Pc Infesté! Analyse HiJackThis svp.
aalouex
Messages postés
75
Statut
Membre
-
Zpoupette Messages postés 4847 Statut Membre -
Zpoupette Messages postés 4847 Statut Membre -
Bonjour,
Antivir détecte 44 virus sur mon pc, dont des fichiers système!
Voici mes logs HiJackThis et Antivir:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:57, on 03/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-1220945662-1202660629-1957994488-1004\..\Run: [seyex] "c:\documents and settings\utilisateur_1\local settings\application data\seyex.exe" seyex (User 'Utilisateur_1')
O4 - HKUS\S-1-5-21-1220945662-1202660629-1957994488-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 User Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Utilisateur_1')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
End of file - 5695 bytes
_______________________________________________________________________________
Avira AntiVir Personal
Report file date: mercredi 3 décembre 2008 14:54
Scanning for 1065867 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC010
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 18:26:20
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:22:20
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 13:22:22
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 14:28:48
ANTIVIR3.VDF : 7.1.0.175 83456 Bytes 02/12/2008 14:28:51
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 15/11/2008 13:22:34
AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 13:22:32
AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 13:22:32
AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 13:22:31
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 15/11/2008 13:22:30
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 15/11/2008 13:22:29
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 18:05:17
AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 08:04:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 08:04:40
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 13:22:24
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 3 décembre 2008 14:54
The scan of running processes will be started
Scan process 'avwsc.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'seyex.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '45' files ).
Starting the file scan:
Begin scan in 'C:\' <XP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\msinfo32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f90b1.qua'!
C:\Program Files\Internet Explorer\iexplore.VIR
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ae90c3.qua'!
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a49134.qua'!
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a19128.qua'!
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a1912e.qua'!
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49aa913a.qua'!
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a9913f.qua'!
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ac9131.qua'!
C:\Program Files\Outlook Express\msimn.VIR
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f91ba.qua'!
C:\Program Files\Windows NT\hypertrm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a691e1.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030452.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920a.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030453.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920b.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030454.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4a6c4.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030455.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920d.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030456.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920c.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030457.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4a6c5.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030458.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920e.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030459.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4a6c7.qua'!
C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499b92ad.qua'!
C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499a92b0.qua'!
C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499d92d7.qua'!
C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499d92e2.qua'!
C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499892eb.qua'!
C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ac92ec.qua'!
C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a69300.qua'!
C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49aa9302.qua'!
C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49989302.qua'!
C:\WINDOWS\$NtServicePackUninstall$\osk.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a19315.qua'!
C:\WINDOWS\$NtServicePackUninstall$\pinball.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a49310.qua'!
C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f931c.qua'!
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49aa9348.qua'!
C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499a934d.qua'!
C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ab935a.qua'!
C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f9366.qua'!
C:\WINDOWS\$NtServicePackUninstall$\wab.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49989355.qua'!
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a39379.qua'!
C:\WINDOWS\system32\calc.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a295cc.qua'!
C:\WINDOWS\system32\charmap.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499795d6.qua'!
C:\WINDOWS\system32\control.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a495e0.qua'!
C:\WINDOWS\system32\freecell.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499b95f2.qua'!
C:\WINDOWS\system32\sndvol32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499a9623.qua'!
C:\WINDOWS\system32\sol.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a29624.qua'!
C:\WINDOWS\system32\winmine.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a4962c.qua'!
C:\WINDOWS\system32\wupdmgr.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a69641.qua'!
Begin scan in 'D:\' <DATA>
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP3\A0005136.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '496698ee.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP3\A0006006.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4ac27.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP7\A0007748.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '496698fd.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP7\A0007749.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4ac36.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP7\A0007750.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '496698ff.qua'!
Begin scan in 'E:\' <SAUVEGARDES>
End of the scan: mercredi 3 décembre 2008 15:33
Used time: 39:31 Minute(s)
The scan has been done completely.
2545 Scanning directories
179239 Files were scanned
49 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
49 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
179188 Files not concerned
1088 Archives were scanned
2 Warnings
49 Notes
,
Antivir détecte 44 virus sur mon pc, dont des fichiers système!
Voici mes logs HiJackThis et Antivir:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:34:57, on 03/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Documents and Settings\Admin\Application Data\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.free.fr/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fimg%2ffr%2ffr-fr%2fdivertissement%2fcelebrites%2fgalery%2fwentworth02.jpg%3f
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-21-1220945662-1202660629-1957994488-1004\..\Run: [seyex] "c:\documents and settings\utilisateur_1\local settings\application data\seyex.exe" seyex (User 'Utilisateur_1')
O4 - HKUS\S-1-5-21-1220945662-1202660629-1957994488-1004\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Utilisateur_1')
O4 - S-1-5-21-1220945662-1202660629-1957994488-1004 User Startup: Outil de détection de support de Cyber-shot Viewer.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe (User 'Utilisateur_1')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://home.free.fr/
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
End of file - 5695 bytes
_______________________________________________________________________________
Avira AntiVir Personal
Report file date: mercredi 3 décembre 2008 14:54
Scanning for 1065867 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC010
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 18/11/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 25/11/2008 18:26:20
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 13:22:20
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 13:22:22
ANTIVIR2.VDF : 7.1.0.160 571392 Bytes 30/11/2008 14:28:48
ANTIVIR3.VDF : 7.1.0.175 83456 Bytes 02/12/2008 14:28:51
Engineversion : 8.2.0.36
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 15/11/2008 13:22:34
AESCN.DLL : 8.1.1.5 123251 Bytes 15/11/2008 13:22:32
AERDL.DLL : 8.1.1.3 438645 Bytes 15/11/2008 13:22:32
AEPACK.DLL : 8.1.3.4 393591 Bytes 15/11/2008 13:22:31
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 15/11/2008 13:22:30
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 15/11/2008 13:22:29
AEHELP.DLL : 8.1.2.0 119159 Bytes 18/11/2008 18:05:17
AEGEN.DLL : 8.1.1.6 323955 Bytes 29/11/2008 08:04:41
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 29/11/2008 08:04:40
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 15/11/2008 13:22:24
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: mercredi 3 décembre 2008 14:54
The scan of running processes will be started
Scan process 'avwsc.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'reader_sl.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'WLLoginProxy.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'soffice.bin' - '1' Module(s) have been scanned
Scan process 'soffice.exe' - '1' Module(s) have been scanned
Scan process 'SPUVolumeWatcher.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'seyex.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'uphclean.exe' - '1' Module(s) have been scanned
Scan process 'oodag.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
37 processes with 37 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '45' files ).
Starting the file scan:
Begin scan in 'C:\' <XP>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Program Files\Fichiers communs\Microsoft Shared\MSInfo\msinfo32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f90b1.qua'!
C:\Program Files\Internet Explorer\iexplore.VIR
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ae90c3.qua'!
C:\Program Files\MSN\MSNCoreFiles\msn6.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a49134.qua'!
C:\Program Files\MSN Gaming Zone\Windows\bckgzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a19128.qua'!
C:\Program Files\MSN Gaming Zone\Windows\chkrzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a1912e.qua'!
C:\Program Files\MSN Gaming Zone\Windows\hrtzzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49aa913a.qua'!
C:\Program Files\MSN Gaming Zone\Windows\Rvsezm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a9913f.qua'!
C:\Program Files\MSN Gaming Zone\Windows\shvlzm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ac9131.qua'!
C:\Program Files\Outlook Express\msimn.VIR
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f91ba.qua'!
C:\Program Files\Windows NT\hypertrm.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a691e1.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030452.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920a.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030453.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920b.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030454.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4a6c4.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030455.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920d.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030456.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920c.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030457.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4a6c5.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030458.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '4966920e.qua'!
C:\System Volume Information\_restore{17A6A55C-B6AE-4556-BED8-F8B33A29B055}\RP73\A0030459.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4a6c7.qua'!
C:\WINDOWS\$NtServicePackUninstall$\cleanmgr.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499b92ad.qua'!
C:\WINDOWS\$NtServicePackUninstall$\cmd.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499a92b0.qua'!
C:\WINDOWS\$NtServicePackUninstall$\magnify.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499d92d7.qua'!
C:\WINDOWS\$NtServicePackUninstall$\migwiz.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499d92e2.qua'!
C:\WINDOWS\$NtServicePackUninstall$\mobsync.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499892eb.qua'!
C:\WINDOWS\$NtServicePackUninstall$\moviemk.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ac92ec.qua'!
C:\WINDOWS\$NtServicePackUninstall$\mspaint.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a69300.qua'!
C:\WINDOWS\$NtServicePackUninstall$\mstsc.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49aa9302.qua'!
C:\WINDOWS\$NtServicePackUninstall$\odbcad32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49989302.qua'!
C:\WINDOWS\$NtServicePackUninstall$\osk.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a19315.qua'!
C:\WINDOWS\$NtServicePackUninstall$\pinball.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a49310.qua'!
C:\WINDOWS\$NtServicePackUninstall$\rcimlby.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f931c.qua'!
C:\WINDOWS\$NtServicePackUninstall$\rstrui.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49aa9348.qua'!
C:\WINDOWS\$NtServicePackUninstall$\sndrec32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499a934d.qua'!
C:\WINDOWS\$NtServicePackUninstall$\tourstart.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49ab935a.qua'!
C:\WINDOWS\$NtServicePackUninstall$\utilman.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499f9366.qua'!
C:\WINDOWS\$NtServicePackUninstall$\wab.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49989355.qua'!
C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a39379.qua'!
C:\WINDOWS\system32\calc.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a295cc.qua'!
C:\WINDOWS\system32\charmap.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499795d6.qua'!
C:\WINDOWS\system32\control.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a495e0.qua'!
C:\WINDOWS\system32\freecell.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499b95f2.qua'!
C:\WINDOWS\system32\sndvol32.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '499a9623.qua'!
C:\WINDOWS\system32\sol.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a29624.qua'!
C:\WINDOWS\system32\winmine.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a4962c.qua'!
C:\WINDOWS\system32\wupdmgr.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '49a69641.qua'!
Begin scan in 'D:\' <DATA>
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP3\A0005136.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '496698ee.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP3\A0006006.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4ac27.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP7\A0007748.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '496698fd.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP7\A0007749.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '48e4ac36.qua'!
D:\System Volume Information\_restore{809FC0E8-349B-4410-BFA2-A170B97362F0}\RP7\A0007750.exe
[DETECTION] Contains recognition pattern of the W32/Virut.A Windows virus
[NOTE] The file was moved to '496698ff.qua'!
Begin scan in 'E:\' <SAUVEGARDES>
End of the scan: mercredi 3 décembre 2008 15:33
Used time: 39:31 Minute(s)
The scan has been done completely.
2545 Scanning directories
179239 Files were scanned
49 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
49 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
179188 Files not concerned
1088 Archives were scanned
2 Warnings
49 Notes
,
A voir également:
- Pc Infesté! Analyse HiJackThis svp.
- Reinitialiser pc - Guide
- Pc lent - Guide
- Analyse composant pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Analyse performance pc - Guide
3 réponses
Merci Zpoupette,
Je vais essayer ça... c'est pas gagné...
Je vais essayer ça... c'est pas gagné...
Zpoupette
Messages postés
4847
Statut
Membre
624
Exact, rien ne dit que ça fonctionne. Le formatage complet reste peut-être la seule solution.
D'autres personnes sur ce forum ont eu ce problème. Voici une des solutions utilisés (sachant que chaque infection est différente d'un PC à un autre).
Lis bien tout.
http://www.commentcamarche.net/forum/affich 2338320 w32 virut a comment le supprimer
Lis bien tout.
http://www.commentcamarche.net/forum/affich 2338320 w32 virut a comment le supprimer
