kini1

ok...je vous remercie... @+

Bonjour la communauté zéb une question ?? office 2003 est il compatible avec Vista?? merci bonne journée.........

Bonjour Bruce... Tu es vraiment incroyable !!! j'aimerais savoir le 10em de tes connaissances en informatique mon rapport Bit defender est propre De plus je lui est installer IE7 et la nouvelle version Java!! J'espere lui avoir bien securiser son ordi Je te souhaite un exellent dimanche et te remercie encore une fois Amicalement Jacks //----------------------------------------------------------------- // // Product: BitDefender 9 Professional Plus // Version: 9.5 // // Créé le: 03/06/2007 09:59:51 // //----------------------------------------------------------------- Statistiques Chemin cible: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Dossiers : 2259 Fichiers : 127045 Archives : 9467 Fichiers empaquetés : 5604 Virus trouvés : 0 Fichiers infectés : 0 Alertes : 0 Fichiers suspects : 0 Fichiers désinfectés : 0 Fichiers effacés : 0 Fichiers copiés : 0 Fichiers déplacés : 0 Fichiers renommés : 0 Erreurs I/O : 27 Temps d'analyse := 00:23:02 Fichiers/seconde :91 Définitions virus : 511487 Plugins d'analyse : 14 Plugins archives : 38 Plug-ins décompression : 6 Plug-ins messagerie : 6 Plug-ins système : 1 Options d'analyse Détection [X] Analyser le secteur de boot [X] Analyser les archives [X] Analyser les fichiers en paquets [X] Analyser la messagerie Masque fichiers [ ] Programmes [X] Tous les fichiers [ ] Extensions définies par l'utilisateur: [ ] Exclure les extensions: ; Action Objets infectés [ ] Ignorer [X] Désinfecter [ ] Effacer [ ] Copier [ ] Déplacer dans le dossier infectés [ ] Renommer [ ] Demander l'action Seconde action [ ] Ignorer [ ] Effacer [ ] Copier [X] Déplacer dans le dossier infectés [ ] Renommer [ ] Demander l'action Options d'analyse [X] Activer les alertes [X] Activer l'heuristique [ ] Afficher tous les fichiers dans le journal [X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1180857591.log

Bonjour Bruce! voila j'ai tout fait et il trouve encore un virus //----------------------------------------------------------------- // // Product: BitDefender 9 Professional Plus // Version: 9.5 // // Créé le: 02/06/2007 13:19:56 // //----------------------------------------------------------------- Statistiques Chemin cible: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Dossiers : 2226 Fichiers : 126133 Archives : 9437 Fichiers empaquetés : 5598 Virus trouvés : 1 Fichiers infectés : 1 Alertes : 0 Fichiers suspects : 0 Fichiers désinfectés : 0 Fichiers effacés : 0 Fichiers copiés : 0 Fichiers déplacés : 0 Fichiers renommés : 0 Erreurs I/O : 28 Temps d'analyse := 00:23:06 Fichiers/seconde :91 Définitions virus : 13852 Plugins d'analyse : 14 Plugins archives : 38 Plug-ins décompression : 6 Plug-ins messagerie : 6 Plug-ins système : 1 Options d'analyse Détection [X] Analyser le secteur de boot [X] Analyser les archives [X] Analyser les fichiers en paquets [X] Analyser la messagerie Masque fichiers [ ] Programmes [X] Tous les fichiers [ ] Extensions définies par l'utilisateur: [ ] Exclure les extensions: ; Action Objets infectés [ ] Ignorer [X] Désinfecter [ ] Effacer [ ] Copier [ ] Déplacer dans le dossier infectés [ ] Renommer [ ] Demander l'action Seconde action [ ] Ignorer [ ] Effacer [ ] Copier [X] Déplacer dans le dossier infectés [ ] Renommer [ ] Demander l'action Options d'analyse [X] Activer les alertes [X] Activer l'heuristique [ ] Afficher tous les fichiers dans le journal [X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1180783196.log Sommaire : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZG1Y9MJ\joysaver[1].cab=>m67m.inf Infecté avec: Trojan.Downloader.RK C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZG1Y9MJ\joysaver[1].cab=>m67m.inf Désinfection impossible C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZG1Y9MJ\joysaver[1].cab=>m67m.inf Déplacement impossible

Si jamais en attendant j'ai fait un antivirus avec le logiciel qu'il à sur son ordi //----------------------------------------------------------------- // // Product: BitDefender 9 Professional Plus // Version: 9.5 // // Créé le: 02/06/2007 12:07:10 // //----------------------------------------------------------------- Statistiques Chemin cible: A:\ C:\ D:\ E:\ F:\ G:\ H:\ Dossiers : 2413 Fichiers : 135685 Archives : 9578 Fichiers empaquetés : 6272 Virus trouvés : 6 Fichiers infectés : 26 Alertes : 0 Fichiers suspects : 0 Fichiers désinfectés : 0 Fichiers effacés : 0 Fichiers copiés : 0 Fichiers déplacés : 25 Fichiers renommés : 0 Erreurs I/O : 28 Temps d'analyse := 00:26:34 Fichiers/seconde :85 Définitions virus : 1074248356 Plugins d'analyse : 14 Plugins archives : 38 Plug-ins décompression : 6 Plug-ins messagerie : 6 Plug-ins système : 1 Options d'analyse Détection [X] Analyser le secteur de boot [X] Analyser les archives [X] Analyser les fichiers en paquets [X] Analyser la messagerie Masque fichiers [ ] Programmes [X] Tous les fichiers [ ] Extensions définies par l'utilisateur: [ ] Exclure les extensions: ; Action Objets infectés [ ] Ignorer [X] Désinfecter [ ] Effacer [ ] Copier [ ] Déplacer dans le dossier infectés [ ] Renommer [ ] Demander l'action Seconde action [ ] Ignorer [ ] Effacer [ ] Copier [X] Déplacer dans le dossier infectés [ ] Renommer [ ] Demander l'action Options d'analyse [X] Activer les alertes [X] Activer l'heuristique [ ] Afficher tous les fichiers dans le journal [X] Fichier journal : C:\Program Files\Softwin\BitDefender9\Logs\vscan_1180778830.log Sommaire : C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZG1Y9MJ\joysaver[1].cab=>m67m.inf Infecté avec: Trojan.Downloader.RK C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZG1Y9MJ\joysaver[1].cab=>m67m.inf Désinfection impossible C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZG1Y9MJ\joysaver[1].cab=>m67m.inf Déplacement impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065914.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065914.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065914.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065973.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065973.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065973.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065989.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065989.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0065989.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0066007.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0066007.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP218\A0066007.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067117.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067117.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067117.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067133.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067133.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067133.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067145.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067145.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067145.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP220\A0067179.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP220\A0067179.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP220\A0067179.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067228.sys Infecté avec: Trojan.Delf.ZJ C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067228.sys Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067228.sys Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067232.exe Infecté avec: Trojan.Downloader.Winfixer.O C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067232.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067232.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067233.exe Infecté avec: Trojan.Downloader.Winfixer.O C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067233.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067233.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067235.dll Infecté avec: Trojan.FakeAlert.DV C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067235.dll Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067235.dll Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067243.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067243.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067243.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067256.dll Infecté avec: Trojan.PWS.Tanspy.BS C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067256.dll Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP221\A0067256.dll Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP215\A0062795.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP215\A0062795.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP215\A0062795.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0063795.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0063795.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0063795.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0064795.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0064795.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0064795.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0064808.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0064808.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0064808.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065808.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065808.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065808.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065822.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065822.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065822.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065838.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065838.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065838.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065860.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065860.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065860.exe Déplacé C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP217\A0065895.exe Infecté avec: Trojan.Downloader.Zlob.ZVG C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP217\A0065895.exe Désinfection impossible C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP217\A0065895.exe Déplacé C:\SDFix\backups\ipv6monr.dll Infecté avec: Trojan.PWS.Tanspy.BS C:\SDFix\backups\ipv6monr.dll Désinfection impossible C:\SDFix\backups\ipv6monr.dll Déplacé C:\Recycled\Dc25.tmp\m67m.inf Infecté avec: Trojan.Downloader.RK C:\Recycled\Dc25.tmp\m67m.inf Désinfection impossible C:\Recycled\Dc25.tmp\m67m.inf Déplacé

et de plus meme Panda j'arrive pas.. qu'en pense tu?

Hello merci alors j'ai mis à jour java et je vais laisser installer la mise à jour window bonne journée

Hello bonjour faut il installer cette mise à jour?? car j'ai lu pas que du bon sur cette mise à jour!! et me conseiller vous d'installer Java la derniere version Merci Jacks [/url][/img]

Bonjour Bruce... impossible avec Kasperski toujours ce message de licence perimée [/url][/img] Merci

Hello quand j'essaie d'enlever Kasperski o^nline une fenetre s'ouvre et marque Microsoft int explo is running please close it and retry button et dois je virer tout les outils que tu m'as fait telecharger merci je dois m'absenter je regarderai demain mille fois merci

Hello pour le message d'erreur c'est bon mais pour Kasperski une fenetre de Microsoft internet explorer s'ouvre et il disent la licence de Kasperski On line-Scanner est perimée!!! merci

Hello Bruce j'ai ce message quand j'allume l'ordi mHotkey.exe composant introuvable????? merci

Hello Bruce je suis aller chercher le pc chez mon pote!! Alors le 1er Hijack il n'y avait pas de ligne 17 AVG impossible de faire la mise à jour Et ajout suppression il n'y avait pas Security Tools rapport AVG --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 17:27 2007-06-01 + Résultat de l'analyse: C:\Recycled\Dc24.tmp\v3.dll -> Adware.EliteBar : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S5EN0D27\v3cab[1].cab/v3.dll -> Adware.EliteBar : Nettoyé et sauvegardé (mise en quarantaine). C:\Recycled\Dc26.tmp\MediaTicketsInstaller.INF -> Adware.MediaTickets : Nettoyé et sauvegardé (mise en quarantaine). C:\Recycled\Dc375.tmp\UWA6PV_0001_N91M2107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine). C:\Recycled\Dc376.tmp\UWAS6V_0001_N91M2208NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Nettoyé et sauvegardé (mise en quarantaine). C:\WINDOWS\HKNTDLL.dll -> Not-A-Virus.Monitor.Win32.Hooker.e : Nettoyé et sauvegardé (mise en quarantaine). C:\Documents and Settings\Perso\Cookies\perso@217.73.66[1].txt -> TrackingCookie.217.73.66.16 : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@247realmedia[1].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@247realmedia[2].txt -> TrackingCookie.247realmedia : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@2o7[2].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@msnuk.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@redcats.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@swsoft.122.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@adbrite[2].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@adbrite[3].txt -> TrackingCookie.Adbrite : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ad.adition[3].txt -> TrackingCookie.Adition : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@www.adobe[1].txt -> TrackingCookie.Adobe : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@adtech[2].txt -> TrackingCookie.Adtech : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@advertising[1].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@advertising[2].txt -> TrackingCookie.Advertising : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@bluestreak[2].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@bluestreak[3].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@iv2.bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@casalemedia[1].txt -> TrackingCookie.Casalemedia : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@casalemedia[2].txt -> TrackingCookie.Casalemedia : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@clickbank[1].txt -> TrackingCookie.Clickbank : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz3.clickzs[3].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz6.clickzs[3].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cz8.clickzs[3].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter.cnw[1].txt -> TrackingCookie.Cnw : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@stat.dealtime[2].txt -> TrackingCookie.Dealtime : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@stat.dealtime[3].txt -> TrackingCookie.Dealtime : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@doubleclick[2].txt -> TrackingCookie.Doubleclick : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@e-2dj6wfkiwlajmgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@estat[1].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@estat[2].txt -> TrackingCookie.Estat : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@www.etracker[1].txt -> TrackingCookie.Etracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@as-eu.falkag[3].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@as1.falkag[2].txt -> TrackingCookie.Falkag : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@fastclick[2].txt -> TrackingCookie.Fastclick : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@fortunecity[1].txt -> TrackingCookie.Fortunecity : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@c.goclick[1].txt -> TrackingCookie.Goclick : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ehg-danier.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ehg-darksideprod.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ehg-darksideprod.hitbox[3].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@hitbox[2].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@hotlog[2].txt -> TrackingCookie.Hotlog : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@searchportal.information[1].txt -> TrackingCookie.Information : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@searchportal.information[2].txt -> TrackingCookie.Information : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ivwbox[2].txt -> TrackingCookie.Ivwbox : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@komtrack[2].txt -> TrackingCookie.Komtrack : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@image.masterstats[1].txt -> TrackingCookie.Masterstats : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@mediaplex[2].txt -> TrackingCookie.Mediaplex : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ssl-hints.netflame[2].txt -> TrackingCookie.Netflame : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ssl-hints.netflame[3].txt -> TrackingCookie.Netflame : Nettoyé. C:\Recycled\Dc248\perso@ssl-hints.netflame[1].txt -> TrackingCookie.Netflame : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@data2.perf.overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@data3.perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@overture[3].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@perf.overture[1].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@perf.overture[2].txt -> TrackingCookie.Overture : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@paycounter[1].txt -> TrackingCookie.Paycounter : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@www.paypal[1].txt -> TrackingCookie.Paypal : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ads.planetactive[2].txt -> TrackingCookie.Planetactive : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ads.planetactive[3].txt -> TrackingCookie.Planetactive : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ppms.popularix[2].txt -> TrackingCookie.Popularix : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@qksrv[2].txt -> TrackingCookie.Qksrv : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@questionmarket[2].txt -> TrackingCookie.Questionmarket : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@web4.realtracker[1].txt -> TrackingCookie.Realtracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@revenue[2].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@revenue[3].txt -> TrackingCookie.Revenue : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@serving-sys[2].txt -> TrackingCookie.Serving-sys : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@sexlist[1].txt -> TrackingCookie.Sexlist : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@sexlist[2].txt -> TrackingCookie.Sexlist : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter1.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter10.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter11.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter12.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter13.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter14.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter14.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter15.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter16.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter2.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter3.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter3.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter4.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter5.sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter6.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter7.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter8.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@counter9.sextracker[1].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@sextracker[2].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@sextracker[3].txt -> TrackingCookie.Sextracker : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@spylog[1].txt -> TrackingCookie.Spylog : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@statcounter[1].txt -> TrackingCookie.Statcounter : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@trafficcenter[1].txt -> TrackingCookie.Trafficcenter : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@web-stat[2].txt -> TrackingCookie.Web-stat : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@webstat[1].txt -> TrackingCookie.Web-stat : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@weborama[2].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@weborama[3].txt -> TrackingCookie.Weborama : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@count.xhit[1].txt -> TrackingCookie.Xhit : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@count.xhit[3].txt -> TrackingCookie.Xhit : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@yadro[1].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@yadro[3].txt -> TrackingCookie.Yadro : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : Nettoyé. C:\Documents and Settings\Perso\Cookies\perso@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé. C:\Recycled\Dc500.sys -> Trojan.Delf.zj : Nettoyé et sauvegardé (mise en quarantaine). Fin du rapport Rapport Fix Fixwareout Last edited 5/15/2007 Post this report in the forums please ... »»»»»Prerun check »»»»» »»»»» Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... »»»»» Misc files. C:\WINDOWS\System32\kernel32.exe Deleted .... »»»»» Checking for older varients. .... Search five digit cs, dm, kd, jb, other, files. The following files NEED TO BE SUBMITTED to one of the following URL'S for further inspection. Click browse, find the file then click submit. http://www.virustotal.com/flash/index_en.html Or http://virusscan.jotti.org/ »»»»» Other »»»»» Current runs [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "CHotkey"="mHotkey.exe" "Configuration Loader"="scvhost.exe" "Spooler SubSystem App"="C:\\WINDOWS\\system32\\spooIsv.exe" "BDMCon"="c:\\progra~1\\softwin\\bitdef~1\\bdmcon.exe" "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\"" "BDNewsAgent"="\"C:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\"" "BDSwitchAgent"="\"C:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" .... Hosts file was reset, If you use a custom hosts file please replace it »»»»» End report »»»»» et Dekard Deckard's System Scanner v20070426.43 Run by Perso on 2007-06-01 at 18:06:54 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as Perso.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 18:07, on 2007-06-01 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe c:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Program Files\internet explorer\iexplore.exe C:\Documents and Settings\Perso\Local Settings\Temporary Internet Files\Content.IE5\YF4HNNHR\dss[1].exe C:\PROGRA~1\HIJACK~1\Perso.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [bDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe" O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bluewin.ch/index_f.html O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) -- Files created between 2007-05-01 and 2007-06-01 ----------------------------- 2007-06-01 17:54:42 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-06-01 16:35:17 0 d-------- C:\WINDOWS\system32\LogFiles 2007-06-01 15:39:26 8299 --a------ C:\dnsbak.reg 2007-05-31 14:18:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2007-05-29 17:02:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-05-28 17:32:35 0 d-------- C:\VundoFix Backups 2007-05-28 17:23:39 2138 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-28 17:20:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-05-28 17:19:59 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-05-28 16:09:27 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-05-28 16:07:11 0 d-------- C:\Program Files\Navilog1 2007-05-28 15:12:53 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-05-28 15:05:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab -- Find3M Report --------------------------------------------------------------- 2007-06-01 17:59:34 31 --a------ C:\WINDOWS\system32\getfile.dat 2007-03-19 11:15:50 21246 --a------ C:\WINDOWS\nsreg.dat -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "CHotkey"="mHotkey.exe" "BDMCon"="c:\\progra~1\\softwin\\bitdef~1\\bdmcon.exe" "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\"" "BDNewsAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\"" "BDSwitchAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=dword:00000000 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="sockspy.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\ Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\ Notification Packages REG_MULTI_SZ scecli\ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Rappels du Calendrier Microsoft Works.lnk" "backup"="C:\\WINDOWS\\pss\\Rappels du Calendrier Microsoft Works.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FICHIE~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe " "item"="Rappels du Calendrier Microsoft Works" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WksSb" "hkey"="HKLM" "command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WkDetect" "hkey"="HKCU" "command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=dword:00000002 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* gb -- End of Deckard's System Scanner: finished at 2007-06-01 at 18:07:33 --------- J'espere que j'ai tout bien fait..... merci Rapport otmov File/Folder C:\WINDOWS\system32\kernel32.exe not found. C:\WINDOWS\1809.exe moved successfully. C:\WINDOWS\update7.exe moved successfully. C:\FOUND.009 moved successfully. C:\WINDOWS\dsb.exe moved successfully. C:\WINDOWS\system32\hbaaaaaa.exe moved successfully. C:\FOUND.008 moved successfully. C:\WINDOWS\system32\bdod.bin moved successfully. File/Folder C:\WINDOWS\system32\spooIsv.exe not found. Created on 06-01-2007 17:36:01

Hello Bruce.... houla la j'ai un peu les jetons de faire tout ca.. je vais essayer et j'espere que je ferai pas de conneries Je peut faire ca seulement la semaine prochaine car on à pas les memes horaires avec mon pote... je pense aller mercredi ou jeudi en tout cas merci beaucoup et bonne fin de semaine Jacks

Hello je dois m'absenter je te poste en plus le rapport antivir que j'ai fait en mode sans echec merci AntiVir PersonalEdition Classic Report file date: 2007-05-29 17:45 Scanning for 740715 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Perso Computer name: NOM-FAJKDOF30K5 Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:16 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:56 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:06 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:19:00 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:02 ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02 ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02 AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:28 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:52 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:30 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:10 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:06 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:28 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:44 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:20 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:44 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: H:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: 2007-05-29 17:45 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'iexplore.exe' - '1' Module(s) have been scanned Scan process 'Explorer.EXE' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Boot sector 'A:\' [NOTE] In the drive 'A:\' no data medium is inserted! Starting to scan the registry. C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MS_update_0704_KB74073.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '46bb4af5.qua'! C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\MS_update_0704_KB74073.exe [DETECTION] Contains suspicious code HEUR/Crypted The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' <WINXP_02C> C:\tool.exe [DETECTION] Is the Trojan horse TR/Spy.LowZones.CT [iNFO] The file was moved to '46cb4b15.qua'! C:\23100247.exe [DETECTION] Is the Trojan horse TR/Dldr.Small.dlw [iNFO] The file was moved to '468d4adb.qua'! C:\PAGEFILE.SYS [WARNING] The file could not be opened! C:\asasa.exe [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen [iNFO] The file was moved to '46bd4b1d.qua'! C:\syst.exe [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen [iNFO] The file was moved to '46cf4b25.qua'! C:\WINDOWS\update.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '46c04b24.qua'! C:\WINDOWS\system32\equoaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d14b2b.qua'! C:\WINDOWS\system32\paqhvcdl.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cd4b29.qua'! C:\WINDOWS\system32\peifqnga.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '46c54b2f.qua'! C:\WINDOWS\system32\yffpaaaa.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '46c24b39.qua'! C:\WINDOWS\system32\eubrsvvv.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46be4b4b.qua'! C:\WINDOWS\system32\wtfyujkw.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46c24b50.qua'! C:\WINDOWS\system32\opbaopb.dll [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\WINDOWS\system32\fihxxgoy.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c44b5a.qua'! C:\WINDOWS\system32\kiinaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54b5e.qua'! C:\WINDOWS\system32\puiyxaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54b6c.qua'! C:\WINDOWS\system32\tygcaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b75.qua'! C:\WINDOWS\system32\fiiylyeq.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54b66.qua'! C:\WINDOWS\system32\ehxbaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d44b66.qua'! C:\WINDOWS\system32\hxbtyaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46be4b76.qua'! C:\WINDOWS\system32\yeqkaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cd4b64.qua'! C:\WINDOWS\system32\sumhxpat.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c94b74.qua'! C:\WINDOWS\system32\wjlpvfcx.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c84b69.qua'! C:\WINDOWS\system32\ioyhnaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d54b6f.qua'! C:\WINDOWS\system32\glghfjeb.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b6e.qua'! C:\WINDOWS\system32\cehnoaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c44b67.qua'! C:\WINDOWS\system32\wjmitaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c94b6d.qua'! C:\WINDOWS\system32\xedlkkjq.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c04b68.qua'! C:\WINDOWS\system32\kagugwuq.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b64.qua'! C:\WINDOWS\system32\sygaaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b7d.qua'! C:\WINDOWS\system32\aafjaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c24b65.qua'! C:\WINDOWS\system32\mtvwaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d24b79.qua'! C:\WINDOWS\system32\kegfbaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b6b.qua'! C:\WINDOWS\system32\vuoxujuf.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cb4b7d.qua'! C:\WINDOWS\system32\kehjtrmo.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c44b6d.qua'! C:\WINDOWS\system32\layappai.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d54b69.qua'! C:\WINDOWS\system32\kewxurty.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d34b6e.qua'! C:\WINDOWS\system32\hdtiaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d04b6d.qua'! C:\WINDOWS\system32\lutuaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d04b7f.qua'! C:\WINDOWS\system32\nshgwaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c44b7d.qua'! C:\WINDOWS\system32\toowplgd.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cb4b7b.qua'! C:\WINDOWS\system32\pdgaaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b70.qua'! C:\WINDOWS\system32\mwvaaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d24b84.qua'! C:\WINDOWS\system32\uyqrbwrr.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cd4b86.qua'! C:\WINDOWS\system32\luiyiaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54b82.qua'! C:\WINDOWS\system32\hxwftpls.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d34b86.qua'! C:\WINDOWS\system32\todthwlw.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c04b7d.qua'! C:\WINDOWS\system32\qjhebbyx.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c44b78.qua'! C:\WINDOWS\system32\mxtclerq.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d04b87.qua'! C:\WINDOWS\system32\ueuspbym.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d14b74.qua'! C:\WINDOWS\system32\oaranaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46ce4b71.qua'! C:\WINDOWS\system32\laomiqyf.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cb4b72.qua'! C:\WINDOWS\system32\hxeuebtf.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c14b8a.qua'! C:\WINDOWS\system32\nsioyaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54b85.qua'! C:\WINDOWS\system32\yeykyfjm.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d54b77.qua'! C:\WINDOWS\system32\vtytlaqn.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d54b87.qua'! C:\WINDOWS\system32\wmcyaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46bf4b81.qua'! C:\WINDOWS\system32\sdwxakhf.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d34b79.qua'! C:\WINDOWS\system32\oabqaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47340d5b.qua'! C:\WINDOWS\system32\aeapwuud.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46bd4b7b.qua'! C:\WINDOWS\system32\bffbaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c24b7c.qua'! C:\WINDOWS\system32\rsnruqas.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46ca4b8a.qua'! C:\WINDOWS\system32\oagaaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b78.qua'! C:\WINDOWS\system32\uejtaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c64b7c.qua'! C:\WINDOWS\system32\xitsrapy.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d04b81.qua'! C:\WINDOWS\system32\cifpaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c24b82.qua'! C:\WINDOWS\system32\nxsaqaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cf4b91.qua'! C:\WINDOWS\system32\kecbfucn.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46bf4b7e.qua'! C:\WINDOWS\system32\uekiucnx.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c74b80.qua'! C:\WINDOWS\system32\pikckews.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c74b85.qua'! C:\WINDOWS\system32\aijkdjus.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c64b85.qua'! C:\WINDOWS\system32\wrpjpaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cc4b8f.qua'! C:\WINDOWS\system32\yfuqaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d14b83.qua'! C:\WINDOWS\system32\nxwadjtm.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d34b96.qua'! C:\WINDOWS\system32\yfkavlbh.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c74b84.qua'! C:\WINDOWS\system32\nxahcoeg.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46bd4b98.qua'! C:\WINDOWS\system32\lefmevnq.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c24b86.qua'! C:\WINDOWS\system32\lvhaetda.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c44b98.qua'! C:\WINDOWS\system32\ovdrnkdv.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c04b99.qua'! C:\WINDOWS\system32\euaodrtc.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47370db5.qua'! C:\WINDOWS\system32\isrpoaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46ce4b97.qua'! C:\WINDOWS\system32\qgiieaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54b8b.qua'! C:\WINDOWS\system32\iomwlkhq.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c94b95.qua'! C:\WINDOWS\system32\tpjaqqaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c64b9d.qua'! C:\WINDOWS\system32\jkdpfaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c04b98.qua'! C:\WINDOWS\system32\ueibaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54b93.qua'! C:\WINDOWS\system32\tpqxsnrf.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46cd4b9e.qua'! C:\WINDOWS\system32\cedifaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c04b96.qua'! C:\WINDOWS\system32\uacicqxu.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46bf4b92.qua'! C:\WINDOWS\system32\rsermjxc.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c14ba5.qua'! C:\WINDOWS\system32\mxuebaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46d14bab.qua'! C:\WINDOWS\system32\nxleuqkb.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c84bab.qua'! C:\WINDOWS\system32\tpfulaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c24ba4.qua'! C:\WINDOWS\system32\TFTP332 [DETECTION] Contains signature of the worm WORM/RBot.130901 [iNFO] The file was moved to '46b04b7a.qua'! C:\WINDOWS\system32\fershdfs.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46ce4b99.qua'! C:\WINDOWS\system32\xigaaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c34b9e.qua'! C:\WINDOWS\system32\wnijaaaa.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '46c54ba3.qua'! C:\WINDOWS\system32\ayczu.exe [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen [iNFO] The file was moved to '46bf4bae.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\OZG1Y9MJ06_regular[1].cab [0] Archive type: CAB (Microsoft) --> istactivex.dll [DETECTION] Is the Trojan horse TR/Dldr.Small.bph.1 [iNFO] The file was moved to '468c4b7b.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S5EN0D27\prompt[1].html [DETECTION] Contains signature of the Java script virus JS/Dldr.IstBar.J [iNFO] The file was moved to '46cb4bbd.qua'! C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\S1G9WHGN\MediaTicketsInstaller[1].cab [0] Archive type: CAB (Microsoft) --> MediaTicketsInstaller.ocx [DETECTION] Is the Trojan horse TR/Dldr.Agen.QT.2.D [iNFO] The file was moved to '46c04bb0.qua'! C:\WINDOWS\system32\ActiveScan\pskavs.dll [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738 [iNFO] The file was moved to '46c74c15.qua'! C:\WINDOWS\system\bremct32.dll [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46c14c20.qua'! C:\WINDOWS\Downloaded Program Files\installer.dll [DETECTION] Is the Trojan horse TR/Dldr.ClickMe.A.1 [iNFO] The file was moved to '46cf4dfb.qua'! C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_46923a7f\AV000013dc$000002cb.AV$ [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '468c4fae.qua'! C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_46923a7f\AV000013e0$000002ce.AV$ [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '4702132b.qua'! C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_46923a7f\AV000013c4$000002cf.AV$ [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '468c4faf.qua'! C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_46923a7f\AV000013b4$000002ca.AV$ [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '47021334.qua'! C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_46923a7f\AV000013ac$000002cd.AV$ [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '468c4fb1.qua'! C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_46923a7f\AV000013b4$000002d0.AV$ [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '47021336.qua'! C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\TEMP\AVGUARD_46923a7f\AV000013ac$000002d1.AV$ [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '468c4fb0.qua'! C:\Documents and Settings\Perso\bleh.exe [DETECTION] Contains signature of the worm WORM/Agobot.52505 [iNFO] The file was moved to '46c14fca.qua'! C:\Documents and Settings\Perso\~tmp0374.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '46c94fd3.qua'! C:\Program Files\Softwin\BitDefender9\Quarantine\spooIsv.exe [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/PoeBot.B.9 Backdoor server programs [iNFO] The file was moved to '46cb50d5.qua'! C:\Program Files\OneClick\AutoUpdate.exe [DETECTION] Is the Trojan horse TR/Dldr.ClickMe.A.6 [iNFO] The file was moved to '46d050de.qua'! C:\Program Files\OneClick\OneClick.exe [DETECTION] Is the Trojan horse TR/Dldr.ClickMe.A.3 [iNFO] The file was moved to '46c150d7.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067005.exe [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen [iNFO] The file was moved to '468c50dc.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067008.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '468c50dd.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067009.exe [DETECTION] Is the Trojan horse TR/Spy.LowZones.CT [iNFO] The file was moved to '47071b72.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067010.exe [DETECTION] Is the Trojan horse TR/Dldr.Small.dlw [iNFO] The file was moved to '468c50df.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067011.exe [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen [iNFO] The file was moved to '468c50de.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067012.exe [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen [iNFO] The file was moved to '47071b73.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067013.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '468c50d8.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067014.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b75.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067015.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b4c.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067016.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '468c50e1.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067017.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '47071b4e.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067018.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e0.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067019.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '47071b4d.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067020.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e2.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067021.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b4f.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067022.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e3.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067023.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b48.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067024.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e5.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067025.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b4a.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067026.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50fc.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067027.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b51.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067028.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50fe.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067029.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e7.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067030.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b44.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067031.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e9.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067032.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b46.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067033.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e4.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067034.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b49.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067035.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e6.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067036.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b4b.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067037.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50eb.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067038.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b40.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067039.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ed.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067040.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b42.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067041.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b53.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067042.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f8.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067043.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b55.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067044.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50fa.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067045.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ef.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067046.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b5c.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067047.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f1.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067048.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b5e.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067049.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50e8.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067050.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b45.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067051.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ea.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067052.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b47.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067053.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f3.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067054.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b58.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067055.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f5.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067056.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b57.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067057.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f4.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067058.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b59.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067059.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f6.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067060.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b5a.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067061.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f7.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067062.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b54.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067063.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f9.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067064.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ec.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067065.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b41.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067066.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ee.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067067.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b43.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067068.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b56.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067069.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50fb.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067070.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b50.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067071.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50fd.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067072.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b5b.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067073.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f0.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067074.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b5d.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067075.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50f2.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067076.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b52.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067077.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ff.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067078.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071aac.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067079.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c5101.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067080.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b5f.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067081.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50cc.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067082.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b61.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067083.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ce.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067084.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071aae.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067085.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c5103.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067086.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071aa8.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067087.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c5105.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067088.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b63.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067089.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50c8.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067090.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b65.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067091.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071aaa.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067092.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c5107.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067093.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071aa4.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067094.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c5109.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067095.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50ca.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067096.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b67.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067097.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c50c4.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067098.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071b69.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067099.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071aa6.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067100.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c510b.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067101.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '47071aa0.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067102.exe [DETECTION] Is the Trojan horse TR/Zapchast.CA.1 [iNFO] The file was moved to '468c510d.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067103.dll [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738 [iNFO] The file was moved to '468c50c6.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067104.dll [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '47071b6b.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067105.exe [DETECTION] Contains signature of the worm WORM/Agobot.52505 [iNFO] The file was moved to '468c50c0.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067106.exe [DETECTION] Contains suspicious code HEUR/Malware [iNFO] The file was moved to '47071aa2.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067107.exe [DETECTION] Contains a signature of the (dangerous) backdoor program BDS/PoeBot.B.9 Backdoor server programs [iNFO] The file was moved to '468c510f.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067108.exe [DETECTION] Is the Trojan horse TR/Dldr.ClickMe.A.6 [iNFO] The file was moved to '47071abc.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP219\A0067109.exe [DETECTION] Is the Trojan horse TR/Dldr.ClickMe.A.3 [iNFO] The file was moved to '468c5111.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP193\A0058837.exe [DETECTION] Is the Trojan horse TR/Dldr.DNSChanger.Gen [iNFO] The file was moved to '47071abe.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP213\A0062683.dll [DETECTION] Is the Trojan horse TR/Spy.BZub.FH.2 [iNFO] The file was moved to '468c512e.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP213\A0062685.exe [DETECTION] Is the Trojan horse TR/Dldr.ConHook.Gen [iNFO] The file was moved to '468c512f.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP213\A0062691.dll [DETECTION] Is the Trojan horse TR/Spy.BZub.FH.2 [iNFO] The file was moved to '47071a9c.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP214\A0062718.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '468c5131.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0064811.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [iNFO] The file was moved to '468c5134.qua'! C:\System Volume Information\_restore{80F67991-5EE3-42F5-ACD0-85E44CAFF994}\RP216\A0065825.exe [DETECTION] Contains suspicious code HEUR/Crypted [iNFO] The file was moved to '468c5135.qua'! C:\Recycled\Dc444.exe [DETECTION] Is the Trojan horse TR/Spy.BZub.FH.2 [iNFO] The file was moved to '4690516f.qua'! C:\Recycled\Dc537.exe [DETECTION] Is the Trojan horse TR/Spy.BZub.FH.2 [iNFO] The file was moved to '469151ad.qua'! C:\Recycled\Dc538.exe [DETECTION] Is the Trojan horse TR/Dldr.PP [iNFO] The file was moved to '47181102.qua'! C:\Recycled\Dc374.tmp\UniDist.ocx [DETECTION] Is the Trojan horse TR/Dldr.Dyfuca.BM [iNFO] The file was moved to '46c551b9.qua'! C:\Recycled\Dc23.tmp\istactivex.dll [DETECTION] Is the Trojan horse TR/Dldr.Small.bph.1 [iNFO] The file was moved to '46d051c0.qua'! C:\Recycled\Dc25.tmp\mm81.ocx [DETECTION] Is the Trojan horse TR/Dldr.Delf.NK.5 [iNFO] The file was moved to '469451bb.qua'! C:\Recycled\Dc26.tmp\MediaTicketsInstaller.ocx [DETECTION] Is the Trojan horse TR/Dldr.Agen.QT.2.D [iNFO] The file was moved to '46c051b3.qua'! Begin scan in 'D:\' <ANCIEN_C> Begin scan in 'E:\' <WINXP_02D> Begin scan in 'F:\' <RESTORE> Begin scan in 'G:\' <ANCIEN_D> Begin scan in 'A:\' Search path A:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: 2007-05-29 18:15 Used time: 29:52 min The scan has been done completely. 2354 Scanning directories 147566 Files were scanned 233 viruses and/or unwanted programs were found 18 classified as suspicious: 0 files were deleted 0 files were repaired 232 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 147315 Files not concerned 6525 Archives were scanned 2 Warnings 0 Notes 0 Hidden objects were found

Hello Bruce voila le rapport il me semble qu'il va un peu mieux bon y a toujours cette barre de security toolbar merci Deckard's System Scanner v20070426.43 Run by Perso on 2007-05-31 at 14:23:38 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 29: 2007-05-31 12:23:51 UTC - RP220 - Deckard's System Scanner Restore Point 28: 2007-05-29 15:02:18 UTC - RP219 - AntiVir PersonalEdition Classic - 2007-05-29 17:01 27: 2007-05-28 06:28:09 UTC - RP218 - Software Distribution Service 2.0 26: 2007-05-27 17:51:37 UTC - RP217 - Point de vérification système 25: 2007-05-19 06:30:29 UTC - RP216 - Software Distribution Service 2.0 -- First Restore Point -- 1: 2007-03-01 07:12:55 UTC - RP192 - Point de vérification système Backed up registry hives. Performed disk cleanup. -- HijackThis (run as Perso.exe) ----------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 14:25, on 2007-05-31 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Security Tools\iesmn.exe C:\Program Files\Security Tools\imsmain.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\Program Files\Security Tools\imsmn.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Security Tools\iesmin.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Security Tools\iesmin.exe C:\Documents and Settings\Perso\Bureau\dss.exe C:\PROGRA~1\HIJACK~1\Perso.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch/index_f.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {08C99AA7-8187-4811-854D-8CBDA7C2F906} - c:\windows\system32\opbaopb.dll (file missing) O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINDOWS\system\bremct32.dll (file missing) O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Security Tools\iesplg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Security Tools\iesbpl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe O4 - HKLM\..\Run: [spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [bDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe" O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe O4 - HKLM\..\RunServices: [Micros0ft Updote] FmMPacK32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bluewin.ch/index_f.html O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{3202F990-3974-4BFA-ABEC-D54D3C6B4D4C}: NameServer = 85.255.115.94,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\..\{3DFC83E6-5612-4887-83BA-13129407C021}: NameServer = 85.255.115.94,85.255.112.24 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24 O17 - HKLM\System\CS1\Services\Tcpip\..\{3202F990-3974-4BFA-ABEC-D54D3C6B4D4C}: NameServer = 85.255.115.94,85.255.112.24 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.94 85.255.112.24 O20 - Winlogon Notify: pnctghke - opbaopb.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing) -- File Associations ----------------------------------------------------------- All associations okay. -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R3 Mtlmnt5 - c:\windows\system32\drivers\mtlmnt5.sys <Not Verified; ; Modem for Windows NT 5.0> R3 Slntamr (SmartLink AMR_PCI Driver) - c:\windows\system32\drivers\slntamr.sys <Not Verified; ; HAMR56> R3 SlWdmSup - c:\windows\system32\drivers\slwdmsup.sys <Not Verified; Vireo Software; Driver::Works> S2 FILESpy - c:\program files\softwin\bitdefender9\filespy.sys (file missing) S2 REGSpy - c:\program files\softwin\bitdefender9\regspy.sys (file missing) S3 Mtlstrm - c:\windows\system32\drivers\mtlstrm.sys <Not Verified; ; Modem for Windows NT> S3 NtMtlFax - c:\windows\system32\drivers\ntmtlfax.sys <Not Verified; ; Modem for windows NT> S3 SlNtHal - c:\windows\system32\drivers\slnthal.sys <Not Verified; ; Modem for windows NT> S3 V90drv - c:\windows\system32\drivers\v90drv.sys <Not Verified; ; Modem for windows NT> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 AntiVirScheduler (AntiVir PersonalEdition Classic Scheduler) - "c:\program files\antivir personaledition classic\sched.exe" <Not Verified; Avira GmbH; Scheduler> R2 SLService (SmartLinkService) - slserv.exe <Not Verified; ; Modem> -- Files created between 2007-04-30 and 2007-05-31 ----------------------------- 2007-05-31 14:18:55 0 d-------- C:\Documents and Settings\LocalService\Application Data\Macromedia 2007-05-29 17:41:24 0 --a------ C:\WINDOWS\system32\kernel32.exe 2007-05-29 17:02:49 0 d-------- C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic 2007-05-28 17:32:35 0 d-------- C:\VundoFix Backups 2007-05-28 17:23:39 2142 --a------ C:\WINDOWS\system32\tmp.reg 2007-05-28 17:20:00 51200 --a------ C:\WINDOWS\system32\dumphive.exe 2007-05-28 17:19:59 288417 --a------ C:\WINDOWS\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS> 2007-05-28 16:09:27 53248 --a------ C:\WINDOWS\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility> 2007-05-28 16:07:11 0 d-------- C:\Program Files\Navilog1 2007-05-28 15:12:53 0 d-------- C:\WINDOWS\system32\ActiveScan 2007-05-28 15:05:28 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2007-05-27 18:49:38 202 --a------ C:\WINDOWS\1809.exe 2007-05-21 21:26:41 0 --a------ C:\WINDOWS\update7.exe 2007-05-20 00:14:20 0 d--hs---- C:\FOUND.009 2007-05-19 07:58:26 51200 --a------ C:\WINDOWS\dsb.exe 2007-05-17 23:07:13 20272 --a------ C:\WINDOWS\x.exe 2007-05-17 22:55:29 0 d-------- C:\Program Files\Security Tools 2007-05-13 19:42:28 51200 --a------ C:\WINDOWS\system32\hbaaaaaa.exe 2007-05-05 07:58:02 0 d--hs---- C:\FOUND.008 -- Find3M Report --------------------------------------------------------------- 2007-05-31 14:26:30 81984 --a------ C:\WINDOWS\system32\bdod.bin 2007-05-31 14:08:44 31 --a------ C:\WINDOWS\system32\getfile.dat 2007-05-20 16:45:18 44640 --a------ C:\WINDOWS\system32\ipv6monr.dll 2007-05-16 21:28:30 45664 --a------ C:\WINDOWS\system32\ipv6mons.dll 2007-03-19 11:15:50 21246 --a------ C:\WINDOWS\nsreg.dat -- Registry Dump --------------------------------------------------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {08C99AA7-8187-4811-854D-8CBDA7C2F906} c:\windows\system32\opbaopb.dll [x] {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll {696A82AF-3AD8-5A16-A1CA-32A59A63A863} C:\WINDOWS\system\bremct32.dll [x] {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} C:\Program Files\Security Tools\iesplg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "NvCplDaemon"="RUNDLL32.EXE NvQTwk,NvCplDaemon initialize" "CHotkey"="mHotkey.exe" "Configuration Loader"="scvhost.exe" "Spooler SubSystem App"="C:\\WINDOWS\\system32\\spooIsv.exe" "BDMCon"="c:\\progra~1\\softwin\\bitdef~1\\bdmcon.exe" "BDOESRV"="\"C:\\Program Files\\Softwin\\BitDefender9\\bdoesrv.exe\"" "BDNewsAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdnagent.exe\"" "BDSwitchAgent"="\"c:\\progra~1\\softwin\\bitdef~1\\bdswitch.exe\"" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "avgnt"="\"C:\\Program Files\\AntiVir PersonalEdition Classic\\avgnt.exe\" /min" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices] "Configuration Loader"="scvhost.exe" "Micros0ft Updote"="FmMPacK32.exe" [HKEY_USERS\.default\software\microsoft\windows\currentversion\run] "CTFMON.EXE"="C:\\WINDOWS\\System32\\ctfmon.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run] "user32.dll"="C:\\Program Files\\Security Tools\\iesmn.exe" "rare"="C:\\Program Files\\Security Tools\\imsmain.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler] "{0c5a0fff-9164-493b-93e0-17446374e0a0}"="inflexive" HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pnctghke [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "appinit_dlls"="sockspy.dll" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\ Security Packages REG_MULTI_SZ kerberosmsv1_0schannelwdigest\ Notification Packages REG_MULTI_SZ scecli\ [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Rappels du Calendrier Microsoft Works.lnk] "path"="C:\\Documents and Settings\\All Users\\Menu Démarrer\\Programmes\\Démarrage\\Rappels du Calendrier Microsoft Works.lnk" "backup"="C:\\WINDOWS\\pss\\Rappels du Calendrier Microsoft Works.lnkCommon Startup" "location"="Common Startup" "command"="C:\\PROGRA~1\\FICHIE~1\\MICROS~1\\WORKSS~1\\wkcalrem.exe " "item"="Rappels du Calendrier Microsoft Works" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Micros0ft Updote] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="FmMPacK32" "hkey"="HKLM" "command"="FmMPacK32.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WksSb" "hkey"="HKLM" "command"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="WkDetect" "hkey"="HKCU" "command"="C:\\Program Files\\Microsoft Works\\WkDetect.exe" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" "item"="msmsgs" "hkey"="HKCU" "command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "inimapping"="0" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=dword:00000002 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\ NetworkService REG_MULTI_SZ DnsCache\ rpcss REG_MULTI_SZ RpcSs\ imgsvc REG_MULTI_SZ StiSvc\ termsvcs REG_MULTI_SZ TermService\ HTTPFilter REG_MULTI_SZ HTTPFilter\ DcomLaunch REG_MULTI_SZ DcomLaunchTermService\ hklm\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs* gb -- End of Deckard's System Scanner: finished at 2007-05-31 at 14:28:58 ---------

Hello Bruce... je t'ecrit de ma maison! j'ai jamais vu ca!!!!! pour ouvrir une page il te faut pas loin de 6minutes...son Bitdefender vient toujours annoncer les virus qu'il a soit disant bloquer... rien que pour poster le dernier post il m'as fallu 18 m alors j'ai telecharger antivir j'ai essayer de le parameter au mieux je suis parti en mode sans echec j'ai vider les dossiers temp..nettoyer le disque et lancer antivir.... et la il trouver des virus à la pelle..... j'ai mis pour quarantaine et je l'ai laisser comme ca...... je pense qu'il va lui falloir 2 h pour faire le scan... je lui est dit de sauver si il y avait un rapport antivirus...comme ca ja pourrais te poster le resultat je pense vendredi...car je n'arrive plus a passer chez lui avant!! Pense tu que j'ai entrepris la bonne formule?? encore un grand merci pour ton aide Jacks

Hello impossible combox n'arrive pas a ce lancer.... je pensais faire un antivirus antivir en mode sans echec + vider les dossiers temp et nettoyage du disque.. qu'en pense tu??

Hello Bruce.... en fait maintenant je t'explique... ce probleme survient de chez un ami ... et tout ce que j'ai deja poster ce soir c'etait avec une grande difficulté... l'ordi etait lent comme jamais et cette utilitaire presumé de securité s'ouvrait tout le temps...... Comme je n'avait plus le temps car le dernier outil que tu m'as dit de faire etait extrainnement longs...j'ai du partir et comme il ne connais rien de l'ordi je ne pense pas qu'il puisse te poster le dernier rapport si j'arrive je repasserai chez lui cette semaine pour finir le travail.... Mais dit moi il à l'air drolement infecter son ordi??? pense tu que j'arriverai à lui rendre un ordi sain??? si jamais en attendant un grand merci

Hello voila le premier SmitFraudFix v2.188 Rapport fait à 17:22:41.59, 28.05.2007 Executé à partir de D:\Mes documents\Telechargement\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est FAT32 Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Security Tools\iesmn.exe C:\Program Files\Security Tools\imsmain.exe C:\Program Files\Security Tools\imsmn.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\Program Files\Security Tools\iesmin.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe c:\progra~1\softwin\bitdef~1\bdmcon.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\x.exe PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\dtjby.dll PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Perso »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Perso\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\PERSO\FAVORIS C:\DOCUME~1\PERSO\FAVORIS\Online Security Test.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Security Tools\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{0c5a0fff-9164-493b-93e0-17446374e0a0}"="inflexive" [HKEY_CLASSES_ROOT\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}\InProcServer32] @="C:\WINDOWS\system32\dtjby.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0c5a0fff-9164-493b-93e0-17446374e0a0}\InProcServer32] @="C:\WINDOWS\system32\dtjby.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="sockspy.dll" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets DNS Server Search Order: 213.221.128.240 DNS Server Search Order: 213.221.144.250 HKLM\SYSTEM\CCS\Services\Tcpip\..\{3DFC83E6-5612-4887-83BA-13129407C021}: DhcpNameServer=213.221.128.240 213.221.144.250 HKLM\SYSTEM\CS1\Services\Tcpip\..\{3DFC83E6-5612-4887-83BA-13129407C021}: DhcpNameServer=213.221.128.240 213.221.144.250 HKLM\SYSTEM\CS3\Services\Tcpip\..\{3DFC83E6-5612-4887-83BA-13129407C021}: DhcpNameServer=213.221.128.240 213.221.144.250 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.221.128.240 213.221.144.250 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin

Search Navipromo version 2.0.2 commencé le 28.05.2007 à 16:11:03.16 !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!! !!! Poster ce rapport sur le forum pour le faire analyser !!! !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!! Fix lancé depuis C:\Program Files\navilog1 Mise a jour le 17.05.2007 a 23h00 by IL-MAFIOSO Executé en mode normal *** Recherche Programmes installes *** *** Recherche dossiers dans C:\WINDOWS *** *** Recherche dossiers dans C:\Program Files *** *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data *** *** Recherche dossiers dans C:\Documents and Settings\Perso\Application Data *** *** Recherche avec BlackLight Engine/F-secure *** BlackLight Engine est un produit de F-secure, pour + d'infos : http://www.f-secure.com/blacklight/blacklight_help.html F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR ====================================== Copyright 2005-2006 F-Secure Corporation. All rights reserved. This is a beta version. It will expire on 1st of April, 2007. Version information: 2.2.1061. [+] Started on 05/28/07 at 16:11:13. [+] Initializing ... [+] Starting scan, press Ctrl-C to abort. [+] Scanning for hidden items ................... [+] Scan complete. [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming. [+] Exited on 05/28/07 at 16:12:38 (return code = 0). *** Recherche fichiers *** *** Recherche cles registre *** Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] Recherche Clé Magic Control *** Module de Recherche complémentaire *** (Recherche fichiers spécifiques) 1)Recherche fichiers connus: 2)Recherche Heuristique : * ** *** **** ***** ****** ******* ******** *** Analyse Terminé le 28.05.2007 à 16:15:16.58 ***

Hello j'arrive pas à faire grand chose avec l'ordi regarde deja mon rapport merci Logfile of HijackThis v1.99.1 Scan saved at 15:42:13, on 28.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Security Tools\iesmn.exe C:\Program Files\Security Tools\imsmain.exe C:\Program Files\Softwin\BitDefender9\bdoesrv.exe C:\progra~1\softwin\bitdef~1\bdnagent.exe C:\progra~1\softwin\bitdef~1\bdswitch.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Security Tools\imsmn.exe C:\Program Files\Security Tools\iesmin.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe C:\Program Files\Softwin\BitDefender9\vsserv.exe c:\progra~1\softwin\bitdef~1\bdmcon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\DOCUME~1\Perso\LOCALS~1\Temp\Répertoire temporaire 1 pour hijackthis.zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bookmarks.bluewin.ch/f/searchpane.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bluewin.ch/index_f.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: (no name) - {08C99AA7-8187-4811-854D-8CBDA7C2F906} - c:\windows\system32\opbaopb.dll O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll O2 - BHO: Explorer Helper - {696A82AF-3AD8-5A16-A1CA-32A59A63A863} - C:\WINDOWS\system\bremct32.dll O2 - BHO: (no name) - {73364D99-1240-4dff-B12A-67E448373148} - C:\WINDOWS\system32\ipv6monr.dll (file missing) O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Security Tools\iesplg.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Security Tools\iesbpl.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [Configuration Loader] scvhost.exe O4 - HKLM\..\Run: [spooler SubSystem App] C:\WINDOWS\system32\spooIsv.exe O4 - HKLM\..\Run: [bDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe O4 - HKLM\..\Run: [bDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe" O4 - HKLM\..\Run: [bDNewsAgent] "c:\progra~1\softwin\bitdef~1\bdnagent.exe" O4 - HKLM\..\Run: [bDSwitchAgent] "c:\progra~1\softwin\bitdef~1\bdswitch.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunServices: [Configuration Loader] scvhost.exe O4 - HKLM\..\RunServices: [Micros0ft Updote] FmMPacK32.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: MS_update_0704_KB74073.exe O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bluewin.ch/index_f.html O16 - DPF: {01347765-1965-426B-91A4-AA6BB342B9A3} (InstallerObj Class) - http://www.1-click.com/common/files/instal...hidden-test.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.zebulon.fr/outils/antivirus/kav...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: pnctghke - C:\WINDOWS\SYSTEM32\opbaopb.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\ O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing) O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Hello la communauté quelqu'un peut il me conseiller sur drivecleaner proposer par security toolbar 7.1???? cette fenetre s'ouvre intenpestivement et ne me laisse pas le choix de telecharger un programe pour nettoyer l'ordi merci Jacks

Bonjour vu que personne ne reponds a mon post dois je en conclure que tout est clean? merci Jacks

Hello... voila j'ai appliquer la procedure et en plus j'ai fait un AVG en mode sans echec...--------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 20:23:44 26.05.2007 + Résultat de l'analyse: Rien à signaler. Fin du rapport apres rapport de l'antivirus AntiVir PersonalEdition Classic Report file date: samedi, 26. mai 2007 18:53 Scanning for 792110 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Jean-Jacques Computer name: JEAN-F2991C1281 Version information: BUILD.DAT : 247 14437 Bytes 10.05.2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20.04.2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27.03.2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27.03.2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19.03.2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31.05.2006 13:08:58 ANTIVIR1.VDF : 6.38.1.170 5569024 Bytes 21.05.2007 16:38:34 ANTIVIR2.VDF : 6.38.1.171 2048 Bytes 21.05.2007 16:38:34 ANTIVIR3.VDF : 6.38.1.193 123904 Bytes 25.05.2007 16:38:34 AVEWIN32.DLL : 7.4.0.27 2478592 Bytes 26.05.2007 16:38:34 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26.02.2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27.03.2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16.04.2007 12:16:24 AVPACK32.DLL : 7.3.0.9 360488 Bytes 26.05.2007 16:38:34 AVREG.DLL : 7.0.1.2 31784 Bytes 15.03.2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27.03.2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02.05.2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08.03.2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13.03.2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19.03.2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: F:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi, 26. mai 2007 18:53 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'hpgs2wnf.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '18' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\ActiveScan\pskavs.dll [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738 [iNFO] The file was moved to '46c3755a.qua'! Begin scan in 'D:\' Begin scan in 'E:\' <My Disc> Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: samedi, 26. mai 2007 20:04 Used time: 1:10:44 min The scan has been done completely. 5263 Scanning directories 170832 Files were scanned 1 viruses and/or unwanted programs were found 0 classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 170831 Files not concerned 1191 Archives were scanned 1 Warnings 6 Notes 0 Hidden objects were found Puis rapport Hijackthis Logfile of HijackThis v1.99.1 Scan saved at 20:30:04, on 26.05.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16441) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\USBPlug.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE C:\program files\netappel\netappel.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\WinTV\Ir.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tsr.ch/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [dscService] C:\WINDOWS\system32\USBPlug.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE" O4 - HKCU\..\Run: [NetAppel] "C:\program files\netappel\netappel.exe" -nosplash -minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - Global Startup: AutoStart IR.lnk = C:\Program Files\WinTV\Ir.exe O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {4CCA4E6B-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/instal...tallMgr_v01.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1131979992390 O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://config.zebulon.fr/plugins/hardwaredetection.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe Merci beaucoup amicalement Jacks Si jamais j'ai refait un scan kasperski et tout à l'air en ordre mais dites moi quand meme si il y a un soucis [/url][/img]