Log HijackThis #2
Salut,
Le PC d´un pote rame à mort. Il est bien infecté, c´est certain. Je ne souhaite pas installer Antivir sur le PC. Vu qu´il rame, j´ose pas installer le SP2.
Voici le log HijackThis :
Logfile of HijackThis v1.99.1
Scan saved at 16:37:14, on 24/08/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MioNet\MioNetManager.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MioNet\jvm\bin\MioNet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\System32\WService.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
7.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G
oogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Philips\SPC 200NC PC Camera\TrayMin200.exe
C:\WINDOWS\System32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\HijackThis\scanner.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.packardbell.fr/center
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [WService] WService.EXE
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [cFosInst_Check] "C:\WINDOWS\cFosOEM\cfosinst.exe" -install -inplace -checkisdn -noport
O4 - HKLM\..\Run: [HPDJ Taskbar Utility]
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb0
7.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Philips SPC 200NC PC Camera
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [zzzHPSETUP] Q:\Setup.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [else title axis deaf] C:\Documents and Settings\All Users\Application Data\Extra Cash Else Title\DeleteBike.exe
O4 - HKLM\..\Run: [YeppStudioAgent] C:\Program
Files\Samsung\SamsungMediaStudio4.1\SamsungMediaSt
udioAgent.exe
O4 - HKLM\..\Run: [VCSPlayer] "C:\Program Files\Virtual CD v4 SDK\system\vcsplay.exe"
O4 - HKLM\..\Run: [zzz_ImInstaller_IncrediMail]
C:\DOCUME~1\Franck\LOCALS~1\Temp\ImInstaller\Incre
diMail\incredimail_install[1].exe -startup -product IncrediMail
O4 - HKCU\..\Run: [PreAnnotate] C:\WINDOWS\System32\PreAnntt.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Documents and Settings\Mélody\Mes documents\Mes fichiers reçus\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [swg] C:\Program
Files\Google\GoogleToolbarNotifier\1.2.1128.5462\G
oogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Update Service] "C:\Program Files\Fichiers communs\Teknum Systems\update.exe" /startup
O4 - HKCU\..\Run: [Second Software] C:\DOCUME~1\Franck\APPLIC~1\Web4live\jugs camp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Instant Access] C:\WINDOWS\System32\linkprd.exe /res
O4 - Global Startup: AOL Compagnon.lnk = C:\Program Files\AOL Compagnon\companion.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O4 - Global Startup: TrayMin300.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Recherche AOL Toolbar - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra ´Tools´ menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Packard Bell - {1D49B7D4-524D-4ac9-BC34-B4822CAE4BB1} - C:\Apps\IECustom\script.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra ´Tools´ menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ´Tools´ menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .au: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
O12 - Plugin for .wav: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=www.packardbell.fr/center
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04F414E9-E352-4BC3-963D-7BFE5A5F31A9} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1064_XP.cab
O16 - DPF: {0878F049-D33E-45E0-A157-C36A6683CF25} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1063_XP.cab
O16 - DPF: {1CD4E2DC-2DA0-4154-8723-38CB04FB6A58} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1062_XP.cab
O16 - DPF: {201B9B37-848F-40BD-90EA-7B8F0AA89D6A} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1071_em_XP.cab
O16 - DPF: {321F38B6-7E5F-470E-B58C-927523B7AF92} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1069_em_XP.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5F4D3335-3194-4167-85AE-E7325F2695EF} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1068_em_XP.cab
O16 - DPF: {82FC4503-8459-4239-9B85-0617BEAA950A} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1061_XP.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {AA59202C-5E41-48FC-AF7D-324F5FD6A9F1} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1070_em_XP.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CB5D474E-A510-40A4-B5A4-838933BCBA64} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1065_XP.cab
O16 - DPF: {FA1D6D8F-C6ED-4752-8512-A33283240130} -
http://scripts.dlv4.com/binaries/egaccess4/egaccess4_1066_XP.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: rdihost - {24BFB9B3-9C12-4A3E-A4C5-2C0487936400} - rdihost.dll (file missing)
O21 - SSODL: syshelps - {D307CEBF-76FB-484A-9EF1-80DA37B34012} - syshelps.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\FICHIE~1\AOL\ACS\AOLacsd.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: B´s Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MioNet Service (MioNet) - Unknown owner - C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Virtual CD v4 Security service (SDK - Version) (VCSSecS) - H+H Software GmbH - C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
Merci d´avance.
EvilElf youhou 
http://www.hijackthis.de/fr
Tiens, copie colle ton log ici, tu sauras ce qu´il faut supprimer ou pas.
Ouahoo 
Schinken ca pourra m´aider si j´ai une cochonnerie sur le pc 
!! ! beaucoup
Je ne fais pas confiance à ton site. Je préfère qu´EvilElf regarde.
Tu fais ce que tu veux, ce n´est pas mon problème.
Je préfère regarder sur le site officiel, là où des milliers d´utilisateurs postent leurs avis sur les éventuels adware, que "EvilElf" que je ne connais pas, mais après, chacun son problème, tu es libre de faire ce que tu veux avec ta bouche.
Je fais totalement confiance à EvilElf.
Salut,
Il est vrai que ce robot peut nous aider à y voir plus clair (pour la présentation par exemple, c´est plus lisible) mais il ne remplace en aucun cas les aptitudes de l´utilisateur 
Infection Magic.Control (par Instant Access), mais c´est inutile de commencer la désinfection si le système n´est pas à jour, car il va se faire réinfecter.
Alors commence par ça.
Ce robot plus un peu de bon sens sont fiables.
Après il est vrai que le bon sens, ça ne s´achète pas en magasin.
Si je mets que le SP2, c´est bon ?
Antivir n´est pas aussi simple qu´Avast. A l´époque, j´ai préféré leur mettre ça que de laisser Norton.
Oui installe le SP2 et fais une mise à jour via windows update.
http://www.update.microsoft.com/microsoftupdate/v6/default.aspx?ln=fr
Ok, je vais faire ça. J´ai été chercher le PC pour le nettoyer chez moi.
Okay ça marche, moi je sors en ville, je te répond plus tard 
Ensuite comme tu connais un peu mes méthodes,
Télécharge GenProc de jean-chretien1 et narco4 sur ton bureau et dézippe le:
http://www.alt-shift-return.org/Info/Fichiers/GenProc.zip
Puis double-clique sur GenProc.bat et Poste le contenu du rapport qui s´ouvre.
Ne l´utilise qu´une seule fois !! Pour ne pas brouiller les résultats. Si le rapport te semble normal (c´est surement le cas), suis la procédure indiqué ! Et oui, certains outils ne sont à utiliser qu´en cas d´infection sinon ils risquent de provoquer des erreurs ...
Bon courage ++ 
Bah, je suis en train de faire un peu le tri. Je suis en train de scanner le disque dur avec Antivir. 41% et j´en suis à 19 détections 
SP2 installé, pas encore les mises à jour.
Antivir vient de me trouver rdihost.dll qui fait parti de l´infection albumphoto 
Avast me l´avait même pas dit ce "MODERE".
Je ne t´ai pas encore demandé de faire une analyse mais bon.
AntiVir PersonalEdition Classic
Report file date: vendredi 24 août 2007 23:16
Scanning for 1033687 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Franck
Computer name: SN4823587185
Version information:
BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00
AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14
AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54
LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04
LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58
ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 21:14:56
ANTIVIR2.VDF : 6.39.1.15 1451008 Bytes 17/08/2007 21:14:56
ANTIVIR3.VDF : 6.39.1.42 93184 Bytes 24/08/2007 21:14:56
AVEWIN32.DLL : 7.4.0.60 2716160 Bytes 24/08/2007 21:14:57
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26
AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 24/08/2007 21:14:58
AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08
AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05
AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42
RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18
RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42
Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: R:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 24 août 2007 23:16
The scan of running processes will be started
Scan process ´avscan.exe´ - ´1´ Module(s) have been scanned
Scan process ´avcenter.exe´ - ´1´ Module(s) have been scanned
Scan process ´avgnt.exe´ - ´1´ Module(s) have been scanned
Scan process ´avguard.exe´ - ´1´ Module(s) have been scanned
Scan process ´sched.exe´ - ´1´ Module(s) have been scanned
Scan process ´TrayMin200.exe´ - ´1´ Module(s) have been scanned
Scan process ´iexplore.exe´ - ´1´ Module(s) have been scanned
Scan process ´GoogleToolbarNotifier.exe´ - ´1´ Module(s) have been scanned
Scan process ´iexplore.exe´ - ´1´ Module(s) have been scanned
Scan process ´hpgs2wnf.exe´ - ´1´ Module(s) have been scanned
Scan process ´AOLDial.exe´ - ´1´ Module(s) have been scanned
Scan process ´zlmczawdnq.exe´ - ´1´ Module(s) have been scanned
Scan process ´vcsplay.exe´ - ´1´ Module(s) have been scanned
Scan process ´jusched.exe´ - ´1´ Module(s) have been scanned
Scan process ´osd.exe´ - ´1´ Module(s) have been scanned
Scan process ´Traymon.exe´ - ´1´ Module(s) have been scanned
Scan process ´hpgs2wnd.exe´ - ´1´ Module(s) have been scanned
Scan process ´VM_STI.EXE´ - ´1´ Module(s) have been scanned
Scan process ´hpztsb07.exe´ - ´1´ Module(s) have been scanned
Scan process ´MMKeybd.exe´ - ´1´ Module(s) have been scanned
Scan process ´WService.exe´ - ´1´ Module(s) have been scanned
Scan process ´wmiprvse.exe´ - ´1´ Module(s) have been scanned
Scan process ´msdtc.exe´ - ´1´ Module(s) have been scanned
Scan process ´explorer.exe´ - ´1´ Module(s) have been scanned
Scan process ´alg.exe´ - ´1´ Module(s) have been scanned
Scan process ´WTSrv.exe´ - ´1´ Module(s) have been scanned
Scan process ´wanmpsvc.exe´ - ´1´ Module(s) have been scanned
Scan process ´vcssecs.exe´ - ´1´ Module(s) have been scanned
Scan process ´wdfmgr.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´slserv.exe´ - ´1´ Module(s) have been scanned
Scan process ´nvsvc32.exe´ - ´1´ Module(s) have been scanned
Scan process ´mdm.exe´ - ´1´ Module(s) have been scanned
Scan process ´CDAC11BA.EXE´ - ´1´ Module(s) have been scanned
Scan process ´bgsvcgen.exe´ - ´1´ Module(s) have been scanned
Scan process ´AOLacsd.exe´ - ´1´ Module(s) have been scanned
Scan process ´nhksrv.exe´ - ´1´ Module(s) have been scanned
Scan process ´spoolsv.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´svchost.exe´ - ´1´ Module(s) have been scanned
Scan process ´lsass.exe´ - ´1´ Module(s) have been scanned
Scan process ´services.exe´ - ´1´ Module(s) have been scanned
Scan process ´winlogon.exe´ - ´1´ Module(s) have been scanned
Scan process ´csrss.exe´ - ´1´ Module(s) have been scanned
Scan process ´smss.exe´ - ´1´ Module(s) have been scanned
48 processes with 48 modules were scanned
Start scanning boot sectors:
Boot sector ´C:\´
[NOTE] No virus was found!
Boot sector ´A:\´
[NOTE] In the drive ´A:\´ no data medium is inserted!
Boot sector ´D:\´
[NOTE] No virus was found!
Starting to scan the registry.
C:\Documents and Settings\All Users\Application Data\Extra Cash Else Title\DeleteBike.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Documents and Settings\All Users\Application Data\Extra Cash Else Title\DeleteBike.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
C:\Documents and Settings\Franck\Application Data\Web4live\jugs camp.exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\linkprd.exe
[DETECTION] Contains signature of the dial-up program DIAL/148200.A
[INFO] The file was moved to ´473d4b9c.qua´!
C:\WINDOWS\system32\linkprd.exe
[DETECTION] Contains signature of the dial-up program DIAL/148200.A
The registry was scanned ( ´29´ files ).
Starting the file scan:
Begin scan in ´C:\´ <HDD>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Extra Cash Else Title\DeleteBike.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\Documents and Settings\All Users\Application Data\Extra Cash Else Title\jump save.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´473c4c62.qua´!
C:\Documents and Settings\Dominique\Local Settings\Temp\Répertoire temporaire 1 pour photo album.zip\photo album2007.pif
[DETECTION] Is the Trojan horse TR/Agent.24772
[INFO] The file was moved to ´473e4c99.qua´!
C:\Documents and Settings\Dominique\Local Settings\Temp\Répertoire temporaire 2 pour photo album.zip\photo album2007.pif
[DETECTION] Is the Trojan horse TR/Agent.24772
[INFO] The file was moved to ´4652a33e.qua´!
C:\Documents and Settings\Dominique\Local Settings\Temporary Internet
Files\Content.IE5\T1WVMRTT\SpywareSecure_trial_set
up[1].exe
[DETECTION] Is the Trojan horse TR/FakeAV.15.B
[INFO] The file was moved to ´47484ca3.qua´!
C:\Documents and Settings\Franck\Application Data\Web4live\bait bore phone loud.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47384cb8.qua´!
C:\Documents and Settings\Franck\Application Data\Web4live\ltgotnho.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47364ccc.qua´!
C:\Documents and Settings\Franck\Application Data\Web4live\start name 32.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47304ccc.qua´!
C:\Documents and Settings\Franck\Application Data\Web4live\zakullhp.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´473a4cba.qua´!
C:\Documents and Settings\Franck\Local Settings\Temp\bis1A0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47424cdf.qua´!
C:\Documents and Settings\Franck\Local Settings\Temp\sta2D0.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47304cee.qua´!
C:\Documents and Settings\Franck\Local Settings\Temp\TFR20A.tmp
[0] Archive type: CAB (Microsoft)
--> knock.png
[WARNING] No further files can be extracted from this archive. The archive will be closed
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\Documents and Settings\Mélody\Local Settings\Temp\ICD1.tmp\sysia32svc.dll
[DETECTION] Contains signature of the dial-up program DIAL/32768.A.11
[INFO] The file was moved to ´47424ed4.qua´!
C:\Documents and Settings\Mélody\Local Settings\Temp\ICD2.tmp\IaLdr32.exe
[DETECTION] Contains signature of the dial-up program DIAL/170041.A
[INFO] The file was moved to ´471b4ebc.qua´!
C:\Program Files\Adverts\uninst.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´473850dc.qua´!
C:\Program Files\MailSkinner\MailSkinner.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to ´4738529d.qua´!
C:\Program Files\MailSkinner\OLSkinner.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to ´47225289.qua´!
C:\Program Files\Masta\Films_filles18ans.exe
[DETECTION] Contains signature of the dial-up program DIAL/61208.A
[INFO] The file was moved to ´473b52a6.qua´!
C:\Program Files\Montorgueil\videoshard\videoshard.exe
[DETECTION] Is the Trojan horse TR/Dialer.EG.17
[INFO] The file was moved to ´47335322.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145817-113.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4732546a.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145817-605.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4732546b.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145817-940.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4659be48.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-238.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4732546c.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-246.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4659be49.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-397.dl
l
[DETECTION] Is the Trojan horse TR/Dialer.PC
[INFO] The file was moved to ´4732546e.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-506.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4732546d.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-616.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4659be4a.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-697.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4659be4b.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-725.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4732546f.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145818-862.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4659be54.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145819-657.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´47325471.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145819-777.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´47325470.qua´!
C:\RECYCLER\S-1-5-21-2826650621-4036164967-2552189
465-1009\Dc6\backups\backup-20060227-145819-962.dl
l
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4659be55.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283010.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47015560.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283011.exe
[DETECTION] Contains signature of the dial-up program DIAL/148200.A
[INFO] The file was moved to ´47015561.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283013.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´466bb1c6.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283014.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47015562.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283015.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´466bb1c7.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283016.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47015563.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283017.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´466bb1c0.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283018.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to ´47015565.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283019.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to ´47015564.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283020.dll
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to ´466bb1c1.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283021.exe
[DETECTION] Contains signature of the dial-up program DIAL/61208.A
[INFO] The file was moved to ´47015566.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283022.exe
[DETECTION] Is the Trojan horse TR/Dialer.EG.17
[INFO] The file was moved to ´466bb1c2.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283023.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´47015567.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283024.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´466bb1cc.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283025.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´466bb1c3.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283026.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´466bb1c5.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283027.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4701556c.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283028.dll
[DETECTION] Is the Trojan horse TR/Dialer.PC
[INFO] The file was moved to ´47015569.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283029.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´466bb1ce.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283030.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4701556b.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283031.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´466bb1c8.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283032.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´47015568.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283033.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´466bb1cd.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283034.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4701556a.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283035.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´466bb1cf.qua´!
C:\System Volume
Information\_restore{FDEA97FB-BD50-4158-A992-24ACB
5B7B525}\RP69\A0283036.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4701556d.qua´!
C:\WINDOWS\Bernadette.dll
[DETECTION] Contains signature of the dial-up program DIAL/79872.A.7
[INFO] The file was moved to ´474155af.qua´!
C:\WINDOWS\photo album.zip
[0] Archive type: ZIP
--> photo album2007.pif
[DETECTION] Is the Trojan horse TR/Agent.24772
[INFO] The file was moved to ´473e55b5.qua´!
C:\WINDOWS\photos.zip
[0] Archive type: ZIP
--> webcam_photos-2007-06.scr
[DETECTION] Contains a signature of the (dangerous) backdoor program BDS/Bifrose.NU Backdoor server programs
[INFO] The file was moved to ´46568c12.qua´!
C:\WINDOWS\System32mwsrvacc.exe
[DETECTION] Contains signature of the dial-up program DIAL/161048.A
[INFO] The file was moved to ´474255ca.qua´!
C:\WINDOWS\System32prosvsys.exe
[DETECTION] Contains signature of the dial-up program DIAL/159592.A
[INFO] The file was moved to ´462a8c6f.qua´!
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\es.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB833987$\sxs.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\browser.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308387$\spuninst\spuninst.
exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308402$\spcmdcon.sys
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308402$\srrstr.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308402$\spuninst\spuninst.
exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308677$\userenv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308677$\spuninst\spuninst.
exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308678$\msobmain.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ308678$\spuninst\spuninst.
exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\netsetup.exe
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\ssdpapi.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\ssdpsrv.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\upnp.dll
[WARNING] The file could not be opened!
C:\WINDOWS\$NtUninstallQ315000$\spuninst\spuninst.
exe
[WARNING] The file could not be opened!
C:\WINDOWS\system32\egaccess4_1059.dll
[DETECTION] Is the Trojan horse TR/Dialer.PC
[INFO] The file was moved to ´4730585d.qua´!
C:\WINDOWS\system32\egaccess4_1060.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4730585e.qua´!
C:\WINDOWS\system32\EGDACCESS_1067.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´4713583f.qua´!
C:\WINDOWS\system32\EGDACCESS_1068.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´467a8764.qua´!
C:\WINDOWS\system32\EGDACCESS_1073.dll
[DETECTION] Contains signature of the dial-up program DIAL/EDGACCESS.5
[INFO] The file was moved to ´47135840.qua´!
C:\WINDOWS\system32\icpldrvx.exe
[DETECTION] Is the Trojan horse TR/Spy.Banker.cda
[INFO] The file was moved to ´473f5865.qua´!
C:\WINDOWS\system32\prodsrvs.exe
[DETECTION] Contains signature of the dial-up program DIAL/170041.A
[INFO] The file was moved to ´473e58a2.qua´!
C:\WINDOWS\system32\rdihost.dll
[DETECTION] Is the Trojan horse TR/Agent.22016.6
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\syshelps.dll
[DETECTION] Contains signature of the worm WORM/IRCBot.23016
[WARNING] An error has occurred and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\WINDOWS\system32\sysiasvc32.dll
[DETECTION] Contains signature of the dial-up program DIAL/32768.A.10
[INFO] The file was moved to ´47425941.qua´!
C:\WINDOWS\system32\tommynub
[DETECTION] Is the Trojan horse TR/Dldr.Ftp.I
[INFO] The file was moved to ´473c593b.qua´!
C:\WINDOWS\Temp\NSIS_SpywareSecure_trial_setup.exe
[DETECTION] Contains signature of the dropper DR/NaviPromo.AO.29
[INFO] The file was moved to ´4718597a.qua´!
Begin scan in ´A:\´
Search path A:\ could not be opened!
Le périphérique n´est pas prêt.
Begin scan in ´D:\´
Begin scan in ´Q:\´
Search path Q:\ could not be opened!
Le périphérique n´est pas prêt.
Begin scan in ´R:\´
Search path R:\ could not be opened!
Le périphérique n´est pas prêt.
End of the scan: samedi 25 août 2007 00:18
Used time: 1:02:41 min
The scan has been done completely.
6236 Scanning directories
225085 Files were scanned
77 viruses and/or unwanted programs were found
4 classified as suspicious:
0 files were deleted
0 files were repaired
73 files were moved to quarantine
0 files were renamed
49 Files cannot be scanned
225004 Files not concerned
8998 Archives were scanned
55 Warnings
1 Notes
0 Hidden objects were found
- Aide à l'achat Mac
- Création de sites web
- Internet
- Macintosh
- Création de Jeux
- Linux
- Programmation
- Steam Deck
- Hardware