Bonjours a vous. si quelqu'un pourrait regarder mon rapport car j'ai vu que quand on avait un virus il fallait faire un rapport alors c'est ce que j'ai fait.
Voici mon rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:10, on 26/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utilisateur\Bureau\lois\logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bodyidol] C:\DOCUME~1\UTILIS~1\APPLIC~1\REGSGR~1\Mix itch great.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/p [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD28968C-854D-4633-8442-C29A2213D518}: NameServer = 192.168.1.1,208.67.222.0,208.67.220.220
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
End of file - 9196 bytes
Bonjour,
Télécharge Lop S&D.exe (Eric_71) sur ton Bureau.
- Lance l'installation du programme en exécutant le fichier téléchargé.
- Double-clique maintenant sur le raccourci de LopS&D.
- Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
- Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
- Poste le rapport généré (C:\lopR.txt*)
(Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
* le nom de la partition peut changer
Message édité par Angeldark le 26-08-2008 à 17:52:17
Répondre à Angeldark
ok je fait sa tout de suite désole pour le retard
--------------------\\ Lop S&D 4.2.3-4 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.40GHz )
Default System BIOS
USER : Thomas ( Administrator )
BOOT : Normal boot
"C:\Lop SD" ( MAJ : 23-08-2008|10:35 )
Option : [1] ( 26/08/2008|18:39 )
--------------------\\ Listing des dossiers dans APPLIC~1
[16/11/2004|23:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[16/11/2004|23:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/12/2007|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
[21/11/2006|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\118300.34
[16/02/2006|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/07/2006|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[24/12/2007|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[16/08/2007|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[24/12/2006|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/10/2007|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[16/11/2004|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[14/07/2007|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/07/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[24/12/2006|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/08/2008|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/12/2005|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[02/08/2008|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/11/2004|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/02/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[03/01/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[11/12/2006|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[13/02/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[19/05/2008|23:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rkfree
[09/10/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[09/10/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[13/01/2006|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[13/03/2008|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[20/02/2006|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\tons jump rdr remote
[30/06/2006|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[02/03/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/11/2006|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[16/11/2004|23:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/11/2004|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[16/02/2006|19:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[09/01/2007|07:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM
[16/08/2007|11:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Ahead
[14/01/2007|20:15] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
[09/02/2007|16:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\ATI
[23/01/2007|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Azureus
[05/02/2006|20:37] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent
[09/10/2007|10:33] C:\DOCUME~1\UTILIS~1\APPLIC~1\Canon
[14/09/2006|17:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\DeepBurner
[16/11/2004|23:14] C:\DOCUME~1\UTILIS~1\APPLIC~1\desktop.ini
[08/02/2007|16:39] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dev-Cpp
[12/03/2008|13:27] C:\DOCUME~1\UTILIS~1\APPLIC~1\DonationCoder
[10/11/2007|17:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
[04/02/2006|13:37] C:\DOCUME~1\UTILIS~1\APPLIC~1\eConf
[13/03/2008|13:13] C:\DOCUME~1\UTILIS~1\APPLIC~1\Eltima Software
[15/02/2006|16:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
[14/02/2008|21:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\gtk-2.0
[03/08/2005|13:10] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help
[16/11/2004|23:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[18/12/2004|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\InterVideo
[03/01/2008|22:14] C:\DOCUME~1\UTILIS~1\APPLIC~1\KompoZer
[21/11/2006|21:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Lavasoft
[16/02/2006|19:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech
[14/05/2007|18:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire
[13/01/2006|17:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[16/11/2004|23:14] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[15/03/2006|13:34] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla
[18/01/2006|19:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\MSNInstaller
[03/01/2008|11:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\Nero
[15/03/2006|13:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\Notepad++
[15/03/2007|13:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Nvu
[02/04/2008|21:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\OpenOffice.org2
[11/12/2006|12:50] C:\DOCUME~1\UTILIS~1\APPLIC~1\PlayFirst
[03/06/2007|12:39] C:\DOCUME~1\UTILIS~1\APPLIC~1\QuickZip45.ini
[19/12/2004|16:06] C:\DOCUME~1\UTILIS~1\APPLIC~1\Real
[20/02/2006|10:59] C:\DOCUME~1\UTILIS~1\APPLIC~1\regs grim pop
[09/10/2007|10:29] C:\DOCUME~1\UTILIS~1\APPLIC~1\ScanSoft
[15/11/2006|21:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\Shareaza
[29/12/2007|13:31] C:\DOCUME~1\UTILIS~1\APPLIC~1\smc
[22/01/2006|12:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[13/01/2006|17:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\Symantec
[15/03/2006|13:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Talkback
[27/02/2007|20:58] C:\DOCUME~1\UTILIS~1\APPLIC~1\teamspeak2
[11/05/2007|19:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
[13/02/2008|21:20] C:\DOCUME~1\UTILIS~1\APPLIC~1\Winamp
[09/11/2006|21:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[26/08/2008 10:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[24/05/2002|18:32] C:\Program Files\Accessoires
[27/10/2005|17:55] C:\Program Files\Activision
[04/07/2006|13:10] C:\Program Files\Adobe
[27/08/2006|21:38] C:\Program Files\Alwil Software
[24/12/2006|15:21] C:\Program Files\Apple Software Update
[16/08/2007|10:49] C:\Program Files\AskTBar
[14/09/2006|17:17] C:\Program Files\Astonsoft
[11/02/2006|13:41] C:\Program Files\Atari
[09/02/2007|16:45] C:\Program Files\ATI Technologies
[25/04/2008|23:26] C:\Program Files\AvantGo Connect
[16/11/2004|23:23] C:\Program Files\AviSynth 2.5
[11/03/2008|22:35] C:\Program Files\Aya Software
[15/01/2006|11:16] C:\Program Files\AZPR
[18/05/2006|20:27] C:\Program Files\BitComet
[14/12/2005|18:51] C:\Program Files\BoontyGames
[06/09/2006|17:56] C:\Program Files\Broderbund
[09/11/2006|21:16] C:\Program Files\BubbleBall
[05/03/2006|10:09] C:\Program Files\Canon
[12/03/2007|12:50] C:\Program Files\CCleaner
[24/06/2006|22:44] C:\Program Files\CDisplay
[24/05/2002|18:32] C:\Program Files\CHAT
[29/04/2008|16:34] C:\Program Files\CodeBlocks
[25/04/2008|23:26] C:\Program Files\Common Files
[16/11/2004|23:20] C:\Program Files\ComPlus Applications
[01/11/2007|13:15] C:\Program Files\CVF
[24/03/2007|19:21] C:\Program Files\DAEMON Tools
[24/03/2007|19:22] C:\Program Files\DaemonTools_WhenUSave_Installer
[25/03/2005|16:22] C:\Program Files\Dark Omen
[21/11/2006|11:40] C:\Program Files\Defenza
[24/05/2002|19:37] C:\Program Files\desktop.ini
[05/12/2004|17:54] C:\Program Files\Diablo II
[24/05/2002|19:38] C:\Program Files\DirectX
[29/01/2006|19:14] C:\Program Files\DivX
[09/02/2007|16:13] C:\Program Files\Doom 3
[19/03/2005|14:33] C:\Program Files\DOOM Collector's Edition
[14/01/2006|00:21] C:\Program Files\eMule
[27/03/2008|12:16] C:\Program Files\eRightSoft
[16/08/2008|18:28] C:\Program Files\Everest Poker
[24/05/2002|18:32] C:\Program Files\Fichiers communs
[17/04/2008|12:16] C:\Program Files\Flash Movie Player
[24/05/2002|19:37] C:\Program Files\folder.htt
[17/08/2008|20:07] C:\Program Files\Full Tilt Poker
[06/11/2006|17:29] C:\Program Files\GameHouse
[21/02/2005|22:50] C:\Program Files\GameSpy Arcade
[29/01/2006|19:15] C:\Program Files\Google
[10/01/2007|17:11] C:\Program Files\Hotbar
[24/11/2004|03:01] C:\Program Files\InstallShield Installation Information
[24/05/2002|18:32] C:\Program Files\Internet Explorer
[18/12/2004|20:51] C:\Program Files\InterVideo
[24/12/2006|15:20] C:\Program Files\InterVideo Information Service
[21/02/2006|10:06] C:\Program Files\Inventel
[13/03/2008|12:54] C:\Program Files\IVCsoft
[29/01/2006|19:05] C:\Program Files\IZArc
[22/01/2006|12:07] C:\Program Files\Java
[17/11/2004|01:14] C:\Program Files\Kaspersky Lab
[05/01/2005|20:49] C:\Program Files\K-Lite Codec Pack
[24/11/2004|02:59] C:\Program Files\KONAMI
[07/03/2007|15:24] C:\Program Files\Lavasoft
[23/02/2005|17:02] C:\Program Files\Logitech
[16/11/2004|23:20] C:\Program Files\Messenger
[01/08/2008|10:35] C:\Program Files\Messenger Plus! Live
[30/11/2005|19:08] C:\Program Files\Micro Application
[25/04/2008|23:24] C:\Program Files\Microsoft ActiveSync
[05/03/2008|15:21] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[16/11/2004|23:25] C:\Program Files\microsoft frontpage
[24/12/2007|10:01] C:\Program Files\Microsoft Games
[10/02/2005|09:39] C:\Program Files\Microsoft Office
[05/04/2008|19:48] C:\Program Files\Microsoft Visual Studio
[08/02/2007|17:30] C:\Program Files\Microsoft Visual Studio 8
[05/04/2008|19:49] C:\Program Files\Microsoft Works
[08/02/2007|17:31] C:\Program Files\Microsoft.NET
[16/11/2004|23:22] C:\Program Files\Movie Maker
[15/03/2006|13:34] C:\Program Files\Mozilla Firefox
[05/04/2008|19:48] C:\Program Files\MSBuild
[16/11/2004|23:19] C:\Program Files\MSN
[16/11/2004|23:20] C:\Program Files\MSN Gaming Zone
[24/06/2006|12:35] C:\Program Files\MSN Messenger
[25/12/2006|00:34] C:\Program Files\MSXML 4.0
[26/08/2008|10:15] C:\Program Files\Navilog1
[25/04/2008|23:27] C:\Program Files\Navman
[24/05/2002|18:32] C:\Program Files\NetMeeting
[02/04/2006|09:28] C:\Program Files\NewDotNet
[15/03/2006|13:18] C:\Program Files\Notepad++
[15/03/2007|13:44] C:\Program Files\Nvu
[08/04/2006|23:56] C:\Program Files\OneClick
[16/11/2004|23:20] C:\Program Files\Online Services
[02/04/2008|16:09] C:\Program Files\OpenOffice.org 2.4
[26/02/2007|07:30] C:\Program Files\OrangeHSS
[24/05/2002|18:32] C:\Program Files\Outlook Express
[10/07/2008|20:30] C:\Program Files\PartyGaming
[24/05/2002|18:32] C:\Program Files\PLUS!
[10/07/2008|21:53] C:\Program Files\PokerStars
[08/07/2008|19:12] C:\Program Files\PokerStrategy
[29/12/2005|15:19] C:\Program Files\PopCap Games
[14/11/2005|11:21] C:\Program Files\PowerPoint Viewer
[04/01/2006|15:26] C:\Program Files\QuickTime
[19/12/2004|16:06] C:\Program Files\Real
[21/02/2005|21:40] C:\Program Files\ReflexiveArcade
[18/08/2008|03:30] C:\Program Files\regs grim pop
[21/02/2005|21:40] C:\Program Files\Ricochet Xtreme
[19/05/2008|23:00] C:\Program Files\RKFree
[24/05/2002|19:41] C:\Program Files\S3INC
[26/02/2007|18:16] C:\Program Files\SAGEM
[09/10/2007|10:29] C:\Program Files\ScanSoft
[16/04/2007|18:16] C:\Program Files\Seagrand
[24/05/2002|18:36] C:\Program Files\Services en ligne
[15/11/2006|21:17] C:\Program Files\Shareaza
[24/10/2005|18:50] C:\Program Files\Sierra On-Line
[17/11/2004|00:25] C:\Program Files\SiS7012
[25/12/2007|21:23] C:\Program Files\SlySoft
[07/12/2004|17:52] C:\Program Files\Sports Interactive
[18/07/2006|19:29] C:\Program Files\StealthBot
[30/01/2006|07:27] C:\Program Files\Steam
[20/02/2008|10:51] C:\Program Files\StuffPlug3
[27/02/2007|20:35] C:\Program Files\Teamspeak2_RC2
[29/07/2006|19:48] C:\Program Files\TechnoMage
[29/12/2005|15:19] C:\Program Files\Trymedia
[08/01/2008|20:12] C:\Program Files\TuxType
[07/01/2006|22:07] C:\Program Files\Ubisoft
[08/06/2007|17:35] C:\Program Files\UltimateZip 2007
[24/05/2002|19:36] C:\Program Files\Uninstall Information
[12/03/2008|13:26] C:\Program Files\URLSnooper2
[16/01/2005|10:37] C:\Program Files\Viable Software Alternatives
[11/05/2007|19:21] C:\Program Files\VideoLAN
[12/01/2006|22:44] C:\Program Files\Wanadoo
[02/03/2005|10:51] C:\Program Files\Warcraft III
[06/09/2006|17:57] C:\Program Files\Web Publish
[12/04/2006|15:59] C:\Program Files\Webcamfirst
[13/02/2008|21:20] C:\Program Files\Winamp
[14/02/2008|20:57] C:\Program Files\Windows Live
[21/04/2008|22:55] C:\Program Files\Windows Live Safety Center
[24/12/2006|14:16] C:\Program Files\Windows Media Connect 2
[24/05/2002|18:32] C:\Program Files\Windows Media Player
[10/02/2005|09:40] C:\Program Files\Windows Messaging
[16/11/2004|23:19] C:\Program Files\Windows NT
[16/11/2004|23:23] C:\Program Files\WindowsUpdate
[15/01/2006|11:19] C:\Program Files\WinRAR
[23/06/2006|23:46] C:\Program Files\WinZip
[16/11/2004|23:25] C:\Program Files\xerox
[08/03/2008|21:05] C:\Program Files\Xi
[16/01/2006|18:51] C:\Program Files\Yahoo!
[29/12/2005|21:01] C:\Program Files\Zuma Deluxe
[09/11/2006|21:23] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[31/05/2006|22:21] C:\Program Files\Fichiers communs\Adobe
[04/07/2006|13:13] C:\Program Files\Fichiers communs\Adobe Systems Shared
[08/02/2007|17:30] C:\Program Files\Fichiers communs\Designer
[03/05/2006|12:25] C:\Program Files\Fichiers communs\DirectX
[21/02/2006|10:06] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[26/02/2007|07:30] C:\Program Files\Fichiers communs\France Telecom
[24/11/2004|02:58] C:\Program Files\Fichiers communs\InstallShield
[22/01/2006|12:05] C:\Program Files\Fichiers communs\Java
[23/02/2005|17:03] C:\Program Files\Fichiers communs\Logitech
[14/12/2005|18:52] C:\Program Files\Fichiers communs\Macrovision Shared
[08/02/2007|17:30] C:\Program Files\Fichiers communs\Merge Modules
[24/05/2002|18:32] C:\Program Files\Fichiers communs\Microsoft Shared
[16/11/2004|23:22] C:\Program Files\Fichiers communs\MSSoap
[03/01/2008|11:19] C:\Program Files\Fichiers communs\Nero
[08/03/2008|20:12] C:\Program Files\Fichiers communs\NSV
[16/11/2004|23:15] C:\Program Files\Fichiers communs\ODBC
[19/12/2004|16:06] C:\Program Files\Fichiers communs\Real
[09/10/2007|10:29] C:\Program Files\Fichiers communs\ScanSoft Shared
[24/05/2002|18:35] C:\Program Files\Fichiers communs\SERVICES
[16/11/2004|23:15] C:\Program Files\Fichiers communs\SpeechEngines
[13/01/2006|17:12] C:\Program Files\Fichiers communs\Symantec Shared
[24/05/2002|18:33] C:\Program Files\Fichiers communs\SYSTEM
[24/12/2006|15:20] C:\Program Files\Fichiers communs\Ulead
[02/03/2008|10:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[09/11/2006|20:41] C:\Program Files\Fichiers communs\Wise Installation Wizard
[10/03/2008|18:58] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 44 Processus )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 18:43:58
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:14][D:2]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:15][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:105][D:4]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
--------------------\\ Fin du rapport a 18:46:03
Re,
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :
C:\DOCUME~1\UTILIS~1\APPLIC~1\REGSGR~1
|
- Relance Lop S&D.
- Choisis cette fois-ci l'option 4 (LopScript). Une page blanche va s'ouvrir, colle (Ctrl+V) le texte précedemment copié.
- Ferme cette page, il te sera demandé de l'enregistrer, accepte.
! Ne ferme pas la fenêtre lors de la suppression !
- Poste le rapport généré (C:\lopR.txt*)
(Si le Bureau ne réapparaît pas, presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
* le nom de la partition peut changer
Répondre à Angeldark
--------------------\\ Lop S&D 4.2.3-4 XP/Vista
Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 2
X86-based PC ( Uniprocessor Free : Intel(R) Celeron(R) CPU 2.40GHz )
Default System BIOS
USER : Thomas ( Administrator )
BOOT : Normal boot
"C:\Lop SD" ( MAJ : 23-08-2008|10:35 )
Option : [4] ( 26/08/2008|19:53 )
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ Lop Script
C:\DOCUME~1\UTILIS~1\APPLIC~1\REGSGR~1
C:\DOCUME~1\ALLUSE~1\APPLIC~1\tons jump rdr remote
C:\DOCUME~1\UTILIS~1\APPLIC~1\regs grim pop
C:\Program Files\Hotbar
C:\Program Files\NewDotNet
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION
Supprime! - C:\DOCUME~1\UTILIS~1\APPLIC~1\REGSGR~1
Supprime! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\tons jump rdr remote
Supprime! - C:\Program Files\Hotbar
Supprime! - C:\Program Files\NewDotNet
\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
--------------------\\ Listing des dossiers dans APPLIC~1
[16/11/2004|23:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
[16/11/2004|23:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft
[25/12/2007|21:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.zreglib
[21/11/2006|11:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\118300.34
[16/02/2006|19:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
[04/07/2006|13:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
[24/12/2007|10:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Age of Empires 3
[16/08/2007|11:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ahead
[24/12/2006|15:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
[09/10/2007|10:32] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CanonBJ
[16/11/2004|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
[14/07/2007|17:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
[17/07/2008|18:24] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Grisoft
[24/12/2006|15:20] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
[26/08/2008|16:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
[14/12/2005|18:52] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Macrovision
[02/08/2008|17:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Messenger Plus!
[16/11/2004|23:14] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
[08/02/2007|17:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
[03/01/2008|11:19] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
[11/12/2006|12:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PlayFirst
[13/02/2008|15:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\QTSBandwidthCache
[19/05/2008|23:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rkfree
[09/10/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
[09/10/2007|10:29] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
[13/01/2006|17:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
[13/03/2008|13:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
[30/06/2006|08:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
[02/03/2008|10:57] C:\DOCUME~1\ALLUSE~1\APPLIC~1\WLInstaller
[09/11/2006|21:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Zylom
[16/11/2004|23:14] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft
[16/11/2004|23:14] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft
[16/02/2006|19:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Adobe
[09/01/2007|07:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\AdobeUM
[16/08/2007|11:04] C:\DOCUME~1\UTILIS~1\APPLIC~1\Ahead
[14/01/2007|20:15] C:\DOCUME~1\UTILIS~1\APPLIC~1\Apple Computer
[09/02/2007|16:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\ATI
[23/01/2007|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Azureus
[05/02/2006|20:37] C:\DOCUME~1\UTILIS~1\APPLIC~1\BitTorrent
[09/10/2007|10:33] C:\DOCUME~1\UTILIS~1\APPLIC~1\Canon
[14/09/2006|17:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\DeepBurner
[16/11/2004|23:14] C:\DOCUME~1\UTILIS~1\APPLIC~1\desktop.ini
[08/02/2007|16:39] C:\DOCUME~1\UTILIS~1\APPLIC~1\Dev-Cpp
[12/03/2008|13:27] C:\DOCUME~1\UTILIS~1\APPLIC~1\DonationCoder
[10/11/2007|17:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\dvdcss
[04/02/2006|13:37] C:\DOCUME~1\UTILIS~1\APPLIC~1\eConf
[13/03/2008|13:13] C:\DOCUME~1\UTILIS~1\APPLIC~1\Eltima Software
[15/02/2006|16:43] C:\DOCUME~1\UTILIS~1\APPLIC~1\Google
[14/02/2008|21:24] C:\DOCUME~1\UTILIS~1\APPLIC~1\gtk-2.0
[03/08/2005|13:10] C:\DOCUME~1\UTILIS~1\APPLIC~1\Help
[16/11/2004|23:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Identities
[18/12/2004|20:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\InterVideo
[03/01/2008|22:14] C:\DOCUME~1\UTILIS~1\APPLIC~1\KompoZer
[21/11/2006|21:54] C:\DOCUME~1\UTILIS~1\APPLIC~1\Lavasoft
[16/02/2006|19:49] C:\DOCUME~1\UTILIS~1\APPLIC~1\Leadertech
[14/05/2007|18:44] C:\DOCUME~1\UTILIS~1\APPLIC~1\LimeWire
[13/01/2006|17:02] C:\DOCUME~1\UTILIS~1\APPLIC~1\Macromedia
[16/11/2004|23:14] C:\DOCUME~1\UTILIS~1\APPLIC~1\Microsoft
[15/03/2006|13:34] C:\DOCUME~1\UTILIS~1\APPLIC~1\Mozilla
[18/01/2006|19:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\MSNInstaller
[03/01/2008|11:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\Nero
[15/03/2006|13:18] C:\DOCUME~1\UTILIS~1\APPLIC~1\Notepad++
[15/03/2007|13:45] C:\DOCUME~1\UTILIS~1\APPLIC~1\Nvu
[02/04/2008|21:32] C:\DOCUME~1\UTILIS~1\APPLIC~1\OpenOffice.org2
[11/12/2006|12:50] C:\DOCUME~1\UTILIS~1\APPLIC~1\PlayFirst
[03/06/2007|12:39] C:\DOCUME~1\UTILIS~1\APPLIC~1\QuickZip45.ini
[19/12/2004|16:06] C:\DOCUME~1\UTILIS~1\APPLIC~1\Real
[09/10/2007|10:29] C:\DOCUME~1\UTILIS~1\APPLIC~1\ScanSoft
[15/11/2006|21:17] C:\DOCUME~1\UTILIS~1\APPLIC~1\Shareaza
[29/12/2007|13:31] C:\DOCUME~1\UTILIS~1\APPLIC~1\smc
[22/01/2006|12:08] C:\DOCUME~1\UTILIS~1\APPLIC~1\Sun
[13/01/2006|17:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\Symantec
[15/03/2006|13:35] C:\DOCUME~1\UTILIS~1\APPLIC~1\Talkback
[27/02/2007|20:58] C:\DOCUME~1\UTILIS~1\APPLIC~1\teamspeak2
[11/05/2007|19:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\vlc
[13/02/2008|21:20] C:\DOCUME~1\UTILIS~1\APPLIC~1\Winamp
[09/11/2006|21:23] C:\DOCUME~1\UTILIS~1\APPLIC~1\Zylom
--------------------\\ Tâches planifiées dans C:\WINDOWS\tasks
[26/08/2008 10:27][--ah-----] C:\WINDOWS\tasks\SA.DAT
[28/08/2001 15:00][-r-h-----] C:\WINDOWS\tasks\desktop.ini
--------------------\\ Listing des dossiers dans C:\Program Files
[24/05/2002|18:32] C:\Program Files\Accessoires
[27/10/2005|17:55] C:\Program Files\Activision
[04/07/2006|13:10] C:\Program Files\Adobe
[27/08/2006|21:38] C:\Program Files\Alwil Software
[24/12/2006|15:21] C:\Program Files\Apple Software Update
[16/08/2007|10:49] C:\Program Files\AskTBar
[14/09/2006|17:17] C:\Program Files\Astonsoft
[11/02/2006|13:41] C:\Program Files\Atari
[09/02/2007|16:45] C:\Program Files\ATI Technologies
[25/04/2008|23:26] C:\Program Files\AvantGo Connect
[16/11/2004|23:23] C:\Program Files\AviSynth 2.5
[11/03/2008|22:35] C:\Program Files\Aya Software
[15/01/2006|11:16] C:\Program Files\AZPR
[18/05/2006|20:27] C:\Program Files\BitComet
[14/12/2005|18:51] C:\Program Files\BoontyGames
[06/09/2006|17:56] C:\Program Files\Broderbund
[09/11/2006|21:16] C:\Program Files\BubbleBall
[05/03/2006|10:09] C:\Program Files\Canon
[12/03/2007|12:50] C:\Program Files\CCleaner
[24/06/2006|22:44] C:\Program Files\CDisplay
[24/05/2002|18:32] C:\Program Files\CHAT
[29/04/2008|16:34] C:\Program Files\CodeBlocks
[25/04/2008|23:26] C:\Program Files\Common Files
[16/11/2004|23:20] C:\Program Files\ComPlus Applications
[01/11/2007|13:15] C:\Program Files\CVF
[24/03/2007|19:21] C:\Program Files\DAEMON Tools
[24/03/2007|19:22] C:\Program Files\DaemonTools_WhenUSave_Installer
[25/03/2005|16:22] C:\Program Files\Dark Omen
[21/11/2006|11:40] C:\Program Files\Defenza
[24/05/2002|19:37] C:\Program Files\desktop.ini
[05/12/2004|17:54] C:\Program Files\Diablo II
[24/05/2002|19:38] C:\Program Files\DirectX
[29/01/2006|19:14] C:\Program Files\DivX
[09/02/2007|16:13] C:\Program Files\Doom 3
[19/03/2005|14:33] C:\Program Files\DOOM Collector's Edition
[14/01/2006|00:21] C:\Program Files\eMule
[27/03/2008|12:16] C:\Program Files\eRightSoft
[16/08/2008|18:28] C:\Program Files\Everest Poker
[24/05/2002|18:32] C:\Program Files\Fichiers communs
[17/04/2008|12:16] C:\Program Files\Flash Movie Player
[24/05/2002|19:37] C:\Program Files\folder.htt
[17/08/2008|20:07] C:\Program Files\Full Tilt Poker
[06/11/2006|17:29] C:\Program Files\GameHouse
[21/02/2005|22:50] C:\Program Files\GameSpy Arcade
[29/01/2006|19:15] C:\Program Files\Google
[24/11/2004|03:01] C:\Program Files\InstallShield Installation Information
[24/05/2002|18:32] C:\Program Files\Internet Explorer
[18/12/2004|20:51] C:\Program Files\InterVideo
[24/12/2006|15:20] C:\Program Files\InterVideo Information Service
[21/02/2006|10:06] C:\Program Files\Inventel
[13/03/2008|12:54] C:\Program Files\IVCsoft
[29/01/2006|19:05] C:\Program Files\IZArc
[22/01/2006|12:07] C:\Program Files\Java
[17/11/2004|01:14] C:\Program Files\Kaspersky Lab
[05/01/2005|20:49] C:\Program Files\K-Lite Codec Pack
[24/11/2004|02:59] C:\Program Files\KONAMI
[07/03/2007|15:24] C:\Program Files\Lavasoft
[23/02/2005|17:02] C:\Program Files\Logitech
[16/11/2004|23:20] C:\Program Files\Messenger
[01/08/2008|10:35] C:\Program Files\Messenger Plus! Live
[30/11/2005|19:08] C:\Program Files\Micro Application
[25/04/2008|23:24] C:\Program Files\Microsoft ActiveSync
[05/03/2008|15:21] C:\Program Files\Microsoft CAPICOM 2.1.0.2
[16/11/2004|23:25] C:\Program Files\microsoft frontpage
[24/12/2007|10:01] C:\Program Files\Microsoft Games
[10/02/2005|09:39] C:\Program Files\Microsoft Office
[05/04/2008|19:48] C:\Program Files\Microsoft Visual Studio
[08/02/2007|17:30] C:\Program Files\Microsoft Visual Studio 8
[05/04/2008|19:49] C:\Program Files\Microsoft Works
[08/02/2007|17:31] C:\Program Files\Microsoft.NET
[16/11/2004|23:22] C:\Program Files\Movie Maker
[15/03/2006|13:34] C:\Program Files\Mozilla Firefox
[05/04/2008|19:48] C:\Program Files\MSBuild
[16/11/2004|23:19] C:\Program Files\MSN
[16/11/2004|23:20] C:\Program Files\MSN Gaming Zone
[24/06/2006|12:35] C:\Program Files\MSN Messenger
[25/12/2006|00:34] C:\Program Files\MSXML 4.0
[26/08/2008|10:15] C:\Program Files\Navilog1
[25/04/2008|23:27] C:\Program Files\Navman
[24/05/2002|18:32] C:\Program Files\NetMeeting
[15/03/2006|13:18] C:\Program Files\Notepad++
[15/03/2007|13:44] C:\Program Files\Nvu
[08/04/2006|23:56] C:\Program Files\OneClick
[16/11/2004|23:20] C:\Program Files\Online Services
[02/04/2008|16:09] C:\Program Files\OpenOffice.org 2.4
[26/02/2007|07:30] C:\Program Files\OrangeHSS
[24/05/2002|18:32] C:\Program Files\Outlook Express
[10/07/2008|20:30] C:\Program Files\PartyGaming
[24/05/2002|18:32] C:\Program Files\PLUS!
[10/07/2008|21:53] C:\Program Files\PokerStars
[08/07/2008|19:12] C:\Program Files\PokerStrategy
[29/12/2005|15:19] C:\Program Files\PopCap Games
[14/11/2005|11:21] C:\Program Files\PowerPoint Viewer
[04/01/2006|15:26] C:\Program Files\QuickTime
[19/12/2004|16:06] C:\Program Files\Real
[21/02/2005|21:40] C:\Program Files\ReflexiveArcade
[18/08/2008|03:30] C:\Program Files\regs grim pop
[21/02/2005|21:40] C:\Program Files\Ricochet Xtreme
[19/05/2008|23:00] C:\Program Files\RKFree
[24/05/2002|19:41] C:\Program Files\S3INC
[26/02/2007|18:16] C:\Program Files\SAGEM
[09/10/2007|10:29] C:\Program Files\ScanSoft
[16/04/2007|18:16] C:\Program Files\Seagrand
[24/05/2002|18:36] C:\Program Files\Services en ligne
[15/11/2006|21:17] C:\Program Files\Shareaza
[24/10/2005|18:50] C:\Program Files\Sierra On-Line
[17/11/2004|00:25] C:\Program Files\SiS7012
[25/12/2007|21:23] C:\Program Files\SlySoft
[07/12/2004|17:52] C:\Program Files\Sports Interactive
[18/07/2006|19:29] C:\Program Files\StealthBot
[30/01/2006|07:27] C:\Program Files\Steam
[20/02/2008|10:51] C:\Program Files\StuffPlug3
[27/02/2007|20:35] C:\Program Files\Teamspeak2_RC2
[29/07/2006|19:48] C:\Program Files\TechnoMage
[29/12/2005|15:19] C:\Program Files\Trymedia
[08/01/2008|20:12] C:\Program Files\TuxType
[07/01/2006|22:07] C:\Program Files\Ubisoft
[08/06/2007|17:35] C:\Program Files\UltimateZip 2007
[24/05/2002|19:36] C:\Program Files\Uninstall Information
[12/03/2008|13:26] C:\Program Files\URLSnooper2
[16/01/2005|10:37] C:\Program Files\Viable Software Alternatives
[11/05/2007|19:21] C:\Program Files\VideoLAN
[12/01/2006|22:44] C:\Program Files\Wanadoo
[02/03/2005|10:51] C:\Program Files\Warcraft III
[06/09/2006|17:57] C:\Program Files\Web Publish
[12/04/2006|15:59] C:\Program Files\Webcamfirst
[13/02/2008|21:20] C:\Program Files\Winamp
[14/02/2008|20:57] C:\Program Files\Windows Live
[21/04/2008|22:55] C:\Program Files\Windows Live Safety Center
[24/12/2006|14:16] C:\Program Files\Windows Media Connect 2
[24/05/2002|18:32] C:\Program Files\Windows Media Player
[10/02/2005|09:40] C:\Program Files\Windows Messaging
[16/11/2004|23:19] C:\Program Files\Windows NT
[16/11/2004|23:23] C:\Program Files\WindowsUpdate
[15/01/2006|11:19] C:\Program Files\WinRAR
[23/06/2006|23:46] C:\Program Files\WinZip
[16/11/2004|23:25] C:\Program Files\xerox
[08/03/2008|21:05] C:\Program Files\Xi
[16/01/2006|18:51] C:\Program Files\Yahoo!
[29/12/2005|21:01] C:\Program Files\Zuma Deluxe
[09/11/2006|21:23] C:\Program Files\Zylom Games
--------------------\\ Listing des dossiers dans C:\Program Files\Fichiers communs
[31/05/2006|22:21] C:\Program Files\Fichiers communs\Adobe
[04/07/2006|13:13] C:\Program Files\Fichiers communs\Adobe Systems Shared
[08/02/2007|17:30] C:\Program Files\Fichiers communs\Designer
[03/05/2006|12:25] C:\Program Files\Fichiers communs\DirectX
[21/02/2006|10:06] C:\Program Files\Fichiers communs\FDEUnInstaller.exe
[26/02/2007|07:30] C:\Program Files\Fichiers communs\France Telecom
[24/11/2004|02:58] C:\Program Files\Fichiers communs\InstallShield
[22/01/2006|12:05] C:\Program Files\Fichiers communs\Java
[23/02/2005|17:03] C:\Program Files\Fichiers communs\Logitech
[14/12/2005|18:52] C:\Program Files\Fichiers communs\Macrovision Shared
[08/02/2007|17:30] C:\Program Files\Fichiers communs\Merge Modules
[24/05/2002|18:32] C:\Program Files\Fichiers communs\Microsoft Shared
[16/11/2004|23:22] C:\Program Files\Fichiers communs\MSSoap
[03/01/2008|11:19] C:\Program Files\Fichiers communs\Nero
[08/03/2008|20:12] C:\Program Files\Fichiers communs\NSV
[16/11/2004|23:15] C:\Program Files\Fichiers communs\ODBC
[19/12/2004|16:06] C:\Program Files\Fichiers communs\Real
[09/10/2007|10:29] C:\Program Files\Fichiers communs\ScanSoft Shared
[24/05/2002|18:35] C:\Program Files\Fichiers communs\SERVICES
[16/11/2004|23:15] C:\Program Files\Fichiers communs\SpeechEngines
[13/01/2006|17:12] C:\Program Files\Fichiers communs\Symantec Shared
[24/05/2002|18:33] C:\Program Files\Fichiers communs\SYSTEM
[24/12/2006|15:20] C:\Program Files\Fichiers communs\Ulead
[02/03/2008|10:59] C:\Program Files\Fichiers communs\WindowsLiveInstaller
[09/11/2006|20:41] C:\Program Files\Fichiers communs\Wise Installation Wizard
[10/03/2008|18:58] C:\Program Files\Fichiers communs\xing shared
--------------------\\ Process
( 41 Processus )
... OK !
--------------------\\ Recherche avec S_Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Recherche de Fichiers / Dossiers Lop
Aucun fichier / dossier Lop trouvé !
--------------------\\ Verification du Registre
..... OK !
--------------------\\ Verification du fichier Hosts
Fichier Hosts PROPRE
--------------------\\ Recherche de fichiers avec Catchme
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-26 20:01:24
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0
--------------------\\ Recherche d'autres infections
Aucune autre infection trouvée !
[F:16][D:3]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\Temp
[F:15][D:0]-> C:\DOCUME~1\UTILIS~1\Cookies
[F:105][D:4]-> C:\DOCUME~1\UTILIS~1\LOCALS~1\TEMPOR~1\content.IE5
[F:2][D:0]-> C:\Recycled
--------------------\\ Fin du rapport a 20:03:21
Reposte un rapport Hijackthis.
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:09:04, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Everest Poker\Everest Poker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utilisateur\Bureau\lois\logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Bodyidol] C:\DOCUME~1\UTILIS~1\APPLIC~1\REGSGR~1\Mix itch great.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/p [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD28968C-854D-4633-8442-C29A2213D518}: NameServer = 192.168.1.1,208.67.222.0,208.67.220.220
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 8962 bytes
ss
Re,
Fix les lignes dans le cadre ci-dessous avec HijackThis : AIDE EN IMAGES
O2 - BHO: (no name) - {0EEDB912-C5FA-486F-8334-57288578C627} - (no file) |
Message édité par Angeldark le 30-08-2008 à 15:01:23
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:51:16, on 27/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utilisateur\Bureau\lois\logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/p [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD28968C-854D-4633-8442-C29A2213D518}: NameServer = 192.168.1.1,208.67.222.0,208.67.220.220
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 8720 bytes
Plus de nouvelle bonne nouvelle ? plus de virus ? merci pour ton aide
On termine.
Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir
Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic
Message édité par Angeldark le 30-08-2008 à 15:01:02
Répondre à Angeldark
Bonjours avec l'antivirus il m'a trouve 36 virus :s a chaque fois lors du scan j'ai fait ignore il fallait mettre en quarantaine non ?
Voici le rapport :
Avira AntiVir Personal
Report file date: jeudi 28 août 2008 21:50
Scanning for 1581048 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC_LOIS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 19:46:12
ANTIVIR3.VDF : 7.0.6.88 171520 Bytes 28/08/2008 19:46:14
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 28/08/2008 19:46:34
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 28/08/2008 19:46:32
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 28/08/2008 19:46:30
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 28/08/2008 19:46:16
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:22
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 28/08/2008 19:46:16
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: jeudi 28 août 2008 21:50
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'ATI2EVXX.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
38 processes with 38 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '59' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CA55AD5.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CA55AD5.exe
[DETECTION] Is the TR/Swizzor.A Trojan
[NOTE] The file was moved to '48f832e8.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47215270.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47215270.exe
[DETECTION] Is the TR/Swizzor.A Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\547966F8.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\547966F8.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/NetControle.30 back-door program
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCE07B4.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCE07B4.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4D6D28.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4D6D28.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E72CCA.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E72CCA.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53BC5D77.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53BC5D77.exe
[DETECTION] Is the TR/Drop.Web.381.5.B Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098F5D9B.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098F5D9B.exe
[DETECTION] Contains recognition pattern of the DIAL/302366 dialer
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405F2928.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405F2928.exe
[DETECTION] Is the TR/MSNTrick Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40A31ADD.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40A31ADD.exe
[DETECTION] Is the TR/MSNTrick Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{20795877-4C0D-41CD-BDAB-403F4B165244}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{20795877-4C0D-41CD-BDAB-403F4B165244}\00000001.URM
[DETECTION] Is the TR/Swizzor.A Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000002.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000002.URM
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000003.URM
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000007.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000007.URM
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000009.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000009.URM
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\0000000A.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\0000000A.URM
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0CA530F8-17EA-4617-82F6-BF38D7CAA0A1}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0CA530F8-17EA-4617-82F6-BF38D7CAA0A1}\00000001.URM
[DETECTION] Is the TR/Swizzor.A Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000001.URM
[DETECTION] Is the TR/Drop.Web.381.5.A Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000003.URM
[DETECTION] Is the TR/Drop.Web.381.5.C Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\0000000D.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\0000000D.URM
[DETECTION] Is the TR/Drop.Web.381.5.A Trojan
[WARNING] The file was ignored!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{24F08318-3341-4504-8BEB-010C354C87E2}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{24F08318-3341-4504-8BEB-010C354C87E2}\00000001.URM
[DETECTION] Contains recognition pattern of the DIAL/302366 dialer
[WARNING] The file was ignored!
C:\Documents and Settings\Utilisateur\Bureau\poker\PartyPoker_Installer\setup.exe
[DETECTION] Is the TR/Drop.Joiner.GM Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1338\A0277893.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1352\A0278602.exe
[DETECTION] Is the TR/Swizzor.1.2866 Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1364\A0281714.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1364\A0281716.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1366\A0281763.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282972.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282973.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282974.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282975.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1374\A0283114.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1374\A0283114.exe
[DETECTION] Is the TR/Swizzor.A Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1311\A0277115.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1311\A0277117.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\Mix itch great.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\Comp delete five drv.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\iexfptqy.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\ruefnwyx.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[WARNING] The file was ignored!
End of the scan: vendredi 29 août 2008 01:37
Used time: 3:46:51 Hour(s)
The scan has been done completely.
9739 Scanning directories
460349 Files were scanned
38 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
460308 Files not concerned
2976 Archives were scanned
40 Warnings
1 Notes
merci encore de ton aide
Oui, en quarantaine.
Répondre à Angeldark
Tien voici le 1er rapprot avec le svirus mise en quarantaine il me dit qu'il y en a 47 et il ma fait un deuxiemme rapport que je te poste plus bas avec 8 virus
Avira AntiVir Personal
Report file date: vendredi 29 août 2008 13:48
Scanning for 1581830 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC_LOIS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 11:13:32
ANTIVIR3.VDF : 7.0.6.90 182272 Bytes 29/08/2008 11:13:34
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 29/08/2008 11:13:48
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 29/08/2008 11:13:44
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 29/08/2008 11:13:44
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 29/08/2008 11:13:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:22
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 29/08/2008 11:13:36
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 29 août 2008 13:48
The scan of running processes will be started
Scan process 'firefox.exe' - '0' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '59' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47215270.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47215270.exe
[DETECTION] Is the TR/Swizzor.A Trojan
[NOTE] The file was moved to '48ea0fdf.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\547966F8.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\547966F8.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/NetControle.30 back-door program
[NOTE] The file was moved to '48ef0fdd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCE07B4.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCE07B4.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[NOTE] The file was moved to '48fb0fec.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4D6D28.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4D6D28.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[NOTE] The file was moved to '48ec0fee.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E72CCA.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E72CCA.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[NOTE] The file was moved to '48fd0fde.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53BC5D77.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53BC5D77.exe
[DETECTION] Is the TR/Drop.Web.381.5.B Trojan
[NOTE] The file was moved to '48fa0fde.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098F5D9B.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098F5D9B.exe
[DETECTION] Contains recognition pattern of the DIAL/302366 dialer
[NOTE] The file was moved to '48f00fe4.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405F2928.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405F2928.exe
[DETECTION] Is the TR/MSNTrick Trojan
[NOTE] The file was moved to '48ed0fdc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40A31ADD.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40A31ADD.exe
[DETECTION] Is the TR/MSNTrick Trojan
[NOTE] The file was moved to '48f90fdc.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{20795877-4C0D-41CD-BDAB-403F4B165244}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{20795877-4C0D-41CD-BDAB-403F4B165244}\00000001.URM
[DETECTION] Is the TR/Swizzor.A Trojan
[NOTE] The file was moved to '48e80fdd.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000002.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000002.URM
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '496be446.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000003.URM
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48e80fde.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000007.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000007.URM
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '496be447.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000009.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\00000009.URM
[DETECTION] Is the TR/Dldr.Swizzor.DV Trojan
[NOTE] The file was moved to '48e80fd0.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\0000000A.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{8585D683-DD72-401A-A511-DBBADF1B152B}\0000000A.URM
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '48e80fdf.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0CA530F8-17EA-4617-82F6-BF38D7CAA0A1}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{0CA530F8-17EA-4617-82F6-BF38D7CAA0A1}\00000001.URM
[DETECTION] Is the TR/Swizzor.A Trojan
[NOTE] The file was moved to '496be478.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000001.URM
[DETECTION] Is the TR/Drop.Web.381.5.A Trojan
[NOTE] The file was moved to '48e80fe1.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000003.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\00000003.URM
[DETECTION] Is the TR/Drop.Web.381.5.C Trojan
[NOTE] The file was moved to '496be47a.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\0000000D.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{2DF0E6A5-10C9-4953-AB3F-AA6B1B19DAD8}\0000000D.URM
[DETECTION] Is the TR/Drop.Web.381.5.A Trojan
[NOTE] The file was moved to '48e80fe3.qua'!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{24F08318-3341-4504-8BEB-010C354C87E2}\00000001.URM
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\{24F08318-3341-4504-8BEB-010C354C87E2}\00000001.URM
[DETECTION] Contains recognition pattern of the DIAL/302366 dialer
[NOTE] The file was moved to '48e80fe2.qua'!
C:\Documents and Settings\Utilisateur\Bureau\poker\PartyPoker_Installer\setup.exe
[DETECTION] Is the TR/Drop.Joiner.GM Trojan
[NOTE] The file was moved to '492c116e.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1338\A0277893.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea11eb.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1352\A0278602.exe
[DETECTION] Is the TR/Swizzor.1.2866 Trojan
[NOTE] The file was moved to '48ea1210.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1364\A0281714.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea1225.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1364\A0281716.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4995d6de.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1366\A0281763.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea1228.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282972.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea1237.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282973.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4995d6c0.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282974.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea1239.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1371\A0282975.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea1238.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1374\A0283114.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1374\A0283114.exe
[DETECTION] Is the TR/Swizzor.A Trojan
[NOTE] The file was moved to '48ea123c.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283305.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283305.exe
[DETECTION] Is the TR/Swizzor.A Trojan
[NOTE] The file was moved to '48ea1241.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283306.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283306.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/NetControle.30 back-door program
[NOTE] The file was moved to '4995d6ba.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283307.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283307.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[NOTE] The file was moved to '48ea1242.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283308.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283308.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[NOTE] The file was moved to '4995d6bb.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283309.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283309.exe
[DETECTION] Is the TR/Flood.VB.DN.1 Trojan
[NOTE] The file was moved to '48ea1243.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283310.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283310.exe
[DETECTION] Is the TR/Drop.Web.381.5.B Trojan
[NOTE] The file was moved to '4995d6bc.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283311.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283311.exe
[DETECTION] Contains recognition pattern of the DIAL/302366 dialer
[NOTE] The file was moved to '48ea1245.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283312.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283312.exe
[DETECTION] Is the TR/MSNTrick Trojan
[NOTE] The file was moved to '48ea1244.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283313.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283313.exe
[DETECTION] Is the TR/MSNTrick Trojan
[NOTE] The file was moved to '4995d6bd.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283314.exe
[DETECTION] Is the TR/Drop.Joiner.GM Trojan
[NOTE] The file was moved to '48ea1246.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1311\A0277115.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea1260.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1311\A0277117.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4995d699.qua'!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\Mix itch great.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49301311.qua'!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\Comp delete five drv.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '49251317.qua'!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\iexfptqy.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '4930130e.qua'!
C:\Lop SD\Backup-Lop\LopScript\DOCUME~1\UTILIS~1\APPLIC~1\ruefnwyx.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '491d131e.qua'!
End of the scan: vendredi 29 août 2008 17:19
Used time: 3:31:17 Hour(s)
The scan has been done completely.
9747 Scanning directories
460260 Files were scanned
47 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
47 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
460210 Files not concerned
2965 Archives were scanned
3 Warnings
47 Notes
seconde repport :
Avira AntiVir Personal
Report file date: vendredi 29 août 2008 13:48
Scanning for 1581830 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC_LOIS
Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:54
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:42
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:20
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:54
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:16
ANTIVIR2.VDF : 7.0.6.60 2802176 Bytes 24/08/2008 11:13:32
ANTIVIR3.VDF : 7.0.6.90 182272 Bytes 29/08/2008 11:13:34
Engineversion : 8.1.1.23
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:22
AESCRIPT.DLL : 8.1.0.68 315770 Bytes 29/08/2008 11:13:48
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:50
AERDL.DLL : 8.1.0.20 418165 Bytes 24/04/2008 12:37:50
AEPACK.DLL : 8.1.2.1 364917 Bytes 15/07/2008 12:58:36
AEOFFICE.DLL : 8.1.0.22 192890 Bytes 29/08/2008 11:13:44
AEHEUR.DLL : 8.1.0.50 1388918 Bytes 29/08/2008 11:13:44
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:50
AEGEN.DLL : 8.1.0.36 315764 Bytes 29/08/2008 11:13:38
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:22
AECORE.DLL : 8.1.1.8 172406 Bytes 31/07/2008 08:33:22
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:50
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:06
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:02
AVREP.DLL : 8.0.0.2 98344 Bytes 29/08/2008 11:13:36
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:42
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:24
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:50
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:04
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:42
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:12
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:08
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:38
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 29 août 2008 13:48
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'WCESCOMM.EXE' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'opwareSE2.exe' - '1' Module(s) have been scanned
Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned
Scan process 'CLI.exe' - '1' Module(s) have been scanned
Scan process 'EXPLORER.EXE' - '1' Module(s) have been scanned
Scan process 'ALG.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'FTRTSVC.EXE' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'SPOOLSV.EXE' - '1' Module(s) have been scanned
Scan process 'ashServ.exe' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'SVCHOST.EXE' - '1' Module(s) have been scanned
Scan process 'LSASS.EXE' - '1' Module(s) have been scanned
Scan process 'SERVICES.EXE' - '1' Module(s) have been scanned
Scan process 'WINLOGON.EXE' - '1' Module(s) have been scanned
Scan process 'CSRSS.EXE' - '1' Module(s) have been scanned
Scan process 'SMSS.EXE' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '59' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\SYSTEM32\DRIVERS\sptd.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47215270.exe
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\47215270.exe
[DETECTION] Is the TR/Swizzor.A Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26004
[WARNING] The source file could not be found.
[NOTE] Attempting to perform action using the ARK lib.
[WARNING] Error in ARK lib
[NOTE] The file is scheduled for deleting after reboot.
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\547966F8.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCE07B4.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D4D6D28.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04E72CCA.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53BC5D77.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\098F5D9B.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\405F2928.exe
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40A31ADD.exe
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283315.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file was moved to '48ea217a.qua'!
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283316.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283317.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file is scheduled for deleting after reboot.
C:\System Volume Information\_restore{C3F65C08-27B6-41F0-A8F4-902C0AF49F6A}\RP1376\A0283318.exe
[DETECTION] Is the TR/Dldr.Swizzor.Gen Trojan
[NOTE] The file is scheduled for deleting after reboot.
End of the scan: vendredi 29 août 2008 18:24
Used time: 4:35:55 Hour(s)
The scan has been done completely.
9746 Scanning directories
460254 Files were scanned
5 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
11 Files cannot be scanned
460238 Files not concerned
2965 Archives were scanned
12 Warnings
5 Notes
Voiloi merci de ton aide et bon courage désolé pour le retard
Reposte un rapport Hijackthis 
Répondre à Angeldark
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:11:04, on 30/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\PokerStars\PokerStars.exe
C:\Documents and Settings\Utilisateur\Bureau\lois\logiciel\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NetXfer - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files\Xi\NetXfer\NXIEHelper.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: NetXfer - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files\Xi\NetXfer\NXToolBar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: Pense-bête.lnk = C:\Program Files\Broderbund\PrintMaster\PMREMIND.EXE
O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddList.html
O8 - Extra context menu item: Télécharger avec NetXfer - C:\Program Files\Xi\NetXfer\NXAddLink.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra 'Tools' menuitem: Titan Poker - {49783ED4-258D-4f9f-BE11-137C18D3E543} - C:\Poker\Titan Poker\casino.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-F [...] E_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bina [...] b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/p [...] wflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/bina [...] b56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD28968C-854D-4633-8442-C29A2213D518}: NameServer = 192.168.1.1,208.67.222.0,208.67.220.220
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
--
End of file - 8668 bytes
Ton pc se comporte mieux ?
Répondre à Angeldark
IL se comporté bien avant il avait juste quelque pub qui s'affiche et le virus swizzor maintenant j'ai l'impression que c'est bon . Merci de ton aide
Tiens moi au courant si t'as un problème.
Répondre à Angeldark
Dernière petite question lse virus en quarantaine j'en fait quoi ?
Merci pour ton aide encore un grand merci .
Tu peux les laisser ou supprimer, comme tu veux.
Répondre à Angeldark
Il y a 1935 utilisateurs connus et inconnus. Pour voir la liste des connectés connus, cliquez ici.
