Version information:
        BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
        AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
        AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
        LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
        LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
        ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
        ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
        ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
        ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
        Engineversion : 8.1.1.19
        AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
        AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
        AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
        AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
        AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
        AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
        AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
        AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
        AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
        AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
        AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
        AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
        AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
        AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
        AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
        AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
        AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
        AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
        SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
        SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
        NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
        RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
        RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

        Configuration settings for the scan:
        Jobname..........................: Windows System Directory
        Configuration file...............: C:\Program Files\Avira\AntiVir PersonalEdition Classic\setupprf.dat
        Logging..........................: low
        Primary action...................: interactive
        Secondary action.................: ignore
        Scan master boot sector..........: on
        Scan boot sector.................: on
        Boot sectors.....................: C:,
        Process scan.....................: on
        Scan registry....................: on
        Search for rootkits..............: off
        Scan all files...................: Intelligent file selection
        Scan archives....................: on
        Recursion depth..................: 20
        Smart extensions.................: on
        Macro heuristic..................: on
        File heuristic...................: medium

        Start of the scan: dimanche 19 octobre 2008 18:39

        The scan of running processes will be started
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'avgnt.exe' - '1' Module(s) have been scanned
        Scan process 'avguard.exe' - '1' Module(s) have been scanned
        Scan process 'sched.exe' - '1' Module(s) have been scanned
        Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
        Scan process 'iexplore.exe' - '1' Module(s) have been scanned
        Scan process 'iexplore.exe' - '1' Module(s) have been scanned
        Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'alg.exe' - '1' Module(s) have been scanned
        Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
        Scan process 'Apache.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
        Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
        Scan process 'Apache.exe' - '1' Module(s) have been scanned
        Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
        Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
        Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
        Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
        Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
        Scan process 'rundll32.exe' - '1' Module(s) have been scanned
        Scan process 'ACU.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Scan process 'acs.exe' - '1' Module(s) have been scanned
        Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned
        39 processes with 39 modules were scanned

        Starting master boot sector scan:
        Master boot sector HD0
        [INFO] No virus was found!

        Start scanning boot sectors:
        Boot sector 'C:\'
        [INFO] No virus was found!

        Starting to scan the registry.
        The registry was scanned ( '52' files ).


        Starting the file scan:

        Begin scan in 'C:\WINDOWS\system32'


        End of the scan: dimanche 19 octobre 2008 18:40
        Used time: 01:51 Minute(s)

        The scan has been done completely.

        190 Scanning directories
        5328 Files were scanned
        0 viruses and/or unwanted programs were found
        0 Files were classified as suspicious:
        0 files were deleted
        0 files were repaired
        0 files were moved to quarantine
        0 files were renamed
        0 Files cannot be scanned
        5328 Files not concerned
        3 Archives were scanned
        0 Warnings
        0 Notes
        0
  14. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Le scan, c'est toi qui l'a arrêté ?
    -1
    1. aspireacer
       
      non tout seul, je recommence
      0
      1. aspireacer > aspireacer
         
        voila le nouveau rapport

        Avira AntiVir Personal
        Report file date: dimanche 19 octobre 2008 20:28

        Scanning for 1369550 virus strains and unwanted programs.

        Licensed to: Avira AntiVir PersonalEdition Classic
        Serial number: 0000149996-ADJIE-0001
        Platform: Windows XP
        Windows version: (Service Pack 2) [5.1.2600]
        Boot mode: Normally booted
        Username: SYSTEM
        Computer name: BACCAR-XGPPCVOZ

        Version information:
        BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
        AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
        AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
        LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
        LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
        ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
        ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
        ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
        ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
        Engineversion : 8.1.1.19
        AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
        AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
        AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
        AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
        AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
        AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
        AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
        AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
        AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
        AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
        AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
        AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
        AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
        AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
        AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
        AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
        AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
        AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
        SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
        SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
        NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
        RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
        RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

        Configuration settings for the scan:
        Jobname..........................: Complete system scan
        Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
        Logging..........................: low
        Primary action...................: interactive
        Secondary action.................: ignore
        Scan master boot sector..........: on
        Scan boot sector.................: on
        Boot sectors.....................: C:, D:, E:,
        Process scan.....................: on
        Scan registry....................: on
        Search for rootkits..............: off
        Scan all files...................: Intelligent file selection
        Scan archives....................: on
        Recursion depth..................: 20
        Smart extensions.................: on
        Macro heuristic..................: on
        File heuristic...................: medium

        Start of the scan: dimanche 19 octobre 2008 20:28

        The scan of running processes will be started
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'avcenter.exe' - '1' Module(s) have been scanned
        Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
        Scan process 'avgnt.exe' - '1' Module(s) have been scanned
        Scan process 'avguard.exe' - '1' Module(s) have been scanned
        Scan process 'sched.exe' - '1' Module(s) have been scanned
        Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'alg.exe' - '1' Module(s) have been scanned
        Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
        Scan process 'Apache.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
        Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
        Scan process 'Apache.exe' - '1' Module(s) have been scanned
        Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
        Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
        Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
        Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
        Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
        Scan process 'rundll32.exe' - '1' Module(s) have been scanned
        Scan process 'ACU.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Scan process 'acs.exe' - '1' Module(s) have been scanned
        Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned
        38 processes with 38 modules were scanned

        Starting master boot sector scan:
        Master boot sector HD0
        [INFO] No virus was found!

        Start scanning boot sectors:
        Boot sector 'C:\'
        [INFO] No virus was found!
        Boot sector 'D:\'
        [INFO] No virus was found!
        Boot sector 'E:\'
        [INFO] No virus was found!

        Starting to scan the registry.
        The registry was scanned ( '50' files ).


        Starting the file scan:

        Begin scan in 'C:\'
        C:\pagefile.sys
        [WARNING] The file could not be opened!
        Begin scan in 'D:\'
        Begin scan in 'E:\'
        E:\System Volume Information\System Volume Information .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{455575A3-A8F5-40CA-8FE2-434270A33185}\RP10\A0003736.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000627.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000628.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\NokiaN73Tools.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\Office2007 Serial.txt.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\RP0 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\JetAudio dump.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\RP1 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028800.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028897.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028921.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028940.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028963.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0030012.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0031012.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\RP10 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\A0031019.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\RP11 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\RP12 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\NokiaN73Tools.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.B.67 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\RP13 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\Make Windows Original.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\RP14 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\Office2007 Serial.txt.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\RP15 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\JetAudio dump.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\RP16 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\InstallMSN11En.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\RP17 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\Lock Folder.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\RP18 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039242.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039244.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039245.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039256.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039267.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040238.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040249.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040252.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040254.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043257.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043261.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043263.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044254.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044257.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045272.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045276.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045278.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0046278.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\A0014226.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\InstallMSN11En.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\RP2 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0014263.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0017646.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0019286.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020285.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020317.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\RP3 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020353.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020361.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\RP4 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0021373.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0023362.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0024362.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\RP5 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\A0025375.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\Make Windows Original.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\RP6 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0025381.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026426.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026470.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026497.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\Office2007 Serial.txt.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\RP7 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026506.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026532.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0027532.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\RP8 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\A0028793.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\Make Windows Original.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\RP9 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.B.137 worm
        [NOTE] The file was deleted!


        End of the scan: dimanche 19 octobre 2008 21:05
        Used time: 36:55 Minute(s)

        The scan has been done completely.

        2221 Scanning directories
        163281 Files were scanned
        90 viruses and/or unwanted programs were found
        0 Files were classified as suspicious:
        90 files were deleted
        0 files were repaired
        0 files were moved to quarantine
        0 files were renamed
        1 Files cannot be scanned
        163190 Files not concerned
        2089 Archives were scanned
        1 Warnings
        90 Notes
        0
      2. aspireacer > aspireacer
         
        voila le nouveau rapport

        Avira AntiVir Personal
        Report file date: dimanche 19 octobre 2008 20:28

        Scanning for 1369550 virus strains and unwanted programs.

        Licensed to: Avira AntiVir PersonalEdition Classic
        Serial number: 0000149996-ADJIE-0001
        Platform: Windows XP
        Windows version: (Service Pack 2) [5.1.2600]
        Boot mode: Normally booted
        Username: SYSTEM
        Computer name: BACCAR-XGPPCVOZ

        Version information:
        BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
        AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
        AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
        LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
        LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
        ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
        ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
        ANTIVIR2.VDF : 7.0.5.20 142336 Bytes 30/06/2008 05:20:53
        ANTIVIR3.VDF : 7.0.5.23 17408 Bytes 30/06/2008 09:24:47
        Engineversion : 8.1.1.19
        AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
        AESCRIPT.DLL : 8.1.0.63 311673 Bytes 06/08/2008 13:13:47
        AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
        AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:48
        AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:35
        AEOFFICE.DLL : 8.1.0.21 192891 Bytes 18/07/2008 06:35:21
        AEHEUR.DLL : 8.1.0.47 1368437 Bytes 06/08/2008 13:13:47
        AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
        AEGEN.DLL : 8.1.0.35 315764 Bytes 06/08/2008 14:38:47
        AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
        AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:21
        AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
        AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
        AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
        AVREP.DLL : 7.0.0.1 155688 Bytes 30/06/2008 14:35:20
        AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
        AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
        AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
        SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
        SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
        NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
        RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
        RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

        Configuration settings for the scan:
        Jobname..........................: Complete system scan
        Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
        Logging..........................: low
        Primary action...................: interactive
        Secondary action.................: ignore
        Scan master boot sector..........: on
        Scan boot sector.................: on
        Boot sectors.....................: C:, D:, E:,
        Process scan.....................: on
        Scan registry....................: on
        Search for rootkits..............: off
        Scan all files...................: Intelligent file selection
        Scan archives....................: on
        Recursion depth..................: 20
        Smart extensions.................: on
        Macro heuristic..................: on
        File heuristic...................: medium

        Start of the scan: dimanche 19 octobre 2008 20:28

        The scan of running processes will be started
        Scan process 'avscan.exe' - '1' Module(s) have been scanned
        Scan process 'avcenter.exe' - '1' Module(s) have been scanned
        Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
        Scan process 'avgnt.exe' - '1' Module(s) have been scanned
        Scan process 'avguard.exe' - '1' Module(s) have been scanned
        Scan process 'sched.exe' - '1' Module(s) have been scanned
        Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'alg.exe' - '1' Module(s) have been scanned
        Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
        Scan process 'Apache.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcAppFlt.exe' - '1' Module(s) have been scanned
        Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcLog.exe' - '1' Module(s) have been scanned
        Scan process 'nSvcIp.exe' - '1' Module(s) have been scanned
        Scan process 'Apache.exe' - '1' Module(s) have been scanned
        Scan process 'RtkBtMnt.exe' - '1' Module(s) have been scanned
        Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
        Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
        Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
        Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
        Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
        Scan process 'nTrayFw.exe' - '1' Module(s) have been scanned
        Scan process 'rundll32.exe' - '1' Module(s) have been scanned
        Scan process 'ACU.exe' - '1' Module(s) have been scanned
        Scan process 'explorer.exe' - '1' Module(s) have been scanned
        Scan process 'acs.exe' - '1' Module(s) have been scanned
        Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'svchost.exe' - '1' Module(s) have been scanned
        Scan process 'lsass.exe' - '1' Module(s) have been scanned
        Scan process 'services.exe' - '1' Module(s) have been scanned
        Scan process 'winlogon.exe' - '1' Module(s) have been scanned
        Scan process 'csrss.exe' - '1' Module(s) have been scanned
        Scan process 'smss.exe' - '1' Module(s) have been scanned
        38 processes with 38 modules were scanned

        Starting master boot sector scan:
        Master boot sector HD0
        [INFO] No virus was found!

        Start scanning boot sectors:
        Boot sector 'C:\'
        [INFO] No virus was found!
        Boot sector 'D:\'
        [INFO] No virus was found!
        Boot sector 'E:\'
        [INFO] No virus was found!

        Starting to scan the registry.
        The registry was scanned ( '50' files ).


        Starting the file scan:

        Begin scan in 'C:\'
        C:\pagefile.sys
        [WARNING] The file could not be opened!
        Begin scan in 'D:\'
        Begin scan in 'E:\'
        E:\System Volume Information\System Volume Information .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{455575A3-A8F5-40CA-8FE2-434270A33185}\RP10\A0003736.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000627.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{59CA912C-BEB9-4131-90BF-222A276A3A13}\RP3\A0000628.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\NokiaN73Tools.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\Office2007 Serial.txt.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP0\RP0 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\JetAudio dump.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP1\RP1 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028800.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028897.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028921.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028940.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0028963.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0030012.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\A0031012.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\RP10 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP10\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\A0031019.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\RP11 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP11\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\RP12 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP12\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Agent.161175 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\NokiaN73Tools.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.B.67 worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP13\RP13 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\Make Windows Original.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP14\RP14 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\Office2007 Serial.txt.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP15\RP15 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\JetAudio dump.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP16\RP16 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\InstallMSN11En.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP17\RP17 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\Lock Folder.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP18\RP18 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039242.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039244.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039245.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039256.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0039267.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040238.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040249.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040252.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0040254.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043257.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043261.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0043263.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044254.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0044257.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045272.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045276.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0045278.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP19\A0046278.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\A0014226.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\InstallMSN11En.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP2\RP2 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0014263.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0017646.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0019286.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020285.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\A0020317.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\RP3 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP3\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020353.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\A0020361.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\RP4 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP4\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0021373.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0023362.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\A0024362.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\RP5 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP5\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\A0025375.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\Make Windows Original.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP6\RP6 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0025381.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026426.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026470.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\A0026497.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\Office2007 Serial.txt.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP7\RP7 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026506.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0026532.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\A0027532.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\RP8 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP8\WinrRarSerialInstall.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\A0028793.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\Make Windows Original.0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.b worm
        [NOTE] The file was deleted!
        E:\System Volume Information\_restore{FF2500B7-DAB2-49EA-9605-1EFCB82E1E71}\RP9\RP9 .0xe
        [DETECTION] Contains recognition pattern of the WORM/Mabezat.B.137 worm
        [NOTE] The file was deleted!


        End of the scan: dimanche 19 octobre 2008 21:05
        Used time: 36:55 Minute(s)

        The scan has been done completely.

        2221 Scanning directories
        163281 Files were scanned
        90 viruses and/or unwanted programs were found
        0 Files were classified as suspicious:
        90 files were deleted
        0 files were repaired
        0 files were moved to quarantine
        0 files were renamed
        1 Files cannot be scanned
        163190 Files not concerned
        2089 Archives were scanned
        1 Warnings
        90 Notes
        0
  15. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    C'est mieux.

    ---> Poste un nouveau rapport HijackThis.
    -1
    1. aspireacer
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:18:56, on 19/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\acs.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Atheros\ACU.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
      O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      0
  16. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Relance HijackThis et choisis Do a system scan only

    ---> Coche les cases qui sont devant les lignes suivantes :

    O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')

    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

    ---> Clique en bas sur Fix checked. Mets oui si HijackThis te demande quelque chose.

    ---> Redémarre ton PC et poste un nouveau rapport HijackThis.
    -1
    1. aspireacer
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:38:52, on 19/10/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\acs.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Atheros\ACU.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\ItsLabel\ItsTV.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      C:\DOCUME~1\baccar\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\WINDOWS\system32\wscntfy.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?fr=fptb-cclean
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [DriverMagicSchedule] "C:\Program Files\SymplisIT\DriverMagic\dmschedule.exe" /boot
      O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
      O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
      O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
      O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      0
  17. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Désinstalle HijackThis.

    On peut passer à la dernière étape si tu n'as plus de problème.
    -1
    1. aspireacer
       
      oui bien sur
      0
  18. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    ---> Télécharge CCleaner (N'installe pas la Yahoo Toolbar) :
    https://www.ccleaner.com/ccleaner/download

    ---> Lance-le. Va dans "Options" puis "Avancé", tu décoches la case "Effacer uniquement les fichiers etc...". Tu vas dans "Nettoyeur", tu fais "Analyse". Une fois terminé, tu lances le nettoyage. Puis tu vas dans "Registre", tu fais "Chercher des erreurs". Une fois terminé, tu répares toutes les erreurs sans sauvegarder la base de registre.

    ---> Supprime le contenu de la quarantaine d'Antivir.

    ---> Il est nécessaire de désactiver puis réactiver la restauration système pour la purger :
    http://www.infos-du-net.com/forum/272480-11-desactiver-activer-restauration-systeme

    ---> Je te conseille de créer un point de restauration que tu pourras utiliser plus tard si tu as un problème :
    https://www.vulgarisation-informatique.com/creer-point-restauration.php

    ---> Tiens à jour Windows.
    -1
    1. aspireacer
       
      c fait je suis entrain de mettre a jour windows
      0
  19. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Ok.
    -1
    1. aspireacer
       
      merci beaucoup, bonne soirée
      0
  20. Destrio5 Messages postés 99820 Date d'inscription   Statut Modérateur Dernière intervention   10 324
     
    Bonne soirée ;)
    -1