apt

Pour les lignes signalées comme superflus, je l'ai enlève ou quoi ?

Oui effectivement, j'en ai deux antivirus. Parfois Nod detecte des infections que KIS ne les reconnait pas.

Bonjour, Je voulais essayer ZHB, et voila mon premier rapport analyser par ce logociel : Zeb Help Process v2.2 by Nicolas Coolman - Rapport Général du 15/06/2008 12:23:34 Logfile of Trend Micro HijackThis v2.0.2 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16674) Processus lancés C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\UberIcon\UberIcon Manager.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\WINDOWS\system32\VTTimer.exe C:\WINDOWS\system32\VTtrayp.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Notepad++\notepad++.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe Analyse des lignes R0, R1, R2, R3 - Internet Explorer Start/Search pages URLs Valeur de clé de registre modifiée (R0) R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/ie R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens Valeur de clé de registre créée (R1) R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.fr/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.fr R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.fr R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Création d'une valeur supplémentaire là ou seule une valeur est attendue (R3) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Analyse des autres lignes (Others) Browser Helper Objects (O2) O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL Internet Explorer Toolbars (O3) O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\styler\TB\StylerTB.dll O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll Applications démarrées automatiquement par le registre (O4) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [uberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe O4 - HKLM\..\Run: [TransBar] C:\Windows\System32\TransBar.exe /s O4 - HKLM\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user') Lignes supplémentaires dans le menu contextuel d'Internet Explorer (O8) O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - D:\PROGRA~1\FLASHS~1\save.htm O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Ajouter à Kaspersky Anti-Bannière - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 Boutons situés sur la barre d'outils principale d'Internet Explorer (O9) O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - D:\PROGRA~1\FLASHS~1\save.htm O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - D:\PROGRA~1\FLASHS~1\save.htm O9 - Extra button: Statistiques d’Anti-Virus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Objets ActiveX (aka Downloaded Program Files)(O16) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://charon777.free.fr/plugins/hardwared...ion_2_0_4_9.cab Protocole additionnel et piratage de protocole (O18) O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL Valeur de Registre AppInit_DLLs et sous-clés Winlogon Notify (autorun) (O20) O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll Liste des services NT non Microsoft et non désactivés (O23) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe Lignes traitées 83/83 ----------------------------------------- Apparement il n'y a pas grand chose, mais il ya des icones de superflu devant quelques lignes. devrais-je les supprimer ? Merci.

Merci angeliquen, ca fonctionne bien pour moi.

J'ai deja fait tout les verifications possible. Le dernier scan de kaspersky n'a rien trouvé. Et puis ce message n'apparait pas de la meme intensite qu'avant .... J'ai essaye d'installe IE6, mais il a trouve qu'il y'a des fichiers recents installe sur ma machine. Donc installation abandonner ...

Je l'ai fait pour l'installer ulterieurement, car je recevais beacoup le message suivant : Iexplorer a rencontrer un probleme et doit fermer.

Oui je l'ai fait ...

D'accord Charles. Je le ferais demain. Oui j'aimerais bien le savoir. Bonne nuit à tous !

Au sujet des fichiers infectés trouvés par AVG A-S : Tu m'as demandé de les faire passer vers "Quanrantaine". Mais pourquoi KAV n'a rien detecte aprés son scan ?

Mais malgré que je clique souvent sur OUI, le message apparait toujours au démarrage ....

J'ai place le Cd, et executer la commande. Ca a fonctionner ! Pear : suis-je dans l'obligation d'introduire ce code dans le registre ? Merci.

Dans les services j'ai trouvé : Appel de procédure distante (RPC) Il est "Démarrer" et "Automatique"

Et, hier le site etait indisponible Aujourd'hui je cherchais la troisieme page, et voila que je me retrouve toujours dans la deuxieme ... Bon mon probléme : Le KAV n'a trouve aucune infection sauf celle d'un ancien fichier sur mon deuxieme DD (Ancien). Donc pas de probleme pas de probleme apparement.

Salut, A chaque demarrage j'obtient ce message : Que veut-il dire ? Merci.

Salut, Pourquoi le scan SFC ne marche pas chez moi ? Merci.

Voila le rapport AVG Anti-Spyware : En attendant le rapport Panda.

Pas de quoi.

Enfin, mise à jour reussie. Je vais suivre tes consignes maintenant.

Pour AVG Antispayware, il ne se met pas à jour lorsque je clique sur le lien "Mettre à jour" Pourquoi ? Je ne sais pas. C'est déja fait. Merci.

Ce explorer.exe vient du fait que mon SMTP ne voulait pas de fichiers en EXE dans les fichiers joints. Alors je l'ai compressé pour l'envoyer à VirusTotal pour analyse. Voila un autre rapport d'analyse avec cette fois le fichier : C:\WINDWOS\Explorer.exe Le résultat est le même : FOUND NOTHING.

Voila le rapport de VirusTotal : Je ne crois qu'il n'y a rien de mechant. Mais comment expliquer le message d'alerte de Kaspersky : Et comment expliquer ce message qui me gache mon quotidien : Merci.

Pour les Anti-spayware, lequel je dois conserver ? 1 - Ad-aware SE 2 - XoftSpy 3 - AVG Anti-spayware Merci.

Voila le rapport kaspersky : Dossier de sauvegarde --------------------- Etat Objet Taille ---- ----- ------ Infecté : cheval de Troie Trojan.Win32.Agent.agh e:\24-6\24-6.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh 24-6.exe\24-6.exe 104 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\4c20b496d6de66787612d04992\4c20b496d6de66787612d04992.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh 4c20b496d6de66787612d04992.exe\4c20b496d6de66787612d04992.exe 104 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\7ced5d9198ccf666eccdb9dbf9\7ced5d9198ccf666eccdb9dbf9.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\MSIb4e29.tmp\MSIb4e29.tmp.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh C:\WINDOWS\Media\SysteM.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh C:\Documents and Settings\admin\Bureau\les pages de garde\cadre.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh C:\Documents and Settings\admin\Bureau\Bureau\Rekia\page de garde 02\cadre.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\images.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\EasyPHP\EasyPHP.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\images.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\4 ing\4 ing.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Arabswell\Arabswell.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Carrefourinternet\Carrefourinternet.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\CashU\CashU.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Config.Msi\Config.Msi.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Desktop Calendar XP 4.00\Desktop Calendar XP 4.00.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\ERDNT\ERDNT.EXE 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Logithèque et Téléchargements\Logithèque et Téléchargements.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Mes Documents\Mes Documents.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\MSI41648.tmp\MSI41648.tmp.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\MSOCache\MSOCache.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Nouveau dossier\Nouveau dossier.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\PC\PC.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\PCastuces\PCastuces.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\PHP\PHP.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\PicLoader\PicLoader.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Program Files\Program Files.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Windev\Windev.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Excel\Excel.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Sauvegarde_Pense-bete\Sauvegarde_Pense-bete.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Disque Dur Ancien\Disque Dur Ancien.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Program Files\Program Files.exe 66.5 Ko Infecté : virus Email-Worm.Win32.Brontok.q D:\Program Files\ESET\infected\TPASCADA.NQF 41.7 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\RECYCLER\RECYCLER.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\rekia\rekia.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Tareekh Islami\Tareekh Islami.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\temp\temp.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh D:\Webmaser\Webmaser.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Recycled\Recycled.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Templates\Templates.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh E:\Word\Word.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\images.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\CD\CD.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\Download\Download.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\game\game.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\Reg save\Reg save.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\SONY\SONY.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\Toocharger\Toocharger.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\www.Download.com\www.Download.com.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\eMule\eMule.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh F:\24\24.exe 66.5 Ko Infecté : cheval de Troie Trojan.Win32.Agent.agh f:\mes sites\mes sites.exe 66.5 Ko Potentiellement infecté : application présentant un risque potentiel Hidden data sending C:\WINDOWS\Explorer.EXE 1012 Ko

J'ai suivis les consignes du Post : Pré-Nettoyage d'un PC infecté, procédure pré-HijackThis et voila le rapport du scan : AntiVir PersonalEdition Classic Report file date: mardi 15 mai 2007 01:01 Scanning for 777132 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: admin Computer name: PC Version information: BUILD.DAT : 247 14437 Bytes 10-05-2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20-04-2007 11:37:16 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27-03-2007 11:31:56 LUKE.DLL : 7.0.4.11 143400 Bytes 27-03-2007 11:26:06 LUKERES.DLL : 7.0.4.0 10280 Bytes 19-03-2007 11:19:00 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31-05-2006 13:08:58 ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23-02-2007 13:09:02 ANTIVIR2.VDF : 6.38.1.100 1168384 Bytes 06-05-2007 19:30:36 ANTIVIR3.VDF : 6.38.1.141 107520 Bytes 14-05-2007 19:30:36 AVEWIN32.DLL : 7.4.0.15 2421248 Bytes 14-05-2007 19:30:38 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26-02-2007 09:36:28 AVPREF.DLL : 7.0.2.1 24616 Bytes 27-03-2007 11:31:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16-04-2007 12:16:24 AVPACK32.DLL : 7.3.0.8 360488 Bytes 27-03-2007 07:48:30 AVREG.DLL : 7.0.1.2 31784 Bytes 15-03-2007 08:05:10 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27-03-2007 11:16:06 AVARKT.DLL : 1.0.0.17 278568 Bytes 02-05-2007 10:32:28 NETNT.DLL : 7.0.0.0 7720 Bytes 08-03-2007 10:09:44 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13-03-2007 09:46:20 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19-03-2007 11:42:44 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users.WINDOWS\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mardi 15 mai 2007 01:01 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'notepad.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Start scanning boot sectors: Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Boot sector 'J:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '9' files ). Starting the file scan: Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'C:\' <SYSTEME> C:\WINDOWS\system32\ActiveScan\pskavs.dll [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738 [iNFO] The file was deleted! C:\Documents and Settings\admin\Bureau\Bureau\Genuine_In_5_sec\RockXP4.exe [0] Archive type: RAR SFX (self extracting) --> pwdump2\pwdump2.exe [DETECTION] Contains signature of the SPR/PWDump2.A program --> pwdump2\samdump.dll [DETECTION] Contains signature of the SPR/Hcktl.Samdump.2 program --> RockXP4_.exe [DETECTION] Contains signature of the SPR/PSW.RAS.A.14 program [iNFO] The file was deleted! C:\Documents and Settings\admin\Bureau\Bureau\SpeederXP\keygen.rar [0] Archive type: RAR --> keygen.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! C:\Documents and Settings\admin\Bureau\Optimisation\213.144.182.40 [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.BV.358 Backdoor server programs [iNFO] The file was deleted! C:\Documents and Settings\admin\Bureau\Optimisation\213.144.182_3.40 [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.BV.358 Backdoor server programs [iNFO] The file was deleted! C:\Documents and Settings\admin\Bureau\Optimisation\213.144.182_4.40 [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.BV.358 Backdoor server programs [iNFO] The file was deleted! C:\Documents and Settings\admin\Bureau\Telechargements\Anti-Spy\Slayerpatch_1.2.rar [0] Archive type: RAR --> Slayerpatch_1.2.exe [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.BV.358 Backdoor server programs [iNFO] The file was deleted! C:\Documents and Settings\admin\Bureau\Telechargements\Anti-Spy\A-SQUARED2_CRK-FFF.rar [0] Archive type: RAR --> fff-a2-crk.exe [DETECTION] Contains signature of the SPR/RegPatch.A program [iNFO] The file was deleted! C:\Mes téléchargements\wsh\SCRIPTS\10_43.vbs [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '46a7f296.qua'! C:\Mes téléchargements\wsh\SCRIPTS\6_41.vbs [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '467cf2c6.qua'! C:\Mes téléchargements\wsh\TOOLS\SKRIPTBEISPIELE\KAPITEL_1\1_2.vbs [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '467af2ce.qua'! Begin scan in 'D:\' <Programmes> D:\pagefile.sys [WARNING] The file could not be opened! D:\Logithèque et Téléchargements\Utilitaires\Optimisation\TuneUp Utilities 2006\TuneUpUtilities2006.Kg.rar [0] Archive type: RAR --> tuneup2006keygen.exe [DETECTION] Contains signature of the dropper DR/SdBot.537088 [iNFO] The file was deleted! D:\temp\Slayerpatch_1.2.exe [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.BV.358 Backdoor server programs [iNFO] The file was deleted! Begin scan in 'E:\' <BARMAJA> E:\Download\Anti-spayeware EEDO\clean-.rar [0] Archive type: RAR --> clean\pskill.exe [DETECTION] Contains signature of the SPR/Tool.PsKill.2 program [iNFO] The file was deleted! E:\Download\Anti-spayeware EEDO\clean-\clean\pskill.exe [DETECTION] Contains signature of the SPR/Tool.PsKill.2 program [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie2 Quantium\gues1\29.10.02\GetDataBackv1.05.zip [0] Archive type: ZIP --> GetDataBackv1.05_Patch.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie2 Quantium\CrackSearcher\Cracks par Alphabet\L\Look_'n'_Stop_v2.05_Multilanguage.zip [0] Archive type: ZIP --> loader.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie2 Quantium\CrackSearcher\Cracks par Alphabet\I\Image2PDF_v1.7_Repacked_by_Cafe.zip [0] Archive type: ZIP --> Image2PDF.v1.7.Incl.Keymaker.REPACK-CAFE/keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie2 Quantium\CrackSearcher\Cracks par Alphabet\E\Edit_Plus_v2.11_SR-2.zip [0] Archive type: ZIP --> editplus_loader_install.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie2 Quantium\CrackSearcher\Cracks\M\Y\MySQL_Front_v3.1.11.8.zip [0] Archive type: ZIP --> MySQL.Front.v3.1.11.8.Incl.Keygen-dT/d-mq3118.zip [1] Archive type: ZIP --> keygen.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie2 Quantium\CrackSearcher\Cracks\F\O\FolderIcon_XP_v1.02.zip [0] Archive type: ZIP --> keygen.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie2 Quantium\CrackSearcher\Cracks\Cracks\M\Y\MySQL_Front_v3.1.11.8.zip [0] Archive type: ZIP --> MySQL.Front.v3.1.11.8.Incl.Keygen-dT/d-mq3118.zip [1] Archive type: ZIP --> keygen.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie System\SetupRevelationV2.exe [DETECTION] Contains signature of the SPR/CodeRevel.A.2 program [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie System\Program Files\Soft4Ever\looknstop\loader.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was deleted! E:\Disque Dur Ancien\Partie System\Program Files\EditPlus 2\editplus_loader_install.exe [DETECTION] Is the Trojan horse TR/Crypt.XDR.Gen [iNFO] The file was deleted! E:\EasyPHP\www\freeglobes\class\fckeditor\editor\filemanager\browser\default\connectors\asp\class_upload.asp [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '46aa01f9.qua'! E:\EasyPHP\www\freeglobes\class\fckeditor\editor\filemanager\upload\asp\class_upload.asp [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '47055ed6.qua'! E:\EasyPHP\www\freeglobes2\class\fckeditor\editor\filemanager\browser\default\connectors\asp\class_upload.asp [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '46aa01fd.qua'! E:\EasyPHP\www\freeglobes2\class\fckeditor\editor\filemanager\upload\asp\class_upload.asp [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '46aa01fe.qua'! Begin scan in 'F:\' <DOWNLOADS> F:\Download\Genuine Validation Crack\RockXP4.exe [0] Archive type: RAR SFX (self extracting) --> pwdump2\pwdump2.exe [DETECTION] Contains signature of the SPR/PWDump2.A program --> pwdump2\samdump.dll [DETECTION] Contains signature of the SPR/Hcktl.Samdump.2 program --> RockXP4_.exe [DETECTION] Contains signature of the SPR/PSW.RAS.A.14 program [iNFO] The file was deleted! F:\Download\Genuine Validation Crack\RockXP4_2.exe [0] Archive type: RAR SFX (self extracting) --> pwdump2\pwdump2.exe [DETECTION] Contains signature of the SPR/PWDump2.A program --> pwdump2\samdump.dll [DETECTION] Contains signature of the SPR/Hcktl.Samdump.2 program --> RockXP4_.exe [DETECTION] Contains signature of the SPR/PSW.RAS.A.14 program [iNFO] The file was deleted! F:\Download\PHP Expert Editor 3.3\PHP_Expert_Editor_3.3.rar [0] Archive type: RAR --> PHP Expert Editor 3.3\PHP.expert.editor.3.3.crack.rar [1] Archive type: RAR --> PHP.expert.editor.3.3.crack\phpxedit.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Repacked). Please verify the origin of the file [iNFO] The file was deleted! F:\Google tools\Google tools.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! F:\Torrent\Torrent.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! Begin scan in 'G:\' <DATAS> G:\Program Files\Program Files.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\PETROL\PETROL.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Logiciels\Logiciels.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Desktop Files\Desktop Files.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\mp3\mp3.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\DemonStar\DemonStar.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\win98 Driver\win98 Driver.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\English\English.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\afrah\afrah.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\anasheed_rm\anasheed_rm.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Documents\Documents.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Recuperation\Recuperation.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\SAT\SAT.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Code & Sources\Code & Sources.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\images\images.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Quran\Quran.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Help\Help.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Mes Documents\Mes Documents.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\sysperf\sysperf.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\SONY\SONY.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Amar\Amar.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Davory\Davory.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Power point\Power point.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\DOWNLOADS\DOWNLOADS.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\OFFICE 2000\OFFICE 2000.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\OFFICE 2000\Excel\13-09-06\Jacques Boisgontier\mp-xlprivatesession.zip [0] Archive type: ZIP --> mp-xlPrivateSession.xls [DETECTION] Contains suspicious code HEUR/Macro.Excel2000 [iNFO] The file was deleted! G:\OFFICE 2000\Excel\Excelabo\Excel\mp-xlprivatesession.zip [0] Archive type: ZIP --> mp-xlPrivateSession.xls [DETECTION] Contains suspicious code HEUR/Macro.Excel2000 [iNFO] The file was deleted! G:\OFFICE 2000\Excel\Excelabo2\Excelabo2\www.excelabo.net\classeursxl\mp-xlprivatesession.html [0] Archive type: ZIP --> mp-xlPrivateSession.xls [DETECTION] Contains suspicious code HEUR/Macro.Excel2000 [iNFO] The file was deleted! G:\Sony Recup\Sony Recup.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\C_24092006\C_24092006.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\SAT-Hivion 9090x\SAT-Hivion 9090x.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\Mes sites\Mes sites.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\SAT- Hivion 9090x\SAT- Hivion 9090x.exe [DETECTION] Is the Trojan horse TR/Agent.agh [iNFO] The file was deleted! G:\eMule\Incoming\windows.script.host.xp_ShareAccelerator.exe [DETECTION] Is the Trojan horse TR/Drop.HotWebBar.C [iNFO] The file was deleted! G:\eMule\Incoming\World Wide Classifieds Script 4.0 Paypal Paymentipn.zip [0] Archive type: ZIP --> gamereview.zip [1] Archive type: ZIP --> editor/dialog/fck_template.html [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was deleted! G:\eMule\Incoming\115 Scripts From PopScript.com.part1.rar [0] Archive type: RAR --> YouSendIt_Clone_v5.0\YouSendItClone\uploads\_vti_bin\C99sh.php [DETECTION] Contains signature of the PHP virus PHP/C99Shell.d [iNFO] The file was deleted! G:\eMule\Incoming\B-Erp Php Script Collection.rar [0] Archive type: RAR --> Ex.Mailing.List.Manager.V1.0.TSRh.Spaceman.rar [1] Archive type: RAR --> Ex.Mailing.List.Manager.V1.0.TSRh.Spaceman\keygen.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was deleted! Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' <SONY> J:14\170207\xoft_user.rar [0] Archive type: RAR --> Slayerpatch_1.2.exe [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.BV.358 Backdoor server programs [iNFO] The file was deleted! J:14\170207\Slayerpatch_1[1].2.rar [0] Archive type: RAR --> Slayerpatch_1.2.exe [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Hupigon.BV.358 Backdoor server programs [iNFO] The file was deleted! J:\Infomatique\www.commentcamarche.net\win\winastor.php3 [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '46b71906.qua'! J:\Infomatique\www.commentcamarche.net\virus\sircam.php3 [DETECTION] Contains suspicious code HEUR/Exploit.HTML [iNFO] The file was moved to '46bb190a.qua'! End of the scan: mardi 15 mai 2007 04:19 Used time: 3:18:39 min The scan has been done completely. 28148 Scanning directories 1151764 Files were scanned 81 viruses and/or unwanted programs were found 18 classified as suspicious: 66 files were deleted 0 files were repaired 9 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 1151665 Files not concerned 9816 Archives were scanned 1 Warnings 105 Notes 0 Hidden objects were found

- NOD32 n'est pas une version d'évaluation. - Lequel devrais-je conserver : kaspersky ou NOD32 ? - J'ai deja fait un scan en ligne de Kasperky, mais l'antivirus ne peut pas eliminer les infections - Comment avoir le rapport de Kasperky ?