Aller au contenu

liastik

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    22

  • Inscription

  • Dernière visite

Autres informations

  • Mes langues
    fr

liastik's Achievements

Member

Member (4/12)

0

Réputation sur la communauté

  1. liastik
    hello budget: max 300 euros (c'est assez?) utilisation: rien de sur puissant, un peu de jeu mais pas forcement les dernières nouveautés, du traitement d'image en amateur, j'aimerai l'utiliser comme télé, mais je veux surtout du SILENCE, parfois je me demande si j'ai pas pris l'option aspirateur qd je l'ai acheté merci a+
  2. liastik
    bonjour j'aimerai remettre à jour mon pc... mais j'ai besoin de votre aide: - c'est un pc constructeur (siemens) - j'aimerai changer la carte graphique - il fait un bruit de fusée malgrè de multiples nettoyages faut-il changer de boitier et d'alim? - dois-je changer de carte mère? si oui quelles infos dois-je trouver pour la choisir? voilà le résumé materiel donné par "Everest Home Edition" --------[ Résumé ]------------------------------------------------------------------------------------------------------ Ordinateur: Système d'exploitation Microsoft Windows XP Home Edition Service Pack du système Service Pack 2 DirectX 4.09.00.0904 (DirectX 9.0c) Nom du système Nom de l'utilisateur Carte mère: Type de processeur Intel Pentium 4 516, 2933 MHz (22 x 133) Nom de la carte mère Inconnu Chipset de la carte mère SiS 649 Mémoire système 1024 Mo (SDRAM) Type de BIOS Award Modular (11/02/05) Port de communication Port de communication (COM1) Port de communication Port imprimante ECP (LPT1) Moniteur: Carte vidéo RADEON X550 Secondary (256 Mo) Carte vidéo RADEON X550 (256 Mo) Accélérateur 3D ATI Radeon X600 (RV380) Moniteur Écran Plug-and-Play [NoDB] (HSAP110527) Multimédia: Carte audio SiS 7012 Audio Device Stockage: Contrôleur IDE Contrôleur IDE standard double canal PCI Contrôleur IDE Contrôleur SiS PCI IDE Contrôleur SCSI/RAID SCSI/RAID Host Controller Disque dur ST3160021A (160 Go, 7200 RPM, Ultra-ATA/100) Disque dur GENERIC USB Storage-SDC USB Device Disque dur GENERIC USB Storage-SMC USB Device Disque dur GENERIC USB Storage-CFC USB Device Disque dur GENERIC USB Storage-MSC USB Device Disque dur Seagate External Drive USB Device (298 Go, USB) Lecteur optique _NEC DVD_RW ND-4550A (DVD+R9:8x, DVD-R9:6x, DVD+RW:16x/8x, DVD-RW:16x/8x, DVD-RAM:5x, DVD-ROM:16x, CD:48x/32x/48x DVD+RW/DVD-RW/DVD-RAM) Lecteur optique SC3232P EGZ831Q SCSI CdRom Device Lecteur optique SC3232P EGZ831Q SCSI CdRom Device État des disques durs SMART OK Partitions: C: (NTFS) 49999 Mo (1369 Mo libre) I: (NTFS) 102626 Mo (72254 Mo libre) N: (FAT32) 305168 Mo (49476 Mo libre) Taille totale 447.1 Go (120.2 Go libre) Entrée: Clavier Périphérique clavier PIH Souris Souris HID Réseau: Carte réseau D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C) (10.0.0.10) Périphériques: Imprimante Canon MP510 Printer Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB1 SiS 7001 PCI-USB Open Host Controller Contrôleur USB2 SiS 7002 USB 2.0 Enhanced Host Controller Périphérique USB Périphérique de stockage de masse USB Périphérique USB Périphérique de stockage de masse USB Périphérique USB Périphérique d'interface utilisateur USB Périphérique USB Périphérique d'interface utilisateur USB Périphérique USB Périphérique d'interface utilisateur USB Périphérique USB Périphérique USB composite merci pour vos conseils à bientôt
  3. liastik
    hello merci de ton aide... oui le pc fonctionne correctemment je supose que pour virer le truc sur j:/ il suffit de le supprimer... merci pour tout... a+
  4. liastik
    salut j'ai bien fait l'annulation-restauration de la restauration système et plus de nouvelle du virus.... j'ai baisser le niveau du guard et plus de message de antivir... mais bisarement le tutoriel sur lequel tu m'a envoyé dit de mettre sur High mais coche Medium.... j'ai un fichier msiexec.exe (pas de 16) bon et le rapport de panda normal? pendant que j'y suis: que sont les signalement "warning" de antivir? merci pour tout c'est bientôt résolu..... a+
  5. liastik
    re moi je viens de me rendre compte que la detection du guard antivir pour HEUR/Exploit.HTML se lance quand je vais sur la page d'accueil de hotmail pour ouvrir mon mail... est-ce une information importante??? estce que ce serait pas la mise en memoire de mon adresse mail qui pose un problème... merci encore a+
  6. liastik
    hello voilà le rapport panda...: Incident Statut Analyse Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[.xiti.com/] Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[.com.com/] Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[fl01.ct2.comclick.com/] Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\elias\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\elias\Cookies\elias@xiti[1].txt Adware:Adware/Gator No Désinfecté J:\System Volume Information\_restore{224BB6D7-577F-4451-B06E-980881E326F7}\RP371\A0073101.EXE[DivXPro511Adware.exe][Gain_Trickler.exe] Adware:Adware/Gator No Désinfecté J:\System Volume Information\_restore{224BB6D7-577F-4451-B06E-980881E326F7}\RP371\A0073114.EXE[DivXPro511Adware.exe][Gain_Trickler.exe] Adware:Adware/Gator No Désinfecté J:\codecs video\Gordian.Knot.Codec.Pack.1.7.Setup.exe[DivXPro511Adware.exe][Gain_Trickler.exe] pour ce qui est de "HEUR/Exploit.HTML" il est tjrs là et repéré par antivir... plus de message pour Hijackthis... merci @+
  7. liastik
    salut alors.... le rapport de antivir: en mode sans echec: AntiVir PersonalEdition Classic Report file date: vendredi 9 février 2007 18:48 Scanning for 667256 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Administrateur Computer name: ORDIDELIAS Version information: BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00 AVSCAN.EXE : 7.0.3.5 208936 Bytes 06/02/2007 21:32:11 AVSCAN.DLL : 7.0.3.1 35880 Bytes 06/02/2007 21:32:11 LUKE.DLL : 7.0.3.2 143400 Bytes 06/02/2007 21:32:12 LUKERES.DLL : 7.0.2.0 9256 Bytes 06/02/2007 21:32:12 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:35:27 ANTIVIR1.VDF : 6.37.0.153 3131392 Bytes 12/01/2007 21:32:13 ANTIVIR2.VDF : 6.37.1.37 495616 Bytes 05/02/2007 21:32:13 ANTIVIR3.VDF : 6.37.1.60 48640 Bytes 08/02/2007 21:23:08 AVEWIN32.DLL : 7.3.1.34 2290176 Bytes 06/02/2007 21:32:16 AVPREF.DLL : 7.0.2.0 23592 Bytes 06/02/2007 21:32:11 AVREP.DLL : 6.37.1.1 1105960 Bytes 06/02/2007 21:32:13 AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 09:43:31 AVPACK32.DLL : 7.2.0.5 368680 Bytes 06/02/2007 21:32:17 AVREG.DLL : 7.0.1.2 30760 Bytes 06/02/2007 21:32:11 NETNT.DLL : 6.32.0.0 6696 Bytes 27/09/2005 08:56:49 RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 06/02/2007 21:32:06 RCTEXT.DLL : 7.0.12.1 77864 Bytes 06/02/2007 21:32:06 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Skipped archive types............: BSD Mailbox, Netscape/Mozilla Mailbox, Eudora Mailbox, Squid cache, Pegasus Mailbox, MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Different risk categories........: +GAME,+JOKE,+PCK,+SPR, Start of the scan: vendredi 9 février 2007 18:48 The scan of running processes will be started Scan process 'avscan.exe' - '1' Modules have been scanned Scan process 'avcenter.exe' - '1' Modules have been scanned Scan process 'explorer.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'svchost.exe' - '1' Modules have been scanned Scan process 'lsass.exe' - '1' Modules have been scanned Scan process 'services.exe' - '1' Modules have been scanned Scan process 'winlogon.exe' - '1' Modules have been scanned Scan process 'csrss.exe' - '1' Modules have been scanned Scan process 'smss.exe' - '1' Modules have been scanned 11 processes with 11 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'I:\' [NOTE] No virus was found! Boot sector 'J:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( 15 files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file [iNFO] The file was moved to '461ebc45.qua'! Begin scan in 'I:\' <Nouveau nom> Begin scan in 'J:\' <SEA_DISC> J:\System Volume Information\_restore{224BB6D7-577F-4451-B06E-980881E326F7}\RP371\A0073070.exe [DETECTION] File has been compressed with an unusual runtime compression tool (PCK/FSG). Please verify the origin of the file [iNFO] The file was moved to '45fcc136.qua'! J:\System Volume Information\_restore{224BB6D7-577F-4451-B06E-980881E326F7}\RP371\A0073428.exe [DETECTION] Contains signature of the SPR/NodFix program [iNFO] The file was deleted! End of the scan: vendredi 9 février 2007 20:12 Used time: 1:24:00 min The scan has been done completely. 3696 Scanning directories 117367 Files were scanned 3 viruses and/or unwanted programs were found 1 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 117364 Files not concerned 1384 Archives were scanned 1 Warnings 1 Notes rapport du guard: 06/02/2007,22:17:19 --------------------------------------------------------- 06/02/2007,22:17:20 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 06/02/2007,22:17:20 AntiVirService Version: 7.00.00.35 AVE Version 7.2.0.14 VDF Version: 6.36.0.11 06/02/2007,22:17:21 Start Filter Device. 06/02/2007,22:17:21 Avira AntiVir PersonalEdition Classic has been started successfully! 06/02/2007,22:17:21 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO - Logfile report level 1 06/02/2007,22:19:11 Avira AntiVir PersonalEdition Classic service has been stopped! 06/02/2007,22:22:36 --------------------------------------------------------- 06/02/2007,22:22:41 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 06/02/2007,22:22:41 AntiVirService Version: 7.00.00.35 AVE Version 7.2.0.14 VDF Version: 6.36.0.11 06/02/2007,22:22:42 Start Filter Device. 06/02/2007,22:22:42 Avira AntiVir PersonalEdition Classic has been started successfully! 06/02/2007,22:22:42 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO - Logfile report level 1 06/02/2007,22:32:01 Avira AntiVir PersonalEdition Classic service has been stopped! 06/02/2007,22:32:20 --------------------------------------------------------- 06/02/2007,22:32:22 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 06/02/2007,22:32:22 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.44 06/02/2007,22:32:23 Start Filter Device. 06/02/2007,22:32:23 Avira AntiVir PersonalEdition Classic has been started successfully! 06/02/2007,22:32:23 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 07/02/2007,00:11:52 Avira AntiVir PersonalEdition Classic service has been stopped! 07/02/2007,00:12:45 --------------------------------------------------------- 07/02/2007,00:12:53 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 07/02/2007,00:12:53 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.44 07/02/2007,00:12:56 Start Filter Device. 07/02/2007,00:12:56 Avira AntiVir PersonalEdition Classic has been started successfully! 07/02/2007,00:12:57 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 07/02/2007,00:31:52 Avira AntiVir PersonalEdition Classic service has been stopped! 07/02/2007,00:33:01 --------------------------------------------------------- 07/02/2007,00:33:07 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 07/02/2007,00:33:07 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.44 07/02/2007,00:33:08 Start Filter Device. 07/02/2007,00:33:08 Avira AntiVir PersonalEdition Classic has been started successfully! 07/02/2007,00:33:09 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 07/02/2007,00:43:52 Avira AntiVir PersonalEdition Classic service has been stopped! 07/02/2007,16:45:06 --------------------------------------------------------- 07/02/2007,16:45:10 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 07/02/2007,16:45:10 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.44 07/02/2007,16:45:12 Start Filter Device. 07/02/2007,16:45:12 Avira AntiVir PersonalEdition Classic has been started successfully! 07/02/2007,16:45:13 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 07/02/2007,21:27:37 Avira AntiVir PersonalEdition Classic service has been stopped! 07/02/2007,21:28:26 --------------------------------------------------------- 07/02/2007,21:28:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 07/02/2007,21:28:28 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.44 07/02/2007,21:28:30 Start Filter Device. 07/02/2007,21:28:30 Avira AntiVir PersonalEdition Classic has been started successfully! 07/02/2007,21:28:31 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 07/02/2007,22:08:58 --------------------------------------------------------- 07/02/2007,22:09:01 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 07/02/2007,22:09:01 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.44 07/02/2007,22:09:03 Start Filter Device. 07/02/2007,22:09:03 Avira AntiVir PersonalEdition Classic has been started successfully! 07/02/2007,22:09:04 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 07/02/2007,22:09:05 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\WINDOWS\system32\msiexec16.exe [iNFO] The file will be deleted. 07/02/2007,22:09:31 [ERROR] Unable to delete the file: C:\WINDOWS\system32\msiexec16.exe Error description: 0x00000005 - Accès refusé. 07/02/2007,22:11:30 Avira AntiVir PersonalEdition Classic service has been stopped! 07/02/2007,22:12:53 --------------------------------------------------------- 07/02/2007,22:12:55 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 07/02/2007,22:12:55 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.44 07/02/2007,22:12:56 Start Filter Device. 07/02/2007,22:12:56 Avira AntiVir PersonalEdition Classic has been started successfully! 07/02/2007,22:12:56 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 07/02/2007,22:23:05 Update process started! 07/02/2007,22:23:07 Current Engine Version: 7.3.1.34 07/02/2007,22:23:07 Current Pattern File: 6.37.1.51 from 07/02/2007, 17:12 08/02/2007,00:31:51 Avira AntiVir PersonalEdition Classic service has been stopped! 08/02/2007,12:47:33 --------------------------------------------------------- 08/02/2007,12:47:35 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 08/02/2007,12:47:35 AntiVirService Version: 7.00.00.44 AVE Version 7.3.1.34 VDF Version: 6.37.1.51 08/02/2007,12:47:36 Start Filter Device. 08/02/2007,12:47:36 Avira AntiVir PersonalEdition Classic has been started successfully! 08/02/2007,12:47:38 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 08/02/2007,13:17:13 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 08/02/2007,13:19:31 Avira AntiVir PersonalEdition Classic service has been stopped! 08/02/2007,13:19:32 --------------------------------------------------------- 08/02/2007,13:19:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 08/02/2007,13:19:34 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.56 08/02/2007,13:19:35 Start Filter Device. 08/02/2007,13:19:35 Avira AntiVir PersonalEdition Classic has been started successfully! 08/02/2007,13:19:35 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Only scan files with one of the following extensions: . .386 .?HT* .ACM .ADE .ADP .ANI .APP .ASD .ASF .ASP .ASX .AWX .AX .BAS .BAT .BIN .BOO .CDF .CHM .CLASS .CMD .CNV .COM .CPL .CRT .CSH .DLL .DLO .DO? .DRV .EMF .EML .EXE* .FLT .FOT .HLP .HT* .INF .INI .INS .ISP .J2K .JAR .JFF .JFI .JFIF .JIF .JMH .JNG .JP2 .JPE .JPEG .JPG .JS* .JSE .LNK .MD? .MDB .MOD .MS? .NWS .OBJ .OCX .OLB .OSD .OV? .PCD .PDR .PGM .PHP .PIF .PKG .PL* .PNG .POT .PPS .PPT .PRG .RAR .REG .RPL .RTF .SBF .SCR .SCRIPT .SCT .SH .SHA .SHB .SHS .SHTM* .SPL .SWF .SYS .TLB .TMP .TSP .TTF .URL .VB? .VCS .VLM .VXD .VXO .WIZ .WLL .WMD .WMF .WMS .WMZ .WPC .WSC .WSF .WSH .WWK .XL? .XML .ZIP - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 MEDIUM - Logfile report level 1 08/02/2007,13:20:55 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 08/02/2007,13:24:44 [WARNING] Contains suspicious code HEUR/Exploit.HTML! C:\Documents and Settings\elias\Local Settings\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cache\ede8f782d01 [iNFO] The file will be moved to quarantine. 08/02/2007,14:41:16 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 08/02/2007,15:03:49 --------------------------------------------------------- 08/02/2007,15:03:51 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 08/02/2007,15:03:51 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.56 08/02/2007,15:03:53 Start Filter Device. 08/02/2007,15:03:53 Avira AntiVir PersonalEdition Classic has been started successfully! 08/02/2007,15:03:55 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 08/02/2007,15:04:27 [WARNING] Contains suspicious code HEUR/Exploit.HTML! C:\Documents and Settings\elias\Local Settings\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cache\ede8f782d01 [iNFO] The file will be moved to quarantine. 08/02/2007,15:10:22 --------------------------------------------------------- 08/02/2007,15:10:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 08/02/2007,15:10:28 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.56 08/02/2007,15:10:29 Start Filter Device. 08/02/2007,15:10:29 Avira AntiVir PersonalEdition Classic has been started successfully! 08/02/2007,15:10:30 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 08/02/2007,15:53:08 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 08/02/2007,16:50:25 --------------------------------------------------------- 08/02/2007,16:50:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 08/02/2007,16:50:28 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.56 08/02/2007,16:50:30 Start Filter Device. 08/02/2007,16:50:30 Avira AntiVir PersonalEdition Classic has been started successfully! 08/02/2007,16:50:31 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 08/02/2007,17:32:29 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 08/02/2007,18:07:32 --------------------------------------------------------- 08/02/2007,18:07:35 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 08/02/2007,18:07:35 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.56 08/02/2007,18:07:37 Start Filter Device. 08/02/2007,18:07:37 Avira AntiVir PersonalEdition Classic has been started successfully! 08/02/2007,18:07:38 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 08/02/2007,18:57:55 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 08/02/2007,22:23:09 Update process started! 08/02/2007,22:23:11 Current Engine Version: 7.3.1.34 08/02/2007,22:23:11 Current Pattern File: 6.37.1.60 from 08/02/2007, 20:09 08/02/2007,22:23:56 [WARNING] Contains suspicious code HEUR/Exploit.HTML! C:\Documents and Settings\elias\Local Settings\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cache\ede8f782d01 [iNFO] The file will be moved to quarantine. 09/02/2007,11:43:50 --------------------------------------------------------- 09/02/2007,11:43:53 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 09/02/2007,11:43:53 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.60 09/02/2007,11:43:56 Start Filter Device. 09/02/2007,11:43:56 Avira AntiVir PersonalEdition Classic has been started successfully! 09/02/2007,11:43:57 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 09/02/2007,11:51:09 --------------------------------------------------------- 09/02/2007,11:51:11 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 09/02/2007,11:51:11 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.60 09/02/2007,11:51:13 Start Filter Device. 09/02/2007,11:51:13 Avira AntiVir PersonalEdition Classic has been started successfully! 09/02/2007,11:51:14 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 09/02/2007,12:06:14 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 09/02/2007,16:36:28 --------------------------------------------------------- 09/02/2007,16:36:31 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 09/02/2007,16:36:31 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.60 09/02/2007,16:36:33 Start Filter Device. 09/02/2007,16:36:33 Avira AntiVir PersonalEdition Classic has been started successfully! 09/02/2007,16:36:35 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 09/02/2007,16:37:25 [WARNING] Contains suspicious code HEUR/Exploit.HTML! C:\Documents and Settings\elias\Local Settings\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cache\ede8f782d01 [iNFO] The file will be moved to quarantine. 10/02/2007,00:12:09 --------------------------------------------------------- 10/02/2007,00:12:13 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 10/02/2007,00:12:13 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.34 VDF Version: 6.37.1.60 10/02/2007,00:12:15 Start Filter Device. 10/02/2007,00:12:15 Avira AntiVir PersonalEdition Classic has been started successfully! 10/02/2007,00:12:16 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 10/02/2007,00:13:57 Update process started! 10/02/2007,00:14:02 Current Engine Version: 7.3.1.36 10/02/2007,00:14:02 Current Pattern File: 6.37.1.67 from 09/02/2007, 16:02 10/02/2007,08:10:25 --------------------------------------------------------- 10/02/2007,08:10:28 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 10/02/2007,08:10:28 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.36 VDF Version: 6.37.1.67 10/02/2007,08:10:30 Start Filter Device. 10/02/2007,08:10:30 Avira AntiVir PersonalEdition Classic has been started successfully! 10/02/2007,08:10:31 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 10/02/2007,08:17:31 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\is-G8FNK.tmp [iNFO] The file will be moved to quarantine. 10/02/2007,08:17:50 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\is-4BMIH.tmp [iNFO] No action will be taken on the file. 10/02/2007,08:18:05 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:18:12 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:18:19 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:18:26 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:18:31 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] The file will be moved to quarantine. 10/02/2007,08:18:32 [ERROR] Unable to delete the file: C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE Error description: 0x00000005 - Accès refusé. 10/02/2007,08:18:33 [ERROR] Unable to delete the file: C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE Error description: 0x00000005 - Accès refusé. 10/02/2007,08:18:33 [ERROR] Unable to delete the file: C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE Error description: 0x00000005 - Accès refusé. 10/02/2007,08:18:33 [ERROR] Unable to delete the file: C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE Error description: 0x00000005 - Accès refusé. 10/02/2007,08:18:33 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:18:40 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:18:19 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:18:59 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:38:45 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:38:51 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:39:15 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] No action will be taken on the file. 10/02/2007,08:51:11 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE [iNFO] The file will be moved to quarantine. 10/02/2007,11:13:55 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 10/02/2007,14:03:33 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe 10/02/2007,16:54:18 [WARNING] Contains suspicious code HEUR/Exploit.HTML! C:\Documents and Settings\elias\Local Settings\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cache\ede8f782d01 [iNFO] The file will be moved to quarantine. 10/02/2007,18:27:29 [WARNING] Contains a signature of the (dangerous) backdoor program BDS/Optix.Pro.13.26 Backdoor server programs! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP64\A0003410.exe [iNFO] The file will be deleted. 10/02/2007,20:50:25 [WARNING] Contains suspicious code HEUR/Exploit.HTML! C:\Documents and Settings\elias\Local Settings\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cache\ede8f782d01 [iNFO] The file will be moved to quarantine. 10/02/2007,20:52:44 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 10/02/2007,21:28:50 [WARNING] File has been compressed with an unusual runtime compression tool (PCK/Dumped). Please verify the origin of the file! C:\System Volume Information\_restore{A03CACBF-2A06-41BD-9DF5-70A1B2E7AEB3}\RP66\A0003967.EXE [iNFO] The file will be moved to quarantine. 11/02/2007,18:26:31 --------------------------------------------------------- 11/02/2007,18:26:34 Keyfile contains a valid license. The Avira AntiVir PersonalEdition Classic will run as a fully functional version! 11/02/2007,18:26:34 AntiVirService Version: 7.00.00.45 AVE Version 7.3.1.36 VDF Version: 6.37.1.67 11/02/2007,18:26:36 Start Filter Device. 11/02/2007,18:26:36 Avira AntiVir PersonalEdition Classic has been started successfully! 11/02/2007,18:26:38 [CONFIG] On-Access configuration used: - Files to scan: scan files from local drives - Device mode: scan files on open, scan files on close - Scan files with all extensions - Unpack runtime compressed files - Actions: ask the user - Heuristic: MACRO , WIN32 HIGH - Logfile report level 1 11/02/2007,20:34:00 [WARNING] Contains suspicious code HEUR/Exploit.HTML! C:\Documents and Settings\elias\Local Settings\Application Data\Mozilla\Firefox\Profiles\776ysw7e.default\cache\ede8f782d01 [iNFO] The file will be moved to quarantine. je t'ai mis les deux je savais pas lequel tu voulais.... voilà pour le rapport de Diag help: C:\WINDOWS\System32\FNTCACHE.DAT -->11/02/2007 18:26:12 C:\WINDOWS\System32\wpa.dbl -->10/02/2007 16:53:17 C:\WINDOWS\System32\perfh00C.dat -->08/02/2007 15:06:28 C:\WINDOWS\System32\perfh009.dat -->08/02/2007 15:06:28 C:\WINDOWS\System32\perfc00C.dat -->08/02/2007 15:06:28 C:\WINDOWS\System32\perfc009.dat -->08/02/2007 15:06:28 C:\WINDOWS\System32\PerfStringBackup.INI -->08/02/2007 15:06:27 C:\WINDOWS\System32\h323log.txt -->06/02/2007 21:58:10 C:\WINDOWS\System32\nscompat.tlb -->06/02/2007 21:17:52 C:\WINDOWS\System32\amcompat.tlb -->06/02/2007 21:17:52 C:\WINDOWS\System32\$winnt$.inf -->06/02/2007 21:09:07 C:\WINDOWS\System32\jpicpl32.cpl -->06/02/2007 21:06:14 C:\WINDOWS\System32\javaws.exe -->06/02/2007 21:06:14 C:\WINDOWS\System32\javaw.exe -->06/02/2007 21:06:14 C:\WINDOWS\System32\java.exe -->06/02/2007 21:06:14 C:\WINDOWS\System32\CONFIG.NT -->06/02/2007 21:03:56 C:\WINDOWS\System32\WindowsLogon.manifest -->06/02/2007 21:02:51 C:\WINDOWS\System32\logonui.exe.manifest -->06/02/2007 21:02:51 C:\WINDOWS\System32\wuaucpl.cpl.manifest -->06/02/2007 21:02:45 C:\WINDOWS\System32\sapi.cpl.manifest -->06/02/2007 21:02:45 C:\WINDOWS\System32\nwc.cpl.manifest -->06/02/2007 21:02:45 C:\WINDOWS\System32\ncpa.cpl.manifest -->06/02/2007 21:02:45 C:\WINDOWS\System32\cdplayer.exe.manifest -->06/02/2007 21:02:45 C:\WINDOWS\System32\emptyregdb.dat -->06/02/2007 21:01:09 C:\WINDOWS\System32\MRT.exe -->02/01/2007 15:19:46 C:\WINDOWS\WindowsUpdate.log -->11/02/2007 18:30:09 C:\WINDOWS\tsoc.log -->11/02/2007 18:30:08 C:\WINDOWS\ntdtcsetup.log -->11/02/2007 18:30:08 C:\WINDOWS\imsins.log -->11/02/2007 18:30:08 C:\WINDOWS\iis6.log -->11/02/2007 18:30:08 C:\WINDOWS\comsetup.log -->11/02/2007 18:30:08 C:\WINDOWS\setupapi.log -->11/02/2007 18:30:07 C:\WINDOWS\ocmsn.log -->11/02/2007 18:30:07 C:\WINDOWS\ocgen.log -->11/02/2007 18:30:07 C:\WINDOWS\msgsocm.log -->11/02/2007 18:30:07 C:\WINDOWS\KB885884.log -->11/02/2007 18:30:07 C:\WINDOWS\FaxSetup.log -->11/02/2007 18:30:07 C:\WINDOWS.log -->11/02/2007 18:26:52 C:\WINDOWS\bootstat.dat -->11/02/2007 18:26:19 C:\WINDOWS\wiaservc.log -->11/02/2007 01:17:31 C:\WINDOWS\SOUNDMAN.EXE |06/02/2007 21:43:08 C:\WINDOWS\twunk_16.exe |05/08/2004 13:00:00 C:\WINDOWS\twunk_32.exe |05/08/2004 13:00:00 C:\WINDOWS\UNNeroVision.exe |07/02/2007 00:00:39 C:\WINDOWS\UNNMP.exe |07/02/2007 00:03:14 C:\WINDOWS\twain.dll |05/08/2004 13:00:00 C:\WINDOWS\twain_32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\append.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\ati2evxx.exe |15/09/2005 04:52:12 C:\WINDOWS\system32\Ati2mdxx.exe |15/09/2005 04:53:30 C:\WINDOWS\system32\debug.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\dosx.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 18:47:34 C:\WINDOWS\system32\edlin.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\exe2bin.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\fastopen.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\HdAShCut.exe |27/10/2004 15:21:30 C:\WINDOWS\system32\java.exe |06/02/2007 21:06:31 C:\WINDOWS\system32\javaw.exe |06/02/2007 21:06:31 C:\WINDOWS\system32\javaws.exe |06/02/2007 21:06:31 C:\WINDOWS\system32\mem.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\mscdexnt.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\NeroCheck.exe |07/02/2007 00:02:01 C:\WINDOWS\system32\nlsfunc.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\pxcpya64.exe |08/02/2007 14:15:42 C:\WINDOWS\system32\pxhpinst.exe |08/02/2007 14:15:42 C:\WINDOWS\system32\pxinsa64.exe |08/02/2007 14:15:42 C:\WINDOWS\system32\pxinsi64.exe |08/02/2007 14:15:42 C:\WINDOWS\system32\redir.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\RTLCPL.EXE |06/02/2007 21:43:10 C:\WINDOWS\system32\setver.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\share.exe |05/08/2004 13:00:00 C:\WINDOWS\system32\usrmlnka.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\usrprbda.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\usrshuta.exe |23/08/2001 18:47:48 C:\WINDOWS\system32\aIPH.dll |06/02/2007 22:13:25 C:\WINDOWS\system32\amstream.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ANICtl.dll |06/02/2007 22:13:25 C:\WINDOWS\system32\ANIOApi.dll |06/02/2007 22:13:16 C:\WINDOWS\system32\ANIWZCS2.dll |06/02/2007 22:13:25 C:\WINDOWS\system32\AQCKGen.dll |06/02/2007 22:13:25 C:\WINDOWS\system32\ati2cqag.dll |15/09/2005 03:59:22 C:\WINDOWS\system32\ati2dvag.dll |15/09/2005 04:58:48 C:\WINDOWS\system32\ati2edxx.dll |15/09/2005 04:53:24 C:\WINDOWS\system32\ati2evxx.dll |15/09/2005 04:53:14 C:\WINDOWS\system32\ati3duag.dll |15/09/2005 04:44:50 C:\WINDOWS\system32\ATIDDC.DLL |15/09/2005 04:51:48 C:\WINDOWS\system32\ATIDEMGR.dll |15/09/2005 06:55:12 C:\WINDOWS\system32\atiiiexx.dll |06/02/2007 21:44:19 C:\WINDOWS\system32\atikvmag.dll |15/09/2005 04:27:20 C:\WINDOWS\system32\atioglx1.dll |15/09/2005 06:14:52 C:\WINDOWS\system32\atioglxx.dll |15/09/2005 05:13:10 C:\WINDOWS\system32\atipdlxx.dll |15/09/2005 04:53:46 C:\WINDOWS\system32\atitvo32.dll |15/09/2005 04:04:28 C:\WINDOWS\system32\ativcoxx.dll |09/11/2001 17:01:04 C:\WINDOWS\system32\ativvaxx.dll |15/09/2005 04:39:24 C:\WINDOWS\system32\atmfd.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\atmlib.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\avsda.dll |06/02/2007 22:17:15 C:\WINDOWS\system32\compatUI.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\dgrpsetu.dll |06/02/2007 21:52:49 C:\WINDOWS\system32\dgsetup.dll |06/02/2007 21:52:49 C:\WINDOWS\system32\encdec.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\EqnClass.Dll |06/02/2007 21:52:48 C:\WINDOWS\system32\HdAProp.dll |27/10/2004 15:21:28 C:\WINDOWS\system32\HdAudRes.dll |27/10/2004 15:21:14 C:\WINDOWS\system32\hticons.dll |06/02/2007 21:00:07 C:\WINDOWS\system32\hypertrm.dll |06/02/2007 20:59:40 C:\WINDOWS\system32\iccvid.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ImagX7.dll |06/02/2007 23:59:56 C:\WINDOWS\system32\ImagXpr7.dll |06/02/2007 23:59:56 C:\WINDOWS\system32\ImagXR7.dll |06/02/2007 23:59:57 C:\WINDOWS\system32\ImagXRA7.dll |06/02/2007 23:59:57 C:\WINDOWS\system32\ir32_32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir41_qc.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir41_qcx.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\Ir50_32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir50_qc.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\ir50_qcx.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\isrdbg32.dll |06/02/2007 21:01:27 C:\WINDOWS\system32\jgaw400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgdw400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgmd400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgpl400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgsd400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\jgsh400.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\JJAKEn.dll |06/02/2007 22:13:25 C:\WINDOWS\system32\mdwmdmsp.dll |23/08/2001 18:47:06 C:\WINDOWS\system32\msdmo.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\msencode.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\odSupp_M.dll |06/02/2007 22:13:25 C:\WINDOWS\system32\Oemdspif.dll |15/09/2005 04:53:36 C:\WINDOWS\system32\paqsp.dll |23/08/2001 18:47:16 C:\WINDOWS\system32\PCDLIB32.DLL |08/12/1998 18:53:58 C:\WINDOWS\system32\picn20.dll |06/02/2007 23:59:56 C:\WINDOWS\system32\px.dll |08/02/2007 14:15:42 C:\WINDOWS\system32\pxafs.dll |08/02/2007 14:15:42 C:\WINDOWS\system32\pxdrv.dll |08/02/2007 14:15:42 C:\WINDOWS\system32\pxmas.dll |08/02/2007 14:15:42 C:\WINDOWS\system32\pxsfs.dll |08/02/2007 14:15:42 C:\WINDOWS\system32\pxwave.dll |08/02/2007 14:15:42 C:\WINDOWS\system32\qedwipes.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\RTLCPAPI.dll |06/02/2007 21:43:11 C:\WINDOWS\system32\sbe.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\slbcsp.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\slbiop.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\slbrccsp.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\spnike.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\sprio600.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\sprio800.dll |23/08/2001 18:47:18 C:\WINDOWS\system32\spxcoins.dll |06/02/2007 21:52:48 C:\WINDOWS\system32\tsd32.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\TwnLib20.dll |06/02/2007 23:59:56 C:\WINDOWS\system32\TwnLib4.dll |06/02/2007 23:59:57 C:\WINDOWS\system32\usrcntra.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrcoina.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrdpa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrdtea.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrfaxa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrlbva.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrrtosa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrsdpia.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrsvpia.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrv42a.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrv80a.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrvoica.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\usrvpa.dll |23/08/2001 18:47:20 C:\WINDOWS\system32\vxblock.dll |08/02/2007 14:15:42 C:\WINDOWS\system32\win87em.dll |05/08/2004 13:00:00 C:\WINDOWS\system32\wlanapi.dll |06/02/2007 22:13:25 C:\WINDOWS\system32\WlanApp.dll |06/02/2007 22:13:25 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 88AD-DFA4 Répertoire de C:\WINDOWS\system32 05/08/2004 13:00 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 29 795 147 776 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 88AD-DFA4 Répertoire de C:\WINDOWS\Downloaded Program Files 06/02/2007 21:02 <REP> . 06/02/2007 21:02 <REP> .. 06/02/2007 21:02 65 desktop.ini 1 fichier(s) 65 octets Total des fichiers listés : 1 fichier(s) 65 octets 2 Rép(s) 29 795 147 776 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Liste des programmes installes Ad-Aware SE Personal Adobe Reader 6.0.1 Adobe Shockwave Player AirPlus G AirPlus G ANIO Service ANIWZCS2 Service Archiveur WinRAR ATI Catalyst Control Center ATI Display Driver Avira AntiVir PersonalEdition Classic BSPlayer CCV Patch 501a Close Combat Invasion Normandie Correctif pour Windows XP (KB889527) Correctif pour Windows XP (KB893357) Correctif pour Windows XP (KB903234) Correctif pour Windows XP (KB904412) Correctif pour Windows XP (KB906569) Correctif pour Windows XP (KB907865) Correctif pour Windows XP (KB914440) Correctif Windows XP - KB834707 Correctif Windows XP - KB873339 Correctif Windows XP - KB883529 Correctif Windows XP - KB883667 Correctif Windows XP - KB884575 Correctif Windows XP - KB884883 Correctif Windows XP - KB885250 Correctif Windows XP - KB885523 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB885855 Correctif Windows XP - KB885884 Correctif Windows XP - KB885894 Correctif Windows XP - KB886185 Correctif Windows XP - KB886677 Correctif Windows XP - KB886716 Correctif Windows XP - KB887742 Correctif Windows XP - KB887797 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB888402 Correctif Windows XP - KB889016 Correctif Windows XP - KB889673 Correctif Windows XP - KB890831 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 Correctif Windows XP - KB892627 Correctif Windows XP - KB893056 Correctif Windows XP - KB896626 eMule GameSpy Arcade High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 Hijackthis Version Française Hotfix for Windows XP (KB915865) J2SE Runtime Environment 5.0 Language pack for Ad-Aware SE Lecteur Windows Media 10 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office XP Professional with FrontPage Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899589) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB900930) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB919007) Mise à jour de sécurité pour Windows XP (KB920213) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB920685) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour de sécurité pour Windows XP (KB922819) Mise à jour de sécurité pour Windows XP (KB923191) Mise à jour de sécurité pour Windows XP (KB923414) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923694) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB923980) Mise à jour de sécurité pour Windows XP (KB924191) Mise à jour de sécurité pour Windows XP (KB924270) Mise à jour de sécurité pour Windows XP (KB924496) Mise à jour de sécurité pour Windows XP (KB925454) Mise à jour de sécurité pour Windows XP (KB926255) Mise à jour pour Windows XP (KB897663) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB904942) Mise à jour pour Windows XP (KB908531) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB911280) Mise à jour pour Windows XP (KB916595) Mise à jour pour Windows XP (KB920872) Mise à jour pour Windows XP (KB922582) Mozilla Firefox (2.0.0.1) Nero Suite Spybot - Search & Destroy 1.4 Sunbelt Kerio Personal Firewall VideoLAN VLC media player 0.8.6a WebFldrs XP Winamp (remove only) Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Format SDK Hotfix - KB891122 Windows Media Player 10 Hotfix - KB888656 Windows Messenger 5.1 Windows Messenger 5.1 MUI Pack Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 88AD-DFA4 Répertoire de C:\Program Files 10/02/2007 20:19 <REP> . 10/02/2007 20:19 <REP> .. 06/02/2007 22:15 <REP> Adobe 07/02/2007 00:03 <REP> Ahead 06/02/2007 22:13 <REP> ANI 10/02/2007 00:13 <REP> AntiVir PersonalEdition Classic 06/02/2007 21:45 <REP> ATI Technologies 06/02/2007 22:56 <REP> BACKUP 06/02/2007 21:00 <REP> ComPlus Applications 06/02/2007 21:52 <REP> D-Link 10/02/2007 20:24 <REP> eMule 10/02/2007 14:31 <REP> Fichiers communs 10/02/2007 19:07 <REP> GameSpy Arcade 10/02/2007 08:51 <REP> Hijackthis Version Française 06/02/2007 22:56 17 271 INSTALL.LOG 07/02/2007 00:32 <REP> Internet Explorer 06/02/2007 21:06 <REP> Java 08/02/2007 22:20 <REP> Lavasoft 06/02/2007 21:40 <REP> Messenger 10/02/2007 14:31 <REP> Microsoft ActiveSync 06/02/2007 21:06 <REP> microsoft frontpage 10/02/2007 14:30 <REP> Microsoft Office 06/02/2007 21:01 <REP> Movie Maker 11/02/2007 18:27 <REP> Mozilla Firefox 06/02/2007 20:59 <REP> MSN 06/02/2007 21:00 <REP> MSN Gaming Zone 06/02/2007 21:01 <REP> NetMeeting 06/02/2007 21:00 <REP> Online Services 07/02/2007 00:25 <REP> Outlook Express 06/02/2007 21:02 <REP> Services en ligne 09/02/2007 17:24 <REP> Spybot - Search & Destroy 06/02/2007 22:39 <REP> SSI 06/02/2007 22:18 <REP> Sunbelt Software 25/06/1999 10:55 149 504 UNWISE.EXE 06/02/2007 22:56 72 UNWISE.INI 10/02/2007 20:19 <REP> VideoLAN 06/02/2007 23:31 <REP> Webteh 08/02/2007 14:52 <REP> Winamp 07/02/2007 00:22 <REP> Windows Media Player 06/02/2007 21:00 <REP> Windows NT 06/02/2007 22:53 <REP> WinRAR 06/02/2007 21:06 <REP> xerox 3 fichier(s) 166 847 octets 39 Rép(s) 29 795 328 000 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 88AD-DFA4 Répertoire de C:\Program Files\fichiers communs 10/02/2007 14:31 <REP> . 10/02/2007 14:31 <REP> .. 06/02/2007 22:15 <REP> Adobe 06/02/2007 23:59 <REP> Ahead 10/02/2007 14:31 <REP> Designer 06/02/2007 22:13 <REP> InstallShield 06/02/2007 21:06 <REP> Java 10/02/2007 14:31 <REP> Microsoft Shared 06/02/2007 21:01 <REP> MSSoap 07/02/2007 00:01 <REP> Nero 06/02/2007 21:53 <REP> ODBC 06/02/2007 21:01 <REP> Services 06/02/2007 21:53 <REP> SpeechEngines 10/02/2007 14:30 <REP> System 0 fichier(s) 0 octets 14 Rép(s) 29 795 328 000 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 88AD-DFA4 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 10/02/2007 14:31 <REP> . 10/02/2007 14:31 <REP> .. 10/02/2007 14:31 <REP> 1033 14/02/2001 21:45 1 318 912 MSONSEXT.DLL 13/02/2001 00:23 58 784 MSOSV.DLL 03/06/1999 12:09 122 937 MSOWS409.DLL 07/03/2001 07:00 127 033 MSOWS40c.DLL 06/08/2000 09:04 401 462 MSVCP60.DLL 22/01/2001 03:25 69 632 PKMAXCTL.DLL 22/01/2001 03:25 872 448 PKMCDO.DLL 22/01/2001 03:25 159 744 PKMCORE.DLL 07/02/2001 09:59 106 496 PKMFORMS.DLL 22/01/2001 03:25 671 744 PKMRES.DLL 22/01/2001 03:25 28 672 PKMSSTLB.DLL 22/01/2001 03:25 40 960 PKMTEMPL.DLL 22/01/2001 03:25 24 576 PKMTRACE.DLL 22/01/2001 03:25 86 016 PKMWS.DLL 22/01/2001 03:25 237 568 PROMDEMO.DLL 22/01/2001 03:25 184 320 SECMGR.DLL 22/01/2001 03:25 323 584 VAIDDMGR.DLL 22/01/2001 03:25 32 768 VAIMEM.DLL 18 fichier(s) 4 867 656 octets 3 Rép(s) 29 795 328 000 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 88AD-DFA4 Répertoire de C:\ 11/11/2001 00:00 68 096 diff.exe 27/08/2006 14:10 103 424 grep.exe 2 fichier(s) 171 520 octets 0 Rép(s) 29 795 323 904 octets libres c:\Documents and Settings\elias\Bureau\Shockwave_Installer_Slim.exe c:\Documents and Settings\elias\Bureau\DiagHelp\diff.exe c:\Documents and Settings\elias\Bureau\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\elias\Bureau\DiagHelp\Fport.exe c:\Documents and Settings\elias\Bureau\DiagHelp\grep.exe c:\Documents and Settings\elias\Bureau\DiagHelp\LFiles.exe c:\Documents and Settings\elias\Bureau\DiagHelp\LISTDLLS.exe c:\Documents and Settings\elias\Bureau\DiagHelp\pslist.exe c:\Documents and Settings\elias\Bureau\DiagHelp\streams.exe c:\Documents and Settings\elias\Bureau\DiagHelp\swreg.exe c:\Documents and Settings\elias\Local Settings\Temp\{66545400-DEF6-11d3-A09A-00E02919016C}\mpfull.exe c:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\BACKUP\FAILSAFE\avewin32.dll merci de ton aide.... pour le fichier de restauration je m'en doutais mais je sais pas où le supprimer.... a bientôt en esperant que je t'ai bien envoyer ce qu'il fallait.
  8. liastik
    re moi... antivir guard repére un autre virus "HEUR/Exploit.HTML" , qui malgrè la mise en quarantaine et la supression revient réguliérement, par ailleurs antivir ne l'avait pâs trouver en mode ss echec... voilà merci de vos conseils.... a bientôt
  9. liastik
    merci de ta réponse MAIS... j'ai encore des detection de antivir du virus: DS/Optix.Pro.13.26, mais il revient après chaque rallumage malgré le choix de "acces deny" dans antivir. j'ai fait une restauration et suprimmé le prog dans lequel il était caché puis le netoyage en mode sans échec puis le rapport HJ mais il est toujours là... situé dans: C:\System Volume Information\restore{A03CACBF-2A06-41BD-9DF5-70A1B27AEB3}\RP64\A0003410.exe donc il n'apparait pas dans hijackthis? ça ne serait pas un virus? pour la version de HJ c'est celle de zébulon... merci a+
  10. liastik
    bonjour pouvez vous analyser s'il vous plait ce rapport, la désinfectation de base en sans échec est faite avec antivir (qui était déjà mon anti virus) et qui bisarement repére un virus dans la version française de hijackthis (pck/dumped) merci d'avance pour les infos Logfile of HijackThis v1.99.1 Scan saved at 08:18:59, on 10/02/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\D-Link\AirPlus G\AirGCFG.exe C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.ati.com/online/cccwelcome/fra/drivers.html R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [iNTERNATIONAL] International* O17 - HKLM\System\CCS\Services\Tcpip\..\{3F5DF409-F0A9-4646-A047-7818CB1F708F}: NameServer = 192.168.1.1 O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe merci encore a bientôt
  11. liastik
    bonjour virus chopé...BDS/Optix.Pro.13.26, antivir le detecte mais il revient après chaque rallumage malgré le choix de "acces deny" dans antivir. j'ai fait une restauration et suprimmé le prog dans lequel il était caché mais il est toujours là... situé dans: C:\System Volume Information\restore{A03CACBF-2A06-41BD-9DF5-70A1B27AEB3}\RP64\A0003410.exe merci de votre aide si besoin j'envoie rapport HijackThis (que je ne sais pas lire). encore merci d'avance de votre aide PS je suis sous XP home sp2
  12. liastik
    Bonjour Question bête : peut-on changer le jingle d'ouverture de windows? et si oui comment??? merci a+
  13. liastik

    VPN

    liastik a posté un sujet dans Internet & Réseaux

    Bonjour J'ai suivi les tutoriels de zebulon pour créer les deux parties d'un vpn, mais impossible de se connecter... l'ordinateur client ne trouve pas (pourtant il cherche) l'hôte. Est ce que vous auriez une idée pour régler ce pb...? Merci d'avance A+
  14. liastik
    hello C FAIT.............!! plus de "hurl.exe" !!!! si ça peut servir à qqn j'ai utiliser GIPO@utilities que l'on peut telecharger ici sous le nom : GiPo@MoveOnBoot 1.9.5 merci de votre attention a tous ciao
  15. liastik
    hello C FAIT.............!! plus de "hurl.exe" !!!! si ça peut servir j'ai utiliser GIPO@utilities que l'on peut telecharger ici sous le nom : GiPo@MoveOnBoot 1.9.5 merci de votre attention a tous ciao
×
×
  • Créer...