Impossible to permanently remove viruses "Crypt-HMZ[Troj]" & "MalOb-BZ[Cryp]"

[ginkos]

Hello

When i do a scan Avast always find between 3 and 6 files infected.
I choose to remove, but when i restart windows XP (sp3) and i do a new scan the same result :
between 3 and 6 files infected (the same).
Crypt-HMZ[Troj]" & "MalOb-BZ[Cryp]    (.exe)

I tried to do in window XP without failure but infected files always here ...

What can i do ?
Thanks

[SafeSurf]

Hello ginkos and welcome to the forum. 

What is your OS (32 or 64-bit)?
What version of Avast do you have and what product (Free, Pro, or AIS)?

Was this a Full Avast scan you did?  The last 3 are just system restore, so don't worry about them.  However is everything from your screen shot in the Virus Chest?

[SafeSurf]

What is your OS (32 or 64-bit)?
What version of Avast do you have and what product (Free, Pro, or AIS)?

1.  I also recommend you clean up your machine next with CCleaner Slim version, which you can download here: http://www.piriform.com/ccleaner/builds - scroll down to the 4th choice.  It removes unused files (cache, temporary Internet files, etc.) from your system allowing Windows to run faster and freeing up valuable hard disk space.  It also cleans traces of your online activities such as your Internet history.  

2.  Then download TFC by OldTimer to your desktop.
http://www.geekstogo.com/forum/files/file/187-tfc-temp-file-cleaner-by-oldtimer/
·    Please double-click TFC.exe to run it.  (Note: If you are running on Vista or Win7, right-click on the file and choose Run As Administrator).
·    It will close all programs when running, so make sure you have saved all your work before you begin.
·    Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.  Let it run uninterrupted to completion.
·    Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

3.  After the cleaning process above and rebooting, then you are ready to download and run MBAM (Malwarebytes’ Anti-Malware to check for malware:
·    Download free http://www.malwarebytes.org/ for an on-demand scanner.
·    Double Click mbam-setup.exe to install the application.
·    After install, click update so you have latest database before scanning.
·    Under Settings:
o    General: Automatically Save File After Scan Completes is checked off
o    Scanner Settings:  Check all boxes
o    Updater: Download and install update if available is checked off
·    Once the program has loaded, select "Perform FULL Scan", then click Scan.
·    The scan may take some time to finish, so please be patient.
·    When the disinfection scan is complete, a log will appear in Notepad and you may be prompted to Restart. (See Extra Note).
·    Click the “remove selected” button to quarantine anything found.  You will find the infection details under the Quarantine tab.
·    The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
·    Copy & Paste the entire report in your next reply.

Please let me know if you have any questions.  Thank you.  

[ginkos]

Hello

Thank you :

What is your OS (32 or 64-bit)?
 ==> 32 bit
What version of Avast do you have and what product (Free, Pro, or AIS)?
==> Free (up to date)

Was this a Full Avast scan you did?  The last 3 are just system restore, so don't worry about them.  However is everything from your screen shot in the Virus Chest?
==> I did simple scan and depht scan :The result is always the same :
between 3 and 6 infected files :I choose "delete definitively" but when i restard windows and i'm doing a new scan : Avast steel find the same infected files...

==> I already have Ccleaner and i already did cleanup but no result

==>==> i will install Malwarebytes and report here soon
Thank you

[SafeSurf]

==> 32 bit
==> Free

==> I did simple scan and depht scan :The result is always the same :
between 3 and 6 infected files :I choose "delete definitively" but when i restard windows and i'm doing a new scan : Avast steel find the same infected files...

You need to update Avast again, run a FULL scan, but this time do NOT delete...you need to put the items infected into quarantine so they stay in the Virus Chest.  You want to KEEP them safely in the Virus Chest for now; they are safe there.  Avast may be finding the infected files until we take care of your System Restore, but I want to see your MBAM log first.

After doing your MBAM scan, please copy and paste your MBAM log for me to review.  Make sure if any infection comes up during the scan, that you put it into quarantine.

Let me know if you have any questions.  Thank you.

[ginkos]

Thank you i did scan with malwarebytes and he find 2 infected files i deleted them, the logs are :

==============Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

15/09/2010 19:59:40
mbam-log-2010-09-15 (19-59-40).txt

Type d'examen: Examen rapide
Elément(s) analysé(s): 111618
Temps écoulé: 12 minute(s), 43 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\PMN\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
=====================
===============
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Version de la base de données: 4052

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

16/09/2010 19:39:21
mbam-log-2010-09-16 (19-39-21).txt

Type d'examen: Examen complet (C:\|D:\|)
Elément(s) analysé(s): 178395
Temps écoulé: 57 minute(s), 16 seconde(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 2

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe (Adware.WhenU) -> Delete on reboot.
C:\Program Files\SagePaie\pmswd32b.dll (Trojan.BHO) -> Delete on reboot.
================
after this the scan show 0 virus/malware

Malwarebyte seem to delete the virus because he find nothing and avast scan dont find anything no infected file...But :

I have another problem:i can not install new software on my PC with XP SP3 error I can not create temporary file.
So I changed the environment variable temp file but this did not change the directory is always read-only.
 
So I thought it came from the antivirus, so I deleted and reinstalled from a setup file that I already had.
But after installing Avast can not start, when I look in service and I try to start it by hand I have the error:
Error 1068 the service or group failed to start dependency.


I did another scan whith AVP tool on usb key (because i can not install anything on the hard drive c )and he find nothing else
Is this a virus? I spent malwarebytes without matches.
 
I never sow a windows system in with the hard drive is blocked on read only ... I think is a virus conséquences but i don't know what can i do now ... I can't reinstall windows XP cause it a netbook without CD player ...

For you it a virus or a windows bug or maybe a sequele of all the scan with anti virus or anti malware ?

thanks


Thank you

[SafeSurf]

You are unable to install anything at this point?

Can you turn on Windows Defender (the Windows antivirus) if Avast is not working?  You will need to update the definitions and change it to Resident (on all the time) if Avast is not working so that you have antivirus protection.

I think your problems are related to malware and because malware may have caused changes in your system.  I am going to refer you to our Certified Malware Removal expert named Essexboy.  He will contact you here in this thread, so keep checking the thread for his post.  He will give you instructions on things to do and post.

Check the information on the first post of this thread under Virus/Worms for you to check your machine for malware: http://forum.avast.com/index.php?topic=53253.0. 

If you are able to download, follow the directions of obtaining the OTL logs.  Post the two (2) OTL log as an attachment (Additional Options > Attach > Browse (the logs will be on your desktop > Post).  If you are unable to do this, then just wait for Essexboy to help you. 

In the meantime, do not make any changes to your machine other than what I stated above.  I will still be here to assist you.  Let me know if you have any questions.  Thank you.

[!Donovan]

C: \ Program Files \ DaemonTools_WhenUSave_Installer \ DaemonTools_WhenUSave_Installer.exe (Adware.WhenU) -> Delete on reboot.

This was addware auto-checked when you installed DaemonTools. For more information, go here:
http://answers.yahoo.com/question/index?qid=20071130175309AAKfzJR

The Wot scorecard:
http://www.mywot.com/en/scorecard/daemon-tools.cc


C: \ Program Files \ SagePaie \ pmswd32b.dll (Trojan.BHO) -> Delete on reboot.
I can't find anything about that.


C: \ Documents and Settings \ PMN \ oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
Malwarebytes has a topic on that:
http://forums.malwarebytes.org/index.php?showtopic=22953

English MBAM Log Below.

[SafeSurf]

@ ginkos,

Could you please answer and respond to my last post.  I have sent a message to Essexboy and I need to know if you are able to download anything (like OTL to make a log).

Did you turn on Windows Defender in the meantime (see my last post)?  Let me know if you have any questions.  Thank you.

Thank you Donovansrb10 for your helpful information. 

[ginkos]

Big Thanks!
It s strange but i can download OTL.exe by rename in OTL.jpg and i can run it after on my pc !
But nothing was found :

========================
http://quentin.leo.free.fr/logs/OTL.Txt
========================

And Avast can not start, the microsoft anti virus can not install the same problem with all antivirus:

[SafeSurf]

There should be two (2) OTL logs, and I only see one log.  Do you have another log somewhere?

Also, since Avast is not working, did you turn on Windows Defender (WD) and update the definitions and make it Resident -- you NEED an antivirus!

I will have Essexboy look at your OTL log.  Thank you.

[essexboy]

Hi lets jump in with the big boys first I feel - we will look at OTL later

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Extract its contents to your desktop.
• Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  
  
  
  
  
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
  
  
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
  
  
  
  
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
  
  
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

THEN

Download ComboFix from one of these locations:


Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you.  Please include the C:\ComboFix.txt in your next reply.

[ginkos]

thanks a lot for all your help but i can not execute like many ohter downwload tools ... :
maybee malware defender bug my windows because he always ask me autorisation to execute something...
I thinks its a windows bug and not a virus ...

I will format c: soon


thank again

[essexboy]

OK that was not promising - this is a .com programme so if you use Firefox right click and select save as

Download OTS to your Desktop and double-click on it to run it

• Make sure you close all other programs and don't use the PC while the scan runs.
  
• Select All Users
  
• Under additional scans select the following

Reg - NetSvcs
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
File - Purity Scan

• Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
  
• When the scan is complete Notepad will open with the report file loaded in it.
• Please attach the log in your next post.

[ginkos]

After delete malware defender i can executre tdskiller :

=================

2010/10/02 06:50:50.0843   TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/10/02 06:50:50.0843   ================================================================================
2010/10/02 06:50:50.0843   SystemInfo:
2010/10/02 06:50:50.0843   
2010/10/02 06:50:50.0843   OS Version: 5.1.2600 ServicePack: 3.0
2010/10/02 06:50:50.0843   Product type: Workstation
2010/10/02 06:50:50.0843   ComputerName: ACER
2010/10/02 06:50:50.0843   UserName: PMN
2010/10/02 06:50:50.0843   Windows directory: C:\WINDOWS
2010/10/02 06:50:50.0843   System windows directory: C:\WINDOWS
2010/10/02 06:50:50.0843   Processor architecture: Intel x86
2010/10/02 06:50:50.0843   Number of processors: 2
2010/10/02 06:50:50.0843   Page size: 0x1000
2010/10/02 06:50:50.0843   Boot type: Normal boot
2010/10/02 06:50:50.0843   ================================================================================
2010/10/02 06:50:51.0562   Initialize success
2010/10/02 06:50:58.0468   ================================================================================
2010/10/02 06:50:58.0468   Scan started
2010/10/02 06:50:58.0468   Mode: Manual;
2010/10/02 06:50:58.0468   ================================================================================
2010/10/02 06:50:59.0921   a2acc           (2d1e1a70041319338035c3df51bfd200) C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys
2010/10/02 06:51:00.0000   a2injectiondriver (b4fba42bdd499eb94423166d65b67b93) C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys
2010/10/02 06:51:00.0046   a2util          (2da26eb05b5495d3b2ee36456c239fb7) C:\Program Files\Emsisoft Anti-Malware\a2util32.sys
2010/10/02 06:51:00.0218   abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/10/02 06:51:00.0359   ACPI            (e5e6dbfc41ea8aad005cb9a57a96b43b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/02 06:51:00.0578   ACPIEC          (e4abc1212b70bb03d35e60681c447210) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2010/10/02 06:51:00.0734   adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/10/02 06:51:00.0812   aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/10/02 06:51:00.0906   AFD             (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
2010/10/02 06:51:00.0953   agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/02 06:51:01.0031   agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/10/02 06:51:01.0078   Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/10/02 06:51:01.0140   aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/10/02 06:51:01.0203   aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/10/02 06:51:01.0265   AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/10/02 06:51:01.0312   alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
...
2010/10/02 06:51:11.0015   splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/02 06:51:11.0156   sptd            (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2010/10/02 06:51:11.0156   Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2010/10/02 06:51:11.0171   sptd - detected Locked file (1)
2010/10/02 06:51:11.0218   sr              (39626e6dc1fb39434ec40c42722b660a) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/02 06:51:11.0312   Srv             (3bb03f2ba89d2be417206c373d2af17c) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/02 06:51:11.0406   streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/10/02 06:51:11.0468   swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/02 06:51:11.0515   swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/02 06:51:11.0593   symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/10/02 06:51:11.0625   symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/10/02 06:51:11.0671   sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/10/02 06:51:11.0734   sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/10/02 06:51:11.0796   SynTP           (60cd166ae4261920b4008a1a114ae97c) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2010/10/02 06:51:11.0843   sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/02 06:51:11.0968   Tcpip           (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/02 06:51:12.0140   TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/02 06:51:12.0218   TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/02 06:51:12.0359   TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/02 06:51:12.0453   TosIde          (b411668322c3bf4e690888706b999679) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/10/02 06:51:12.0562   Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/02 06:51:12.0609   ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/10/02 06:51:12.0671   Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/02 06:51:12.0781   usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/02 06:51:12.0859   usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/02 06:51:12.0906   usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/02 06:51:12.0968   USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/02 06:51:13.0015   usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/02 06:51:13.0062   usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/10/02 06:51:13.0093   VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/10/02 06:51:13.0171   viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/10/02 06:51:13.0218   ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/10/02 06:51:13.0265   VolSnap         (46de1126684369bace4849e4fc8c43ca) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/02 06:51:13.0343   Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/02 06:51:13.0421   Wdf01000        (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
2010/10/02 06:51:13.0515   wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/02 06:51:13.0640   WmiAcpi         (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2010/10/02 06:51:13.0734   WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/10/02 06:51:13.0859   ================================================================================
2010/10/02 06:51:13.0859   Scan finished
2010/10/02 06:51:13.0859   ================================================================================
2010/10/02 06:51:13.0890   Detected object count: 1
2010/10/02 06:51:24.0484   Locked file(sptd) - User select action: Skip
2010/10/02 06:52:08.0656   ================================================================================
2010/10/02 06:52:08.0656   Scan started
2010/10/02 06:52:08.0656   Mode: Manual;
2010/10/02 06:52:08.0656   ================================================================================
2010/10/02 06:52:09.0187   Scan interrupted by user!
2010/10/02 06:52:09.0187   Scan interrupted by user!
2010/10/02 06:52:09.0187   ================================================================================
2010/10/02 06:52:09.0187   Scan finished
2010/10/02 06:52:09.0187   ================================================================================
2010/10/02 06:52:19.0234   Deinitialize success
=======================

And and dont know why, but after this I was able to properly remove avast and i decide to install another antivirus (Gdata).

And he find something in c:\System Volume Information sorry but i dont where i can find  this log ...
After delete it my pc seems normal i can doing defragmentation for exemple ...
Just my windows looking slower maybe its gdata who slow down my notebook ...

Tkank angain i dont know if i'd better to stay with gdata or if i reinstall avast ...