Help virtumonde.kw

bonsoir dave2999

~Télécharge VundoFix.exe (par Atribune) sur ton Bureau.
http://www.atribune.org/ccount/click.php?id=4
Double-clique VundoFix.exe afin de le lancer
Clique sur le bouton Scan for Vundo.
~Lorsque le scan est complété, clique sur le bouton Remove Vundo
Une invite te demandera si tu veux supprimer les fichiers, clique YES
Après avoir cliqué "Yes", le Bureau disparaîtra un moment lors de la suppression des fichiers
Tu verras une invite qui t'annonce que ton PC va redémarrer; clique OK.
~Copie/colle le contenu du rapport situé dans C:\vundofix.txt ainsi qu'un nouveau rapport HijackThis dans ta prochaine réponse
Note: Il est possible que VundoFix soit confronté à un fichier qu'il ne peut supprimer. Si tel est le cas, l'outil se lancera au prochain redémarrage; il faut simplement suivre les instructions ci-haut, à partir de "clique sur le bouton Scan for Vundo

Re sham-rock j'ai deja essayer vundo , navilog , combofix il detecte toute rien =(

( je vais quand meme te donner le rapport )

oui, je veux bien voir  

VundoFix V6.5.6

Checking Java version...

Java version is 1.5.0.3
Old versions of java are exploitable and should be removed.

Scan started at 04:54:14 06/08/2007

Listing files found while scanning....

No infected files were found.

si vundo etais la pour supprimer les 2 fichier que je me rapelle plus au moins tmp qui se trouvais ici C:\Documents and Settings\Administrateur\Application Data

mon anti virus les a supprimer /

Petite précision, vundo était là pour "C:\WINDOWS\system32\mciaecx.dll".

ok mais il ne le detecte pas, comment le supprimer alors ?

~Télécharge OTMoveIt (d'OldTimer). Sauvegarde-le sur ton Bureau.

~Lance Hijackthis “Do a system scan only”.
Coche les lignes qui suivent si encore présentes et uniquement celles-là.

O2 - BHO: (no name) - {6e37166b-f5d7-44c2-b12e-bf3f7a20352b} - C:\WINDOWS\system32\mciaecx.dll
O20 - AppInit_DLLs: c:\windows\system32\awtstus.dll
O20 - Winlogon Notify: mciaecx - C:\WINDOWS\SYSTEM32\mciaecx.dll



Clique sur Fix checked (en bas à gauche)

~Sélectionne TOUS les emplacements suivants :




---> Clique-droit puis Copier (ou Ctrl+C)
~Double-clique sur OTMoveIt.exe afin de le lancer.
fais un Clique-droit sur le cadre de gauche puis choisis Coller. (ou Ctrl+V).
~Clique maintenant sur [#ff0000]MoveIt![/#f]

bonsoir Omar  

bonsoir  
(je m'instruis  )

re sham-rock

j'ai fais hijackthis et sa me donne cet erreur meme en mode sans echec  

http://www.hiboox.com/lang-fr/image.php?img=k79r3bsu.jp...

( la ma faire otmoveit )

ok
le temps que je recherche,

désinstalle via ajout suppression de programme les restes de norton et d'antivir.

sa y est  

DllUnregisterServer procedure not found in C:\WINDOWS\SYSTEM32\mciaecx.dll
C:\WINDOWS\SYSTEM32\mciaecx.dll NOT unregistered.
File move failed. C:\WINDOWS\SYSTEM32\mciaecx.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in c:\windows\system32\awtstus.dll
c:\windows\system32\awtstus.dll NOT unregistered.
File move failed. c:\windows\system32\awtstus.dll scheduled to be moved on reboot.
DllUnregisterServer procedure not found in C:\WINDOWS\system32\mciaecx.dll
C:\WINDOWS\system32\mciaecx.dll NOT unregistered.
File move failed. C:\WINDOWS\system32\mciaecx.dll scheduled to be moved on reboot.

Created on 08/06/2007 05:12:33

=================

Logfile of HijackThis v1.99.1
Scan saved at 05:18:27, on 06/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {6e37166b-f5d7-44c2-b12e-bf3f7a20352b} - C:\WINDOWS\system32\mciaecx.dll (file missing)
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\windows\system32\awtstus.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: mciaecx - mciaecx.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe


et les anti virus je ne les trouve pas ..

tu n'as pas accepté le reboot?

C:\Program Files\AntiVir PersonalEdition Classic
C:\Program Files\Fichiers communs\Symantec Shared

+++++++++++++++++++++

Télécharge Combofix de sUBs :
combofix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

Double-clic sur combofix, Il va te poser une question, réponds en appuyant sur la touche1 puis attends que combofix ait terminé, il est possible que ton PC reboot, c’est normal, un rapport sera créé. Poste le rapport.

ajoute un nouveau rapport Hijackthis.

anti vir quand je les installer il y a eu un "bog" il ne voulais pas s'activer et aussi le dossier est introuvable

dsl je vien de remarquer qui est pas a jours ma re faire un scan

Voici le rapport j'ai remarker que ce fichier serai suposer d'etre supprimer par vundofix C:\WINDOWS\system32\jkhhfee.dll

ComboFix 07-08-04.3 - "Administrateur" 2007-08-06 5:40:56.2 [GMT 2:00] - NTFS
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.Vrai
* Created a new restore point


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 03:43 <REP> d-------- C:\VundoFix Backups
2007-08-06 03:41 <REP> d-------- C:\Program Files\Navilog1
2007-08-05 22:15 8,992 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-05 22:15 629,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-05 22:15 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-08-05 20:26 13,380 --a------ C:\WINDOWS\system32\mljjkig.dll
2007-08-05 18:16 13,380 --a------ C:\WINDOWS\system32\jkhhfee.dll
2007-08-05 14:45 13,380 --a------ C:\WINDOWS\system32\awtqrqp.dll
2007-08-05 12:14 13,380 --a------ C:\WINDOWS\system32\geedcax.dll
2007-08-05 08:34 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-05 07:15 18 --a------ C:\WINDOWS\system32\dnd8d424dd.dat
2007-08-05 07:04 25,664 --a------ C:\WINDOWS\system32\oVurBytR.exe
2007-08-04 10:41 <REP> d-------- C:\Program Files\eMule
2007-08-03 23:08 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 23:08 <REP> dr-h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
2007-08-03 23:03 <REP> d-------- C:\Program Files\CAPCOM
2007-08-02 11:20 <REP> d-------- C:\Program Files\Microsoft Games
2007-08-02 05:51 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-08-02 05:50 <REP> d-------- C:\Program Files\Google
2007-08-02 02:15 <REP> d-------- C:\Soldat
2007-08-02 01:10 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-02 01:10 <REP> d-------- C:\Program Files\DAP
2007-08-02 01:04 <REP> d-------- C:\Program Files\Serials 2000 7.1 Plus
2007-08-01 22:39 <REP> d-------- C:\Program Files\Dolphin
2007-08-01 13:11 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-08-01 13:11 981,504 --a--c--- C:\WINDOWS\system32\dllcache\wmnetmgr.dll
2007-08-01 13:11 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-08-01 13:11 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-08-01 13:11 816,264 --a--c--- C:\WINDOWS\system32\dllcache\wmvdmod.dll
2007-08-01 13:11 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-08-01 13:11 81,408 --a--c--- C:\WINDOWS\system32\dllcache\logagent.exe
2007-08-01 13:11 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-08-01 13:11 760,968 --a--c--- C:\WINDOWS\system32\dllcache\wmsdmod.dll
2007-08-01 13:11 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-08-01 13:11 670,208 --a--c--- C:\WINDOWS\system32\dllcache\wmadmoe.dll
2007-08-01 13:11 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-08-01 13:11 6,656 --a--c--- C:\WINDOWS\system32\dllcache\laprxy.dll
2007-08-01 13:11 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-08-01 13:11 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-08-01 13:11 410,248 --a--c--- C:\WINDOWS\system32\dllcache\wmadmod.dll
2007-08-01 13:11 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-08-01 13:11 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-08-01 13:11 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-08-01 13:11 241,664 --a--c--- C:\WINDOWS\system32\dllcache\qasf.dll
2007-08-01 13:11 241,664 --a--c--- C:\WINDOWS\system32\dllcache\mpg4dmod.dll
2007-08-01 13:11 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-08-01 13:11 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-08-01 13:11 218,112 --a--c--- C:\WINDOWS\system32\dllcache\wmasf.dll
2007-08-01 13:11 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2007-08-01 13:11 2,058,888 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-08-01 13:11 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-08-01 13:11 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-08-01 13:10 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-08-01 13:10 82,432 --a--c--- C:\WINDOWS\system32\dllcache\drmstor.dll
2007-08-01 13:10 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-08-01 13:10 678,912 --a--c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2007-08-01 13:10 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-08-01 13:10 301,712 --a--c--- C:\WINDOWS\system32\dllcache\drmclien.dll
2007-08-01 13:10 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-08-01 13:10 253,952 --a--c--- C:\WINDOWS\system32\dllcache\msnetobj.dll
2007-08-01 13:10 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-08-01 13:10 232,960 --a--c--- C:\WINDOWS\system32\dllcache\blackbox.dll
2007-08-01 13:10 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-08-01 13:10 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-08-01 13:07 <REP> d-------- C:\Program Files\Codemasters
2007-08-01 12:16 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-08-01 12:08 <REP> d-------- C:\Program Files\THQ
2007-08-01 12:05 <REP> d-------- C:\Program Files\DAEMON Tools
2007-08-01 12:03 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-01 06:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 05:44 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-01 05:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-01 05:44 1,006 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 05:31 <REP> d--hs---- C:\WINDOWS\system32\28463
2007-08-01 04:54 <REP> d--h----- C:\WINDOWS\PIF
2007-08-01 03:00 310,272 --a------ C:\WINDOWS\system32\dllcache\winhttp.dll
2007-08-01 03:00 223,232 --a------ C:\WINDOWS\system32\qmgr.dll
2007-08-01 03:00 223,232 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2007-08-01 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-01 03:00 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-08-01 03:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-08-01 03:00 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-08-01 03:00 <REP> d-------- C:\WINDOWS\system32\bits
2007-08-01 00:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
2007-08-01 00:45 <REP> d-------- C:\Program Files\ZenGems
2007-07-31 05:45 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-31 03:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-07-31 03:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-07-31 03:03 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-31 03:01 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-31 02:59 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:59 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-31 02:59 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:59 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:59 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-07-31 02:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-07-31 01:17 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-31 00:58 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-07-31 00:52 <REP> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-07-31 00:46 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 05:13 1604 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-06 05:13 10808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-01 12:06 71248 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-08-01 12:06 458230 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-21 04:08 520704 --a------ C:\WINDOWS\system32\winlogon.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e37166b-f5d7-44c2-b12e-bf3f7a20352b}]
C:\WINDOWS\system32\mciaecx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 12:57]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-02 01:17]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-07-24 07:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mciaecx]
mciaecx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\awtstus.dll

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R1 avipbb;avipbb;C:\WINDOWS\System32\DRIVERS\avipbb.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\System32\drivers\SCDEmu.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\System32\DRIVERS\v2imount.sys
S3 TSP;TSP;\??\C:\WINDOWS\system32\drivers\klif.sys
S3 WimFltr;WimFltr;C:\WINDOWS\System32\DRIVERS\wimfltr.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - APPMGMT

Contents of the 'Scheduled Tasks' folder
2007-08-05 22:01:43 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At11.job
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 11:01:06 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 12:01:06 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 13:01:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 14:01:00 C:\WINDOWS\Tasks\At17.job
2007-08-05 15:01:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 16:01:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 23:01:01 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 17:01:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 19:01:00 C:\WINDOWS\Tasks\At22.job
2007-08-05 20:01:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 00:01:06 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 01:01:01 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 02:01:46 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 03:01:33 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 06:01:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\System32\oVurBytR.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 05:43:52
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 5:45:08
C:\ComboFix2.txt ... 2007-08-05 08:40
C:\ComboFix3.txt ... 2007-08-01 06:09

--- E O F ---

re

1

Copie (Ctrl+C) le texte ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte que tu viens de copier.
Sauvegarde ce fichier sous le nom de CFScript.txt

Fait un glisser/déposer de ce fichier CFScript sur le fichier ComboFix.exe comme sur la capture

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.

Une fois le scan achevé, un rapport va s'afficher: poste son contenu.

Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt

2

Analyse ce fichier :


C:\WINDOWS\System32\oVurBytR.exe

Sur le site de virustotal
http://www.virustotal.com/en/virustotalx.html
Clique ensuite sur Send
poste-nous le rapport.
Note :

Citation :

Pour afficher les dossiers et fichiers cachés du système:
Panneau de configuration/Options des dossiers/onglet Affichage/cocher Afficher les fichiers et dossiers cachés, décocher Masquer les extensions de fichiers connus, décocher Masquer les fichiers protégés du Système.

Les fichiers et dossiers cachés du système apparaissent alors dans l'explorateur Windows en transparence.

Voici le nouveau rapport combofix

ComboFix 07-08-04.3 - "Administrateur" 2007-08-06 6:14:24.3 [GMT 2:00] - NTFS
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.Vrai
Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\awtqrqp.dll
C:\WINDOWS\system32\geedcax.dll
C:\WINDOWS\system32\jkhhfee.dll
C:\WINDOWS\system32\mljjkig.dll


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 03:43 <REP> d-------- C:\VundoFix Backups
2007-08-06 03:41 <REP> d-------- C:\Program Files\Navilog1
2007-08-05 22:15 926,496 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-05 22:15 12,320 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-05 22:15 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-08-05 08:34 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-05 07:15 18 --a------ C:\WINDOWS\system32\dnd8d424dd.dat
2007-08-05 07:04 25,664 --a------ C:\WINDOWS\system32\oVurBytR.exe
2007-08-04 10:41 <REP> d-------- C:\Program Files\eMule
2007-08-03 23:08 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 23:08 <REP> dr-h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
2007-08-03 23:03 <REP> d-------- C:\Program Files\CAPCOM
2007-08-02 11:20 <REP> d-------- C:\Program Files\Microsoft Games
2007-08-02 05:51 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-08-02 05:50 <REP> d-------- C:\Program Files\Google
2007-08-02 02:15 <REP> d-------- C:\Soldat
2007-08-02 01:10 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-02 01:10 <REP> d-------- C:\Program Files\DAP
2007-08-02 01:04 <REP> d-------- C:\Program Files\Serials 2000 7.1 Plus
2007-08-01 22:39 <REP> d-------- C:\Program Files\Dolphin
2007-08-01 13:11 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-08-01 13:11 981,504 --a--c--- C:\WINDOWS\system32\dllcache\wmnetmgr.dll
2007-08-01 13:11 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-08-01 13:11 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-08-01 13:11 816,264 --a--c--- C:\WINDOWS\system32\dllcache\wmvdmod.dll
2007-08-01 13:11 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-08-01 13:11 81,408 --a--c--- C:\WINDOWS\system32\dllcache\logagent.exe
2007-08-01 13:11 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-08-01 13:11 760,968 --a--c--- C:\WINDOWS\system32\dllcache\wmsdmod.dll
2007-08-01 13:11 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-08-01 13:11 670,208 --a--c--- C:\WINDOWS\system32\dllcache\wmadmoe.dll
2007-08-01 13:11 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-08-01 13:11 6,656 --a--c--- C:\WINDOWS\system32\dllcache\laprxy.dll
2007-08-01 13:11 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-08-01 13:11 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-08-01 13:11 410,248 --a--c--- C:\WINDOWS\system32\dllcache\wmadmod.dll
2007-08-01 13:11 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-08-01 13:11 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-08-01 13:11 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-08-01 13:11 241,664 --a--c--- C:\WINDOWS\system32\dllcache\qasf.dll
2007-08-01 13:11 241,664 --a--c--- C:\WINDOWS\system32\dllcache\mpg4dmod.dll
2007-08-01 13:11 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-08-01 13:11 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-08-01 13:11 218,112 --a--c--- C:\WINDOWS\system32\dllcache\wmasf.dll
2007-08-01 13:11 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2007-08-01 13:11 2,058,888 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-08-01 13:11 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-08-01 13:11 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-08-01 13:10 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-08-01 13:10 82,432 --a--c--- C:\WINDOWS\system32\dllcache\drmstor.dll
2007-08-01 13:10 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-08-01 13:10 678,912 --a--c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2007-08-01 13:10 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-08-01 13:10 301,712 --a--c--- C:\WINDOWS\system32\dllcache\drmclien.dll
2007-08-01 13:10 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-08-01 13:10 253,952 --a--c--- C:\WINDOWS\system32\dllcache\msnetobj.dll
2007-08-01 13:10 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-08-01 13:10 232,960 --a--c--- C:\WINDOWS\system32\dllcache\blackbox.dll
2007-08-01 13:10 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-08-01 13:10 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-08-01 13:07 <REP> d-------- C:\Program Files\Codemasters
2007-08-01 12:16 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-08-01 12:08 <REP> d-------- C:\Program Files\THQ
2007-08-01 12:05 <REP> d-------- C:\Program Files\DAEMON Tools
2007-08-01 12:03 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-01 06:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 05:44 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-01 05:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-01 05:44 1,006 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 05:31 <REP> d--hs---- C:\WINDOWS\system32\28463
2007-08-01 04:54 <REP> d--h----- C:\WINDOWS\PIF
2007-08-01 03:00 310,272 --a------ C:\WINDOWS\system32\dllcache\winhttp.dll
2007-08-01 03:00 223,232 --a------ C:\WINDOWS\system32\qmgr.dll
2007-08-01 03:00 223,232 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2007-08-01 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-01 03:00 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-08-01 03:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-08-01 03:00 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-08-01 03:00 <REP> d-------- C:\WINDOWS\system32\bits
2007-08-01 00:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
2007-08-01 00:45 <REP> d-------- C:\Program Files\ZenGems
2007-07-31 05:45 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-31 03:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-07-31 03:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-07-31 03:03 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-31 03:01 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-31 02:59 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:59 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-31 02:59 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-31 02:59 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-31 02:59 187,160 --a------ C:\WINDOWS\system32\wuaueng1.dll
2007-07-31 02:59 170,776 --a------ C:\WINDOWS\system32\wuauclt1.exe
2007-07-31 01:17 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Symantec
2007-07-31 00:58 <REP> d-------- C:\WINDOWS\system32\NtmsData
2007-07-31 00:52 <REP> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2007-07-31 00:46 37,864 --a------ C:\WINDOWS\system32\drivers\v2imount.sys
2007-07-31 00:46 14,072 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys
2007-07-31 00:46 131,944 --a------ C:\WINDOWS\system32\drivers\symsnap.sys
2007-07-31 00:46 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys
2007-07-31 00:45 <REP> d-------- C:\Program Files\Fichiers communs\Symantec Shared


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 05:13 1604 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-06 05:13 10808 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-01 12:06 71248 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-08-01 12:06 458230 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-21 04:08 520704 --a------ C:\WINDOWS\system32\winlogon.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6e37166b-f5d7-44c2-b12e-bf3f7a20352b}]
C:\WINDOWS\system32\mciaecx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 12:57]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-02 01:17]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-07-24 07:41]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mciaecx]
mciaecx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\awtstus.dll

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R1 avipbb;avipbb;C:\WINDOWS\System32\DRIVERS\avipbb.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\System32\drivers\SCDEmu.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\System32\DRIVERS\v2imount.sys
S3 TSP;TSP;\??\C:\WINDOWS\system32\drivers\klif.sys
S3 WimFltr;WimFltr;C:\WINDOWS\System32\DRIVERS\wimfltr.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc

*Newly Created Service* - APPMGMT

Contents of the 'Scheduled Tasks' folder
2007-08-05 22:01:43 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At11.job
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 11:01:06 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 12:01:06 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 13:01:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 14:01:00 C:\WINDOWS\Tasks\At17.job
2007-08-05 15:01:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 16:01:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 23:01:01 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 17:01:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 19:01:00 C:\WINDOWS\Tasks\At22.job
2007-08-05 20:01:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 00:01:06 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 01:01:01 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 02:01:46 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 03:01:33 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 04:01:59 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 05:04:29 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 06:01:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\System32\oVurBytR.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 06:17:01
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 6:18:15
C:\ComboFix-quarantined-files.txt ... 2007-08-06 06:18
C:\ComboFix2.txt ... 2007-08-06 05:45
C:\ComboFix3.txt ... 2007-08-05 08:40

--- E O F ---

le fichier est bien infecter ma le supprimer manuelment


File oVurBytR.exe received on 08.07.2007 00:42:50 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result:
Loading server information...
Your file is queued in position: 1.
Estimated start time is between 40 and 58 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or do not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.06 -
AntiVir 7.4.0.57 2007.08.06 TR/Crypt.ULPM.Gen
Authentium 4.93.8 2007.08.06 -
Avast 4.7.1029.0 2007.08.06 -
AVG 7.5.0.476 2007.08.06 -
BitDefender 7.2 2007.08.06 GenPack:Trojan.Agent.ABJN
CAT-QuickHeal 9.00 2007.08.06 -
ClamAV 0.91 2007.08.06 -
DrWeb 4.33 2007.08.07 Trojan.DownLoader.29505
eSafe 7.0.15.0 2007.07.31 suspicious Trojan/Worm
eTrust-Vet 31.1.5037 2007.08.06 -
Ewido 4.0 2007.08.06 -
FileAdvisor 1 2007.08.07 -
Fortinet 2.91.0.0 2007.08.06 -
F-Prot 4.3.2.48 2007.08.03 -
F-Secure 6.70.13030.0 2007.08.06 -
Ikarus T3.1.1.8 2007.08.06 -
Kaspersky 4.0.2.24 2007.08.07 -
McAfee 5091 2007.08.06 -
Microsoft 1.2704 2007.08.07 -
NOD32v2 2440 2007.08.06 -
Norman 5.80.02 2007.08.06 -
Panda 9.0.0.4 2007.08.06 W32/ZlFake.A.drp
Prevx1 V2 2007.08.07 Trojan.Lozyt
Rising 19.35.02.00 2007.08.06 -
Sophos 4.19.0 2007.08.01 Mal/HckPk-A
Sunbelt 2.2.907.0 2007.08.04 -
Symantec 10 2007.08.07 -


C:\WINDOWS\System32\oVurBytR.exe moved successfully.

Created on 08/06/2007 06:25:48

bonjour



bonne ititiative  


1

repasse combofix (normalement, il prend en charge les fichiers du genre:C:\WINDOWS\Tasks\At1.job)


2

poste un nouveau log hijackthis

voila j'ai refaite le scan et ...les chose son toujours la quand je essayer de le move il existe plus >>


ComboFix 07-08-04.3 - "Administrateur" 2007-08-06 23:04:36.5 [GMT 2:00] - NTFS
Microsoft Windows XP Professionnel 5.1.2600.1.1252.1.1036.18.Vrai


((((((((((((((((((((((((( Files Created from 2007-07-06 to 2007-08-06 )))))))))))))))))))))))))))))))


2007-08-06 11:41 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-08-06 11:41 54,784 --a------ C:\WINDOWS\system32\msvci70.dll
2007-08-06 11:41 487,424 --a------ C:\WINDOWS\system32\Msvcp70.dll
2007-08-06 11:41 442,368 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-06 11:41 344,064 --a------ C:\WINDOWS\system32\Msvcr70.dll
2007-08-06 11:41 265,785 --a------ C:\WINDOWS\system32\pixomatic.dll
2007-08-06 11:41 22,016 --a------ C:\WINDOWS\system32\borlndmm.dll
2007-08-06 11:41 188,416 --a------ C:\WINDOWS\system32\eax.dll
2007-08-06 11:41 161,280 --a------ C:\WINDOWS\system32\fmod.dll
2007-08-06 11:41 1,500,160 --a------ C:\WINDOWS\system32\cc3260mt.dll
2007-08-06 11:41 1,230,336 --a------ C:\WINDOWS\system32\msxml4.dll
2007-08-06 11:41 <REP> d-------- C:\Game
2007-08-06 03:43 <REP> d-------- C:\VundoFix Backups
2007-08-06 03:41 <REP> d-------- C:\Program Files\Navilog1
2007-08-05 22:15 967,712 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-05 22:15 13,088 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-05 22:15 <REP> d-------- C:\Program Files\Kaspersky Lab
2007-08-05 08:34 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-08-05 07:15 18 --a------ C:\WINDOWS\system32\dnd8d424dd.dat
2007-08-04 10:41 <REP> d-------- C:\Program Files\eMule
2007-08-03 23:08 108,144 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-03 23:08 <REP> dr-h----- C:\DOCUME~1\ADMINI~1\APPLIC~1\SecuROM
2007-08-03 23:03 <REP> d-------- C:\Program Files\CAPCOM
2007-08-02 11:20 <REP> d-------- C:\Program Files\Microsoft Games
2007-08-02 05:51 <REP> d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Google
2007-08-02 05:50 <REP> d-------- C:\Program Files\Google
2007-08-02 02:15 <REP> d-------- C:\Soldat
2007-08-02 01:10 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-08-02 01:10 <REP> d-------- C:\Program Files\DAP
2007-08-02 01:04 <REP> d-------- C:\Program Files\Serials 2000 7.1 Plus
2007-08-01 22:39 <REP> d-------- C:\Program Files\Dolphin
2007-08-01 13:11 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2007-08-01 13:11 981,504 --a--c--- C:\WINDOWS\system32\dllcache\wmnetmgr.dll
2007-08-01 13:11 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2007-08-01 13:11 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2007-08-01 13:11 816,264 --a--c--- C:\WINDOWS\system32\dllcache\wmvdmod.dll
2007-08-01 13:11 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2007-08-01 13:11 81,408 --a--c--- C:\WINDOWS\system32\dllcache\logagent.exe
2007-08-01 13:11 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2007-08-01 13:11 760,968 --a--c--- C:\WINDOWS\system32\dllcache\wmsdmod.dll
2007-08-01 13:11 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2007-08-01 13:11 670,208 --a--c--- C:\WINDOWS\system32\dllcache\wmadmoe.dll
2007-08-01 13:11 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2007-08-01 13:11 6,656 --a--c--- C:\WINDOWS\system32\dllcache\laprxy.dll
2007-08-01 13:11 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2007-08-01 13:11 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2007-08-01 13:11 410,248 --a--c--- C:\WINDOWS\system32\dllcache\wmadmod.dll
2007-08-01 13:11 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2007-08-01 13:11 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2007-08-01 13:11 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2007-08-01 13:11 241,664 --a--c--- C:\WINDOWS\system32\dllcache\qasf.dll
2007-08-01 13:11 241,664 --a--c--- C:\WINDOWS\system32\dllcache\mpg4dmod.dll
2007-08-01 13:11 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2007-08-01 13:11 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2007-08-01 13:11 218,112 --a--c--- C:\WINDOWS\system32\dllcache\wmasf.dll
2007-08-01 13:11 218,112 --a------ C:\WINDOWS\system32\wmasf.dll
2007-08-01 13:11 2,058,888 --a--c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2007-08-01 13:11 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2007-08-01 13:11 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2007-08-01 13:10 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2007-08-01 13:10 82,432 --a--c--- C:\WINDOWS\system32\dllcache\drmstor.dll
2007-08-01 13:10 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2007-08-01 13:10 678,912 --a--c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2007-08-01 13:10 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2007-08-01 13:10 301,712 --a--c--- C:\WINDOWS\system32\dllcache\drmclien.dll
2007-08-01 13:10 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2007-08-01 13:10 253,952 --a--c--- C:\WINDOWS\system32\dllcache\msnetobj.dll
2007-08-01 13:10 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2007-08-01 13:10 232,960 --a--c--- C:\WINDOWS\system32\dllcache\blackbox.dll
2007-08-01 13:10 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2007-08-01 13:10 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2007-08-01 13:07 <REP> d-------- C:\Program Files\Codemasters
2007-08-01 12:16 <REP> d-------- C:\Program Files\Fichiers communs\DirectX
2007-08-01 12:08 <REP> d-------- C:\Program Files\THQ
2007-08-01 12:05 <REP> d-------- C:\Program Files\DAEMON Tools
2007-08-01 12:03 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-08-01 06:06 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-01 05:44 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-08-01 05:44 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-08-01 05:44 1,006 --a------ C:\WINDOWS\system32\tmp.reg
2007-08-01 05:31 <REP> d--hs---- C:\WINDOWS\system32\28463
2007-08-01 04:54 <REP> d--h----- C:\WINDOWS\PIF
2007-08-01 03:00 310,272 --a------ C:\WINDOWS\system32\dllcache\winhttp.dll
2007-08-01 03:00 223,232 --a------ C:\WINDOWS\system32\qmgr.dll
2007-08-01 03:00 223,232 --a------ C:\WINDOWS\system32\dllcache\qmgr.dll
2007-08-01 03:00 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-01 03:00 17,408 --a------ C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2007-08-01 03:00 <REP> d--h----- C:\WINDOWS\$hf_mig$
2007-08-01 03:00 <REP> d-------- C:\WINDOWS\system32\PreInstall
2007-08-01 03:00 <REP> d-------- C:\WINDOWS\system32\bits
2007-08-01 00:56 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FreshGames
2007-08-01 00:45 <REP> d-------- C:\Program Files\ZenGems
2007-07-31 05:45 <REP> d-------- C:\WINDOWS\system32\appmgmt
2007-07-31 03:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-07-31 03:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-07-31 03:03 <REP> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-07-31 03:01 <REP> d-------- C:\WINDOWS\SoftwareDistribution
2007-07-31 02:59 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-31 02:59 33,624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-31 02:59 325,976 --a------ C:\WINDOWS\system32\wucltui.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-06 11:46 3200 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-06 11:46 15128 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-01 12:06 71248 --a------ C:\WINDOWS\system32\perfc00C.dat
2007-08-01 12:06 458230 --a------ C:\WINDOWS\system32\perfh00C.dat
2007-07-21 04:08 520704 --a------ C:\WINDOWS\system32\winlogon.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-07-30 12:57]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" []
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" []
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 12:48]
"DownloadAccelerator"="C:\Program Files\DAP\DAP.exe" [2007-08-02 01:17]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2006-07-29 19:34]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-07-24 07:41]

R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R1 avipbb;avipbb;C:\WINDOWS\System32\DRIVERS\avipbb.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\System32\drivers\SCDEmu.sys
R1 ssmdrv;ssmdrv;C:\WINDOWS\System32\DRIVERS\ssmdrv.sys
R2 v2imount;Symantec V2i Mount Driver;C:\WINDOWS\System32\DRIVERS\v2imount.sys
S3 TSP;TSP;\??\C:\WINDOWS\system32\drivers\klif.sys
S3 WimFltr;WimFltr;C:\WINDOWS\System32\DRIVERS\wimfltr.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


Contents of the 'Scheduled Tasks' folder
2007-08-05 22:01:43 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 07:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 08:00:00 C:\WINDOWS\Tasks\At11.job
2007-08-06 09:00:00 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 10:00:00 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 11:00:01 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 12:00:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 13:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 14:00:00 C:\WINDOWS\Tasks\At17.job
2007-08-06 15:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 16:00:00 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-05 23:01:01 C:\WINDOWS\Tasks\At2.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 17:00:00 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 18:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 19:00:00 C:\WINDOWS\Tasks\At22.job
2007-08-06 20:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 21:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 00:01:06 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 01:01:01 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 02:01:46 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 03:01:33 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 04:01:59 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 05:00:00 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\System32\oVurBytR.exe
2007-08-06 06:00:00 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\System32\oVurBytR.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-06 23:07:42
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-06 23:08:45
C:\ComboFix-quarantined-files.txt ... 2007-08-06 23:08
C:\ComboFix2.txt ... 2007-08-06 10:04
C:\ComboFix3.txt ... 2007-08-06 06:18

--- E O F ---

re

tu ajouteras un nouveau log hijackthis, j'en ai besoin pour continuer

Logfile of HijackThis v1.99.1
Scan saved at 23:12:58, on 06/08/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\System32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe

Merci encor pour ton aide  

mon rapport hjt est clean?

re  

désinstalle antivir avec ce lien:
http://www.avira.com/en/support/av7_upgrade_tools.html

pour les restes de norton, j'ai un tool, mais il va te supprimer ghost, alors si tu as le cd de ghost, je te le passe.

1

~Double-clique sur OTMoveIt.exe afin de le lancer.

~Sélectionne TOUS les emplacements suivants :




---> Clique-droit puis Copier (ou Ctrl+C)

fais un Clique-droit sur le cadre de gauche puis choisis Coller. (ou Ctrl+V).
~Clique maintenant sur [#ff0000]MoveIt![/#f]

!! Si un fichier ou dossier ne peut être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES

~Poste le rapport situé dans ce dossier : C:\_OTMoveIt\MovedFiles\
Le nom du rapport est la date de sa création.

2

~ Télécharge Clean de Malekal
http://www.malekal.com/download/clean.zip

Enregistre-le sur ton bureau et dézippe-le
Cela va créer un dossier clean.
Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers.
Double-clic sur clean.cmd.
Un menu va apparaître, choisis l'option 1 en appuyant sur la touche 1 de ton clavier.
Clean va travailler.
Poste le contenu du rapport généré.

C:\WINDOWS\Tasks\At1.job moved successfully.
C:\WINDOWS\Tasks\At10.job moved successfully.
C:\WINDOWS\Tasks\At11.job moved successfully.
C:\WINDOWS\Tasks\At12.job moved successfully.
C:\WINDOWS\Tasks\At13.job moved successfully.
C:\WINDOWS\Tasks\At14.job moved successfully.
C:\WINDOWS\Tasks\At15.job moved successfully.
C:\WINDOWS\Tasks\At16.job moved successfully.
C:\WINDOWS\Tasks\At17.job moved successfully.
C:\WINDOWS\Tasks\At18.job moved successfully.
C:\WINDOWS\Tasks\At19.job moved successfully.
C:\WINDOWS\Tasks\At2.job moved successfully.
C:\WINDOWS\Tasks\At20.job moved successfully.
C:\WINDOWS\Tasks\At21.job moved successfully.
C:\WINDOWS\Tasks\At22.job moved successfully.
C:\WINDOWS\Tasks\At23.job moved successfully.
C:\WINDOWS\Tasks\At24.job moved successfully.
C:\WINDOWS\Tasks\At3.job moved successfully.
C:\WINDOWS\Tasks\At4.job moved successfully.
C:\WINDOWS\Tasks\At5.job moved successfully.
C:\WINDOWS\Tasks\At6.job moved successfully.
C:\WINDOWS\Tasks\At7.job moved successfully.
C:\WINDOWS\Tasks\At8.job moved successfully.
C:\WINDOWS\Tasks\At9.job moved successfully.
File/Folder C:\WINDOWS\System32\oVurBytR.exe not found.

Created on 08/07/2007 03:27:41

norton ghost je peu pas le l'auter j'ai pas le cd .
antivir je les supprimer.
et clean

Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 07/08/2007 a 3:29:21,26

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Fin du rapport !

re

bien


~Mets AVG anti-spyware à jour.

~Télécharge CCleaner:

http://www.filehippo.com/download_ccleaner/

~Lors de l'installation décoche: "Ajouter la Barre d'Outils Yahoo! Ccleaner"


1

Redémarre en mode sans échec. (f8 au démarrage)

2


~Lance CCleaner:

Clique sur le bouton chercher les erreurs, tu fais « réparer les erreurs »
Clique sur le bouton nettoyage, tu fais « lancer le nettoyage ».


3

~Lance AVG anti-spyware.

~Dans l’onglet analyse, dans Paramètre, clique sur Actions recommandées : choisis Quarantaine.

~Clique sur Analyse puis Analyse complète du système pour commencer le scan.

~Une fois que le scan est terminé, clique sur Appliquer toutes les actions, pour supprimer tous les fichiers infectés trouvés par AVG Anti-Spyware.

~Une fois que la suppression des fichiers infectés a été faite, clique sur enregistrer le rapport et sauvegarde-le sur le bureau.
~Redémarre normalement

4


~Copie/Colle le rapport AVG anti-spyware.

+++++++++++++++++++++++++++++++++
Tuto de CCleaner: (merci à Malekal) .
http://www.malekal.com/tutorial_CCleaner.html

TutoAVG antispyware : (merci à Malekal) .
http://www.malekal.com/tutorial_AVG_AntiSpyware.html

ok ma faire cclean se soir et avg je le fait a toute les soir avent de me coucher et il detecte pas grand choose o.o

ok j'ai fais cclean en mode sans echec ensuit je suis retourné en mode normal je les refaite et toute les meme erreur son revenu  

et avg antispyware je le poste demain

bonjour



des cookies, rien de grave ;-)

continue  

je parle pas des cookies mais les erreur


et le scan avg ma le faire se soir car hier j'ai oublier

Sham-rock

Je voudrai savoir si ceci est un virus ou bien un bog de kapersky

http://www.hiboox.com/lang-fr/image.php?img=z4mvts0l.jp...


et j'ai noter d'autre place

C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[2].htm
C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 21:57:08 08/08/2007

+ Résultat de l'analyse:



C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025396.exe -> Not-A-Virus.Downloader.Win32.WinFixer.q : Aucune action entreprise.
:mozilla.20:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.21:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
D:\Documents and Settings\Administrateur\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.19:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
D:\Documents and Settings\Administrateur\Cookies\administrateur@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@www.paypal[1].txt -> TrackingCookie.Paypal : Aucune action entreprise.
:mozilla.14:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.15:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.16:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
D:\Documents and Settings\Administrateur\Cookies\administrateur@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.17:C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\c7m2dqhl.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Documents and Settings\Administrateur\Cookies\administrateur@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
D:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP43\A0022315.exe -> Worm.Mytob.bt : Aucune action entreprise.


Fin du rapport

J'ai desactiver les restauration et re activer  

bonjour  



on ne le fait qu'en fin de désinfection, je ne te l'avais pas demandé.  

1



Aucune action entreprise veut dire que tu n'as pas cliquer sur "appliquer toutes les actions" en fin de scan. recommence stp.


2

Kaspersky
~Fais une analyse antivirus en ligne sur le site de Kaspersky
http://webscanner.kaspersky.fr/

~ Clique sur Online Scanner.
~Accepte l'installation du contrôle ActiveX en cliquant sur le bouton Install.

~Sélectionne le poste de travail comme analyse.

~Enregistre le rapport en cliquant sur le bouton "Enregistrer rapport sous". Nomme-le, tu feras un copier/coller dans ta prochaine réponse.
Tuto en image : http://support.kaspersky.fr/admin/u2Files/Image/webscan...

Aucune action entreprise veut dire que tu n'as pas cliquer sur "appliquer toutes les actions" en fin de scan. recommence stp.


pourquoi recommencer pour sa et de toute facon je les ai supprimer  

( j'ai sauvegarder le rapport avent de faire appliquer les action )

et le kapersky je les dans mon ordi a moins que lui du net sois meilleur

et mon auto protection ma detecter sa

Protection
----------
Total scanned: 281377
Detected: 58
Untreated: 4
Start time: 08/08/2007 08:41:39
Duration: 15:08:01


Detected
--------
Status Object
------ ------
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.kw Running module: explorer.exe\cbywwx.dll
not found: adware not-a-virus:AdWare.Win32.Virtumonde.kw File: C:\WINDOWS\cbywwx.dll
disinfected: Trojan program Trojan.Win32.Patched.af File: C:\PROGRAM FILES\JAVA\JRE1.5.0_03\BIN\JUSCHED.EXE
not found: Trojan program Trojan.Win32.Patched.af File: C:\PROGRAM FILES\POWERISO\PWRISOVM.EXE
deleted: Trojan program Trojan.Win32.Patched.af Running module: PWRISOVM.EXE\PWRISOVM.EXE
not found: adware not-a-virus:AdWare.Win32.Virtumonde.kw File: C:\Documents and Settings\Administrateur\Application Data\tmp119.tmp.exe
not found: Trojan program Trojan.Win32.Agent.aoy File: C:\Documents and Settings\Administrateur\Application Data\tmp11A.tmp.exe
deleted: malware HackTool.Win32.Hydra.d File: C:\Documents and Settings\Administrateur\Bureau\Hydra.rar\Hydra\hydra.exe
deleted: Trojan program Trojan.BAT.KillFiles.ed File: C:\Documents and Settings\Administrateur\Bureau\matrix.zip\matrix.bat
deleted: malware Flooder.Win32.VB.dr File: C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe
detected: riskware Hidden object Running process: C:\Program Files\Gpotato\Flyff\Neuz.exe
disinfected: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\slogin[1].htm
disinfected: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[2].htm
detected: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_servers[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_basic_settings[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\slogin[1].htm
disinfected: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\slogin[1].htm
detected: adware not-a-virus:AdWare.Win32.Virtumonde.ke File: C:\Documents and Settings\Administrateur\Bureau\backups\backup-20070806-033530-668.dll
deleted: Trojan program Trojan.BAT.KillFiles.ed File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0019781.bat
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.kw File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022333.dll
deleted: Trojan program Trojan.Win32.Patched.af File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022334.EXE
deleted: Trojan program Trojan.Win32.Patched.af File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022335.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.kw File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023337.exe
deleted: Trojan program Trojan.Win32.Agent.aoy File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023338.exe
deleted: malware Flooder.Win32.VB.dr File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023339.exe
deleted: malware Flooder.Win32.VB.dr File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0024340.exe
deleted: Trojan program Trojan.Win32.Agent.aoy File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025393.exe
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.kw File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025395.exe
deleted: Trojan program Trojan-Downloader.Win32.ConHook.bg File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025569.dll
deleted: Trojan program Trojan-Downloader.Win32.ConHook.bg File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025570.dll
deleted: Trojan program Trojan-Downloader.Win32.ConHook.bg File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025571.dll
deleted: Trojan program Trojan-Downloader.Win32.ConHook.bg File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025572.dll
deleted: Trojan program Trojan-Downloader.Win32.ConHook.bg File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026366.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ke File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026367.dll
deleted: adware not-a-virus:AdWare.Win32.Virtumonde.ke File: C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP48\A0032452.dll
deleted: Trojan program Backdoor.Win32.Delf.qk File: D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP14\A0005788.exe
deleted: Trojan program Backdoor.Win32.Delf.qk File: D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006975.exe
deleted: Trojan program Backdoor.Win32.Delf.qk File: D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006976.exe
deleted: Trojan program Backdoor.Win32.Delf.qk File: D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006977.exe
deleted: adware not-a-virus:AdWare.Win32.NaviPromo.gen File: E:\sauveur virus,hack,et +\navilog1\Backupnavi\jgifbfaeav.exe/PE_Patch.PECompact/PecBundle/PECompact
deleted: Trojan program Backdoor.Win32.Bifrose.aci File: E:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0020036.exe
deleted: adware not-a-virus:AdWare.Win32.Craagle.19 File: F:\craagle_1.91\craagle_1.91\Craagle.exe/UPX
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\server_manager_servers[1].htm
detected: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\ok_box[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\ok_box[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\choice_box[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\choice_box[1].htm
detected: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[2].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[2].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[3].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\choice_box[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\CAOHI3OP.htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\CAFQUXFJ.htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_add[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\ok_box[1].htm
deleted: virus Worm.Win32.Fujack.n File: C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\ok_box[1].htm


Events
------
Time Event
---- -----
05/08/2007 22:16:24 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
05/08/2007 22:20:15 Update completed successfully.
05/08/2007 22:22:43 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
05/08/2007 22:22:52 Process (PID 2004) tried to access Kaspersky Anti-Virus 6.0 process (PID 2032), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
05/08/2007 22:23:39 Process (PID 1684) tried to access Kaspersky Anti-Virus 6.0 process (PID 2836), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
05/08/2007 22:24:04 Running module explorer.exe\cbywwx.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
05/08/2007 22:24:04 Security threats have been detected. You are advised to neutralize them immediately.
05/08/2007 22:24:05 Running module explorer.exe\cbywwx.dll: is not disinfected, postponed
05/08/2007 22:24:05 File C:\WINDOWS\cbywwx.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
05/08/2007 22:24:13 File C:\PROGRAM FILES\JAVA\JRE1.5.0_03\BIN\JUSCHED.EXE: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:25:05 File C:\WINDOWS\cbywwx.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
05/08/2007 22:25:21 File C:\WINDOWS\cbywwx.dll will be deleted on system restart
05/08/2007 22:25:21 Startup object HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemOptimizer: deleted
05/08/2007 22:25:24 File C:\PROGRAM FILES\POWERISO\PWRISOVM.EXE: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:25:31 Running module explorer.exe\cbywwx.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
05/08/2007 22:25:37 File C:\PROGRAM FILES\POWERISO\PWRISOVM.EXE will be deleted on system restart
05/08/2007 22:25:37 Startup object HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\PWRISOVM.EXE: deleted
05/08/2007 22:25:39 Running module explorer.exe\cbywwx.dll: deleted
05/08/2007 22:25:39 File C:\WINDOWS\cbywwx.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
05/08/2007 22:25:41 File C:\WINDOWS\CBYWWX.DLL: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
05/08/2007 22:25:42 Running module PWRISOVM.EXE\PWRISOVM.EXE: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:25:43 Running module PWRISOVM.EXE\PWRISOVM.EXE: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:25:43 Running module PWRISOVM.EXE\PWRISOVM.EXE: is not disinfected, postponed
05/08/2007 22:25:43 File C:\Program Files\PowerISO\PWRISOVM.EXE: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:25:46 File C:\WINDOWS\CBYWWX.DLL: deleted
05/08/2007 22:25:50 Running module PWRISOVM.EXE\PWRISOVM.EXE: deleted
05/08/2007 22:25:50 File C:\Program Files\PowerISO\PWRISOVM.EXE: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:25:53 File C:\Program Files\PowerISO\PWRISOVM.EXE: deleted
05/08/2007 22:26:08 File c:\program files\java\jre1.5.0_03\bin\jusched.exe: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:26:08 File c:\program files\java\jre1.5.0_03\bin\jusched.exe: detected Trojan program Trojan.Win32.Patched.af
05/08/2007 22:26:08 File c:\program files\java\jre1.5.0_03\bin\jusched.exe: is not disinfected, postponed
05/08/2007 22:26:20 File c:\program files\java\jre1.5.0_03\bin\jusched.exe: disinfected
05/08/2007 22:31:12 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
05/08/2007 22:31:21 Process (PID 1940) tried to access Kaspersky Anti-Virus 6.0 process (PID 1972), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
05/08/2007 22:41:17 File C:\Documents and Settings\Administrateur\Application Data\tmp119.tmp.exe: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
05/08/2007 22:41:17 Security threats have been detected. You are advised to neutralize them immediately.
05/08/2007 22:41:18 File C:\Documents and Settings\Administrateur\Application Data\tmp119.tmp.exe: is not disinfected, postponed
05/08/2007 22:41:18 File C:\Documents and Settings\Administrateur\Application Data\tmp11A.tmp.exe: detected Trojan program Trojan.Win32.Agent.aoy
05/08/2007 22:41:18 File C:\Documents and Settings\Administrateur\Application Data\tmp11A.tmp.exe: is not disinfected, postponed
05/08/2007 22:50:12 File C:\Documents and Settings\Administrateur\Bureau\Hydra.rar\Hydra\hydra.exe: detected malware HackTool.Win32.Hydra.d
05/08/2007 22:50:12 Security threats have been detected. You are advised to neutralize them immediately.
05/08/2007 22:50:12 File C:\Documents and Settings\Administrateur\Bureau\Hydra.rar\Hydra\hydra.exe: is not disinfected, postponed
05/08/2007 22:50:14 File C:\Documents and Settings\Administrateur\Bureau\matrix.zip\matrix.bat: detected Trojan program Trojan.BAT.KillFiles.ed
05/08/2007 22:50:14 File C:\Documents and Settings\Administrateur\Bureau\matrix.zip\matrix.bat: is not disinfected, postponed
05/08/2007 22:50:46 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: detected malware Flooder.Win32.VB.dr
05/08/2007 22:50:46 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: is not disinfected, postponed
05/08/2007 23:42:51 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
05/08/2007 23:42:58 Security threats have been detected. You are advised to neutralize them immediately.
05/08/2007 23:43:12 Process (PID 1912) tried to access Kaspersky Anti-Virus 6.0 process (PID 1940), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
05/08/2007 23:44:51 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: detected malware Flooder.Win32.VB.dr
05/08/2007 23:44:57 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: is not disinfected, skipped by user
05/08/2007 23:45:03 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: detected malware Flooder.Win32.VB.dr
06/08/2007 02:11:53 Please restart your computer to complete the installation of new or updated protection components.
06/08/2007 02:11:54 Update error: incorrect signature.
06/08/2007 03:15:01 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: is not disinfected, skipped by user
06/08/2007 03:15:10 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: detected malware Flooder.Win32.VB.dr
06/08/2007 03:15:15 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: is not disinfected, skipped by user
06/08/2007 03:15:16 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: detected malware Flooder.Win32.VB.dr
06/08/2007 03:15:19 File C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe: deleted
06/08/2007 03:35:53 Process (PID 280) tried to access Kaspersky Anti-Virus 6.0 process (PID 1940), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 03:35:53 Process (PID 280) tried to access Kaspersky Anti-Virus 6.0 process (PID 2348), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 03:59:27 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
06/08/2007 03:59:48 Process (PID 1900) tried to access Kaspersky Anti-Virus 6.0 process (PID 1916), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 04:00:23 Security threats have been detected. You are advised to neutralize them immediately.
06/08/2007 04:01:02 Process (PID 2384) tried to access Kaspersky Anti-Virus 6.0 process (PID 1604), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 04:01:10 Process (PID 2384) tried to access Kaspersky Anti-Virus 6.0 process (PID 1916), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 04:06:26 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
06/08/2007 04:07:56 Process (PID 1856) tried to access Kaspersky Anti-Virus 6.0 process (PID 1896), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 04:08:19 Security threats have been detected. You are advised to neutralize them immediately.
06/08/2007 05:00:55 Process (PID 2492) tried to access Kaspersky Anti-Virus 6.0 process (PID 1640), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 05:00:59 Process (PID 2492) tried to access Kaspersky Anti-Virus 6.0 process (PID 1896), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 05:12:47 Kaspersky Anti-Virus 6.0 is not activated.
06/08/2007 05:14:40 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
06/08/2007 05:14:41 Security threats have been detected. You are advised to neutralize them immediately.
06/08/2007 05:14:58 Process (PID 1640) tried to access Kaspersky Anti-Virus 6.0 process (PID 1964), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 05:15:03 Process (PID 1948) tried to access Kaspersky Anti-Virus 6.0 process (PID 1964), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 06:28:54 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
06/08/2007 06:29:15 Process (PID 1836) tried to access Kaspersky Anti-Virus 6.0 process (PID 1852), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 06:29:51 Security threats have been detected. You are advised to neutralize them immediately.
06/08/2007 08:46:51 Update completed successfully.
06/08/2007 11:47:51 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
06/08/2007 11:49:19 Process (PID 1812) tried to access Kaspersky Anti-Virus 6.0 process (PID 1828), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
06/08/2007 11:49:57 Security threats have been detected. You are advised to neutralize them immediately.
06/08/2007 11:49:59 Update completed successfully.
06/08/2007 16:21:30 Update completed successfully.
06/08/2007 20:06:38 Update completed successfully.
06/08/2007 23:19:31 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
06/08/2007 23:19:58 Security threats have been detected. You are advised to neutralize them immediately.
06/08/2007 23:20:02 Update completed successfully.
07/08/2007 02:22:09 Process (PID 2324) tried to access Kaspersky Anti-Virus 6.0 process (PID 2260), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
07/08/2007 02:22:09 Process (PID 2324) tried to access Kaspersky Anti-Virus 6.0 process (PID 2584), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
07/08/2007 03:20:07 Update completed successfully.
07/08/2007 07:19:15 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
07/08/2007 09:47:56 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
07/08/2007 09:48:31 Process (PID 1628) tried to access Kaspersky Anti-Virus 6.0 process (PID 1644), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
07/08/2007 09:48:31 Process (PID 1628) tried to access Kaspersky Anti-Virus 6.0 process (PID 1004), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
07/08/2007 09:49:15 Update completed successfully.
07/08/2007 10:28:45 Running process C:\Program Files\Gpotato\Flyff\Neuz.exe: detected new variant of riskware Hidden object
07/08/2007 11:51:10 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
07/08/2007 11:52:37 Process (PID 1880) tried to access Kaspersky Anti-Virus 6.0 process (PID 1908), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
07/08/2007 11:53:11 Update completed successfully.
07/08/2007 22:01:02 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
07/08/2007 22:01:25 Process (PID 1896) tried to access Kaspersky Anti-Virus 6.0 process (PID 1912), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
07/08/2007 22:01:39 Process (PID 2192) tried to access Kaspersky Anti-Virus 6.0 process (PID 1912), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
07/08/2007 22:01:57 Update completed successfully.
08/08/2007 08:41:38 A full computer scan has never been performed. You are advised to perform a full scan as soon as possible.
08/08/2007 08:43:06 Process (PID 1896) tried to access Kaspersky Anti-Virus 6.0 process (PID 1932), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
08/08/2007 08:43:29 Update completed successfully.
08/08/2007 10:12:55 Process (PID 1624) tried to access Kaspersky Anti-Virus 6.0 process (PID 1932), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
08/08/2007 10:12:55 Process (PID 1624) tried to access Kaspersky Anti-Virus 6.0 process (PID 1556), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
08/08/2007 10:55:48 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\slogin[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 10:55:48 Security threats have been detected. You are advised to neutralize them immediately.
08/08/2007 10:56:38 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\slogin[1].htm: disinfected
08/08/2007 10:58:40 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[2].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 10:58:40 Security threats have been detected. You are advised to neutralize them immediately.
08/08/2007 10:58:55 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[2].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 10:58:57 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[2].htm: disinfected
08/08/2007 10:58:58 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 10:58:58 Security threats have been detected. You are advised to neutralize them immediately.
08/08/2007 10:59:33 Process (PID 3184) tried to access Kaspersky Anti-Virus 6.0 process (PID 1932), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
08/08/2007 10:59:33 Process (PID 3184) tried to access Kaspersky Anti-Virus 6.0 process (PID 1556), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
08/08/2007 10:59:35 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm cannot be deleted
08/08/2007 11:02:50 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 11:03:17 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 11:03:59 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm cannot be deleted
08/08/2007 11:04:00 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_servers[1].htm cannot be deleted
08/08/2007 11:05:50 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 11:06:14 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_servers[1].htm: deleted
08/08/2007 11:06:14 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_basic_settings[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 11:06:18 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_basic_settings[1].htm: deleted
08/08/2007 11:32:49 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\slogin[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 11:34:32 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\slogin[1].htm: deleted
08/08/2007 11:58:06 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\slogin[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 12:00:08 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\slogin[1].htm: is not disinfected, skipped by user
08/08/2007 12:04:44 File C:\Documents and Settings\Administrateur\Bureau\backups\backup-20070806-033530-668.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.ke
08/08/2007 12:04:44 Security threats have been detected. You are advised to neutralize them immediately.
08/08/2007 12:43:29 Update completed successfully.
08/08/2007 16:43:18 Update completed successfully.
08/08/2007 20:43:17 Update completed successfully.
08/08/2007 21:54:50 File C:\Documents and Settings\Administrateur\Bureau\backups\backup-20070806-033530-668.dll cannot be deleted
08/08/2007 21:55:01 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0019781.bat: detected Trojan program Trojan.BAT.KillFiles.ed
08/08/2007 21:55:14 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0019781.bat: deleted
08/08/2007 21:55:14 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022333.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
08/08/2007 21:55:25 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022333.dll: deleted
08/08/2007 21:55:25 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022334.EXE: detected Trojan program Trojan.Win32.Patched.af
08/08/2007 21:55:31 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022334.EXE: deleted
08/08/2007 21:55:31 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022335.exe: detected Trojan program Trojan.Win32.Patched.af
08/08/2007 21:55:34 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022335.exe: deleted
08/08/2007 21:55:34 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023337.exe: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
08/08/2007 21:55:38 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023337.exe: deleted
08/08/2007 21:55:38 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023338.exe: detected Trojan program Trojan.Win32.Agent.aoy
08/08/2007 21:55:45 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023338.exe: deleted
08/08/2007 21:55:45 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023339.exe: detected malware Flooder.Win32.VB.dr
08/08/2007 21:55:49 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023339.exe: deleted
08/08/2007 21:55:49 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0024340.exe: detected malware Flooder.Win32.VB.dr
08/08/2007 21:55:50 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0024340.exe: deleted
08/08/2007 21:55:51 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025393.exe: detected Trojan program Trojan.Win32.Agent.aoy
08/08/2007 21:55:55 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025393.exe: deleted
08/08/2007 21:55:55 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025395.exe: detected adware not-a-virus:AdWare.Win32.Virtumonde.kw
08/08/2007 21:55:57 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025395.exe: deleted
08/08/2007 21:55:57 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025569.dll: detected Trojan program Trojan-Downloader.Win32.ConHook.bg
08/08/2007 21:56:04 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025569.dll: deleted
08/08/2007 21:56:05 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025570.dll: detected Trojan program Trojan-Downloader.Win32.ConHook.bg
08/08/2007 21:56:06 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025570.dll: deleted
08/08/2007 21:56:06 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025571.dll: detected Trojan program Trojan-Downloader.Win32.ConHook.bg
08/08/2007 21:56:07 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025571.dll: deleted
08/08/2007 21:56:07 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025572.dll: detected Trojan program Trojan-Downloader.Win32.ConHook.bg
08/08/2007 21:56:08 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025572.dll: deleted
08/08/2007 21:56:08 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026366.dll: detected Trojan program Trojan-Downloader.Win32.ConHook.bg
08/08/2007 21:56:12 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026366.dll: deleted
08/08/2007 21:56:12 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026367.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.ke
08/08/2007 21:56:12 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026367.dll: deleted
08/08/2007 21:56:12 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP48\A0032452.dll: detected adware not-a-virus:AdWare.Win32.Virtumonde.ke
08/08/2007 21:56:12 File C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP48\A0032452.dll: deleted
08/08/2007 21:56:12 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP14\A0005788.exe: detected Trojan program Backdoor.Win32.Delf.qk
08/08/2007 21:56:13 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP14\A0005788.exe: deleted
08/08/2007 21:56:13 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006975.exe: detected Trojan program Backdoor.Win32.Delf.qk
08/08/2007 21:56:14 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006975.exe: deleted
08/08/2007 21:56:14 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006976.exe: detected Trojan program Backdoor.Win32.Delf.qk
08/08/2007 21:56:14 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006976.exe: deleted
08/08/2007 21:56:14 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006977.exe: detected Trojan program Backdoor.Win32.Delf.qk
08/08/2007 21:56:15 File D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006977.exe: deleted
08/08/2007 21:56:15 File E:\sauveur virus,hack,et +\navilog1\Backupnavi\jgifbfaeav.exe/PE_Patch.PECompact/PecBundle/PECompact: detected adware not-a-virus:AdWare.Win32.NaviPromo.gen
08/08/2007 21:56:28 File E:\sauveur virus,hack,et +\navilog1\Backupnavi\jgifbfaeav.exe: deleted
08/08/2007 21:56:28 File E:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0020036.exe: detected Trojan program Backdoor.Win32.Bifrose.aci
08/08/2007 21:56:28 File E:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0020036.exe: deleted
08/08/2007 21:56:28 File F:\craagle_1.91\craagle_1.91\Craagle.exe/UPX: detected adware not-a-virus:AdWare.Win32.Craagle.19
08/08/2007 21:56:29 File F:\craagle_1.91\craagle_1.91\Craagle.exe: deleted
08/08/2007 22:12:02 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:12:07 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[1].htm cannot be deleted
08/08/2007 22:12:49 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:12:50 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\server_manager_servers[1].htm: deleted
08/08/2007 22:13:22 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\ok_box[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:13:34 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\ok_box[1].htm: is not disinfected, skipped by user
08/08/2007 22:13:39 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\ok_box[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:13:40 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\ok_box[1].htm: deleted
08/08/2007 22:13:45 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\choice_box[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:13:46 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\choice_box[1].htm: deleted
08/08/2007 22:14:01 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\choice_box[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:14:02 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\choice_box[1].htm: deleted
08/08/2007 22:14:05 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[2].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:14:09 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[2].htm: is not disinfected, skipped by user
08/08/2007 22:14:55 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:14:56 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm cannot be deleted
08/08/2007 22:15:24 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[2].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:15:25 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[2].htm: deleted
08/08/2007 22:15:58 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\slogin[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:15:59 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\slogin[1].htm: deleted
08/08/2007 22:16:02 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[3].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:02 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[3].htm: deleted
08/08/2007 22:16:05 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\choice_box[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:05 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\choice_box[1].htm: deleted
08/08/2007 22:16:06 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\CAOHI3OP.htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:07 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\CAOHI3OP.htm: deleted
08/08/2007 22:16:08 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\CAFQUXFJ.htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:08 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\CAFQUXFJ.htm: deleted
08/08/2007 22:16:09 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_add[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:10 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_add[1].htm: deleted
08/08/2007 22:16:11 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\ok_box[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:11 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\ok_box[1].htm: deleted
08/08/2007 22:16:14 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\ok_box[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:14 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\ok_box[1].htm: deleted
08/08/2007 22:16:15 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[1].htm: detected virus Worm.Win32.Fujack.n
08/08/2007 22:16:16 File C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[1].htm: deleted
08/08/2007 23:10:30 Process (PID 3416) tried to access Kaspersky Anti-Virus 6.0 process (PID 1932), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.
08/08/2007 23:10:30 Process (PID 3416) tried to access Kaspersky Anti-Virus 6.0 process (PID 1556), but it has been blocked. This is Self-Defense monitoring, and you do not need to do anything.


Reports
-------
Task Status Start Finish Size
---- ------ ----- ------ ----
Proactive Defense running 08/08/2007 08:41:39 0 bytes
Update completed 08/08/2007 08:43:07 08/08/2007 08:43:29 13.6 KB
File Anti-Virus running 08/08/2007 08:43:06 47.8 MB
Mail Anti-Virus running 08/08/2007 08:43:06 0 bytes
Web Anti-Virus running 08/08/2007 08:43:06 1.7 MB
Scan Startup Objects completed 08/08/2007 08:45:22 08/08/2007 09:03:47 1.6 MB
User Scan completed 08/08/2007 11:06:44 08/08/2007 11:06:44 4.3 KB
User Scan completed 08/08/2007 11:06:50 08/08/2007 11:06:50 4.3 KB
Update completed 08/08/2007 12:43:08 08/08/2007 12:43:28 11.4 KB
Update completed 08/08/2007 16:43:08 08/08/2007 16:43:18 12.0 KB
Update completed 08/08/2007 20:43:07 08/08/2007 20:43:17 13.7 KB


Quarantine
----------
Status Object Size Added
------ ------ ---- -----


Backup
------
Status Object Size
------ ------ ----
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\ok_box[1].htm 6.6 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\choice_box[1].htm 6.6 KB
Infected: adware not-a-virus:AdWare.Win32.NaviPromo.gen E:\sauveur virus,hack,et +\navilog1\Backupnavi\jgifbfaeav.exe 325 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_basic_settings[1].htm 44.1 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm 11.6 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\server_manager_servers[1].htm 11.0 KB
Infected: Trojan program Trojan-Downloader.Win32.ConHook.bg C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025571.dll 13 KB
Infected: Trojan program Trojan.BAT.KillFiles.ed C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0019781.bat 1 MB
Infected: virus Worm.Win32.Fujack.n c:\documents and settings\administrateur\local settings\temporary internet files\content.ie5\4b1h5ex0\slogin[1].htm 2.7 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\CAFQUXFJ.htm 6.6 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.kw C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025395.exe 121.8 KB
Infected: Trojan program Trojan.Win32.Agent.aoy C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023338.exe 57.4 KB
Infected: Trojan program Trojan.Win32.Patched.af C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022335.exe 44.1 KB
Infected: Trojan program Backdoor.Win32.Delf.qk D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006977.exe 1.2 MB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\CAOHI3OP.htm 6.6 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.ke C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP48\A0032452.dll 90.6 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_servers[1].htm 11.6 KB
Infected: Trojan program Backdoor.Win32.Delf.qk D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP14\A0005788.exe 513.2 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.kw C:\WINDOWS\cbywwx.dll 128.4 KB
Infected: Trojan program Backdoor.Win32.Bifrose.aci E:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP35\A0020036.exe 28.4 KB
Infected: Trojan program Backdoor.Win32.Delf.qk D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006975.exe 513.2 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\96IAIPH2\slogin[1].htm 2.7 KB
Infected: adware not-a-virus:AdWare.Win32.Craagle.19 F:\craagle_1.91\craagle_1.91\Craagle.exe 377.5 KB
Infected: Trojan program Trojan.BAT.KillFiles.ed c:\documents and settings\administrateur\bureau\matrix.zip 30.0 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.kw explorer.exe\cbywwx.dll 379.4 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.kw C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023337.exe 121.8 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.ke C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026367.dll 90.6 KB
Infected: Trojan program Trojan.Win32.Agent.aoy C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP45\A0025393.exe 57.4 KB
Infected: Trojan program Trojan.Win32.Patched.af c:\program files\java\jre1.5.0_03\bin\jusched.exe 44.1 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[2].htm 11 KB
Infected: Trojan program Trojan.Win32.Patched.af PWRISOVM.EXE\PWRISOVM.EXE 228 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.kw C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022333.dll 128.4 KB
Infected: adware not-a-virus:AdWare.Win32.Virtumonde.kw C:\WINDOWS\CBYWWX.DLL 128.4 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\choice_box[1].htm 6.7 KB
Infected: Trojan program Trojan.Win32.Patched.af C:\PROGRAM FILES\POWERISO\PWRISOVM.EXE 204 KB
Infected: Trojan program Trojan-Downloader.Win32.ConHook.bg C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0026366.dll 13 KB
Infected: Trojan program Trojan.Win32.Patched.af C:\Program Files\PowerISO\PWRISOVM.EXE 204 KB
Infected: Trojan program Trojan-Downloader.Win32.ConHook.bg C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025569.dll 13 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\QRE3054L\server_manager_servers[1].htm 10.4 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\ok_box[1].htm 6.6 KB
Infected: Trojan program Backdoor.Win32.Delf.qk D:\System Volume Information\_restore{63C70821-3489-4685-A8CC-0D7CF7BA4003}\RP19\A0006976.exe 513.2 KB
Infected: malware Flooder.Win32.VB.dr C:\Documents and Settings\Administrateur\Bureau\TeamSpeak Chaos v 1.0.exe 152 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\ok_box[1].htm 6.6 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\4B1H5EX0\server_manager_add[1].htm 10.3 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\server_manager_servers[1].htm 11.6 KB
Infected: Trojan program Trojan-Downloader.Win32.ConHook.bg C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025572.dll 13 KB
Infected: malware Flooder.Win32.VB.dr C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0024340.exe 152 KB
Infected: malware HackTool.Win32.Hydra.d c:\documents and settings\administrateur\bureau\hydra.rar 1 MB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[3].htm 7.0 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\slogin[1].htm 2.7 KB
Infected: Trojan program Trojan-Downloader.Win32.ConHook.bg C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP46\A0025570.dll 13 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\choice_box[1].htm 6.7 KB
Infected: malware Flooder.Win32.VB.dr C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0023339.exe 152 KB
Infected: virus Worm.Win32.Fujack.n C:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\J3AYYTWL\index[2].htm 7.0 KB
Infected: Trojan program Trojan.Win32.Patched.af C:\System Volume Information\_restore{9A7B9E5F-80BD-4A8F-B44A-7D7297673691}\RP44\A0022334.EXE 204 KB

re



celui du net n'est pas meilleur mais je ne retrouve pas dans ton rapport:


je verrai ces 4 "Untreated" dans un scan online et on pourra les supprimer autrement (si besoin)

Je suis en train de faire l'analyse :S en 2h = 36% mais bon je continue