dom21

bon un bon truc c'est sa a marché il s'eteind quand il sont décoché , donc qu'est qui faut je face

bonjour le gof , mon souci est toujour present et j'ai supprimé Swapclose.exe voila j'attend votre prochain message et merci encore

salut , oui j'attend suffisamment une fois toute la nuit et il etait pas arrete le lendemain. autrement voila le resultat de swapclose. REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management] "ClearPageFileAtShutdown"=dword:00000000 "DisablePagingExecutive"=dword:00000000 "LargeSystemCache"=dword:00000000 "NonPagedPoolQuota"=dword:00000000 "NonPagedPoolSize"=dword:00000000 "PagedPoolQuota"=dword:00000000 "PagedPoolSize"=dword:00000000 "SecondLevelDataCache"=dword:00000000 "SystemPages"=dword:0007b000 "PagingFiles"=hex(7):43,3a,5c,70,61,67,65,66,69,6c,65,2e,73,79,73,20,37,36,38,\ 20,31,35,33,36,00,00 "PhysicalAddressExtension"=dword:00000000 "SessionImageSize"=dword:00000010 "SessionViewSize"=dword:00000030 "SessionPoolSize"=dword:00000004 "WriteWatch"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters] "VideoInitTime"=dword:000002bf "EnablePrefetcher"=dword:00000003 "AppLaunchMaxNumPages"=dword:00000fa0 "AppLaunchMaxNumSections"=dword:000000aa "AppLaunchTimerPeriod"=hex:80,69,67,ff,ff,ff,ff,ff "BootMaxNumPages"=dword:0001f400 "BootMaxNumSections"=dword:00000ff0 "BootTimerPeriod"=hex:00,f2,d8,f8,ff,ff,ff,ff "MaxNumActiveTraces"=dword:00000008 "MaxNumSavedTraces"=dword:00000008 "RootDirPath"="Prefetch" "HostingAppList"="DLLHOST.EXE,MMC.EXE,RUNDLL32.EXE"

salut et excuse moi gof pour ce retard , c'est quand j'appuie sur le bouton menu démarrer>Arrêter l'ordinateur il s'arrete pas donc est grave.

salut , oui j'entend le son et c'est apres paf il plante

salut on me propose de faire un formatage de mon ordi j'ai le vrai cd de xp sp2 c'est celui que j'ai sur mon ordi donc pas de probleme mais il faut me montré quel marche a suivre parceque je ne l'ai jamais fais

PowerdownAfterShutdown a bien 1 donc a votre avis c'est quoi le probleme est ce grave

j'ai crée le raccourci et pareille avec toutes mes excuses j'en est mare sa fais plus un mois que je l'eteind en marche forcé

je l'ai fais et c'est pareille il plante dans le meme point il ne s'eteind pas oui elle c'est déroulé avec succes

je l'ai fais et pareille pour redemarre il a planté encore au meme point

pear qu'est ce qui faut que je fasse exactement

salut a tous, quand il faut que je redemarre ou pour arrete mon ordi le soir il ne veut pas s'arreté , il ce bloque a la page bleu fermeture de windowns et paf il est bloqué. j'ai été sur votre site a l'aide securité en croyant que c'etait un virus et non. comme celuis qui m'aidais doit etre en vacance ya t'il quelqu'un pour m'aidé. je vous remercie d'avance pour ce que vous faites.

bonjour, apres tout sa mon pc s'arrete toujour pas je suis obligé de l'arreté en forcé

salut la fermeture ne ce fais toujour pas mai pour hijack quand tu marque fermer tous les programmes et fix cheched et bien tout les programmes les quelles. Logfile of HijackThis v1.99.1 Scan saved at 04:07:38, on 01/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\TELES\skyDSL\tskyclnt.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TELES\skyDSL PCI\DVBData.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\TELES\skyDSL\Proxy\craxy.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TELES\skyDSL\tskymtpc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp\Rar$EX00.484\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080;ftp=127.0.0.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [skyDSLClient] "C:\Program Files\TELES\skyDSL\tskyclnt.exe" -q O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: DVB Data (skyDSL PCI).lnk = C:\Program Files\TELES\skyDSL PCI\DVBData.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\skysocks.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163757201231 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Proxy skyDSL (tntcraxy) - Unknown owner - C:\Program Files\TELES\skyDSL\Proxy\craxy.exe" service (file missing) O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

salut non il y a pas de message d'erreur. et autrement je me suis remis java mais quand j'essaye d'eteindr mon ordi je suis obligé de le fermé en forcé donc quand je le remet en route il y est plus. et pour enlevé les anciens je ne peux toujours pas allé dans le panneau de configue a la page suppr ou ajout . alors comment les supprimés. voila le scan hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:02:10, on 31/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\TELES\skyDSL\tskyclnt.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TELES\skyDSL PCI\DVBData.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\TELES\skyDSL\Proxy\craxy.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TELES\skyDSL\tskymtpc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp\Rar$EX00.641\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080;ftp=127.0.0.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [skyDSLClient] "C:\Program Files\TELES\skyDSL\tskyclnt.exe" -q O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DVB Data (skyDSL PCI).lnk = C:\Program Files\TELES\skyDSL PCI\DVBData.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163757201231 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer = 85.255.116.105 85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer = 85.255.116.105 85.255.112.63 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Proxy skyDSL (tntcraxy) - TELES Wireless Broadband Internet GmbH, Berlin - C:\Program Files\TELES\skyDSL\Proxy\craxy.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 5715 bytes

salut j'ai fais tout ce que tu ma marqué dans le message et paff toujour pareille avec toute mes excuses autrement le rapport smitfraud SmitFraudFix v2.207 Rapport fait à 4:53:08,75, 31/07/2007 Executé à partir de D:\plage\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

salut c'est pareille il a planté et voila le scan hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:01:07, on 30/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\TELES\skyDSL\tskyclnt.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TELES\skyDSL PCI\DVBData.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\TELES\skyDSL\Proxy\craxy.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TELES\skyDSL\tskymtpc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp\Rar$EX00.672\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=127.0.0.1:1080;gopher=127.0.0.1:8080;http=127.0.0.1:8080;https=127.0.0.1:8080;ftp=127.0.0.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [skyDSLClient] "C:\Program Files\TELES\skyDSL\tskyclnt.exe" -q O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DVB Data (skyDSL PCI).lnk = C:\Program Files\TELES\skyDSL PCI\DVBData.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163757201231 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer = 85.255.116.105 85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer = 85.255.116.105 85.255.112.63 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Proxy skyDSL (tntcraxy) - TELES Wireless Broadband Internet GmbH, Berlin - C:\Program Files\TELES\skyDSL\Proxy\craxy.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 5529 bytes

salut j'ai reussi avec panda Incident Statut Analyse Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.xiti.com/] Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.advertising.com/] Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.weborama.fr/] Spyware:Cookie/Mediaplex No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/Smartadserver No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.smartadserver.com/] Spyware:Cookie/Overture No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.overture.com/] Spyware:Cookie/Hitbox No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.hg1.hitbox.com/] Spyware:Cookie/YieldManager No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Toplist No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.toplist.cz/] Spyware:Cookie/2o7 No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.2o7.net/] Spyware:Cookie/cs.sexcounter No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.cs.sexcounter.com/] Spyware:Cookie/SexList No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.sexlist.com/] Spyware:Cookie/Humanclick No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[hc2.humanclick.com/] Spyware:Cookie/Tradedoubler No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.tradedoubler.com/] Spyware:Cookie/Yadro No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.yadro.ru/] Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/FastClick No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Adtech No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.adtech.de/] Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Comclick No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[fl01.ct2.comclick.com/] Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Statcounter No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.statcounter.com/] Spyware:Cookie/WebtrendsLive No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.metriweb.be/] Spyware:Cookie/PayCounter No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.paycounter.com/] Spyware:Cookie/GoStats No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.gostats.com/] Spyware:Cookie/Com.com No Désinfecté C:\Documents and Settings\Dominique\Application Data\Mozilla\Firefox\Profiles\68xtqw6v.default\cookies.txt[.com.com/] Outil indésirable:Application/Processor No Désinfecté C:\Documents and Settings\Dominique\Bureau\SmitfraudFix\Process.exe Outil indésirable:Application/SuperFast No Désinfecté C:\Documents and Settings\Dominique\Bureau\SmitfraudFix\restart.exe Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@247realmedia[1].txt Spyware:Cookie/PointRoll No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@ads.pointroll[1].txt Spyware:Cookie/Advertising No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@advertising[2].txt Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@atdmt[2].txt Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@bluestreak[2].txt Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@doubleclick[1].txt Spyware:Cookie/Findwhat No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@findwhat[1].txt Spyware:Cookie/Smartadserver No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@smartadserver[2].txt Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@weborama[2].txt Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Dominique\Cookies\dominique@xiti[1].txt Outil indésirable:Application/NirCmd.A No Désinfecté C:\WINDOWS\nircmd.exe Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe

j'ai des probleme avec panda et autrement voila le rapport hijack StartupList report, 28/07/2007, 14:54:51 StartupList version: 1.52.2 Started from : C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp\Rar$EX00.937\HijackThis.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\TELES\skyDSL\Proxy\craxy.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TELES\skyDSL\tskymtpc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\TELES\skyDSL\tskyclnt.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TELES\skyDSL PCI\DVBData.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\Dominique\Menu Démarrer\Programmes\Démarrage] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage] DVB Data (skyDSL PCI).lnk = C:\Program Files\TELES\skyDSL PCI\DVBData.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd avast! = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe SunJavaUpdateSched = "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" WooCnxMon = C:\PROGRA~1\Wanadoo\CnxMon.exe WOOWATCH = C:\PROGRA~1\Wanadoo\Watch.exe WOOTASKBARICON = C:\PROGRA~1\Wanadoo\TaskbarIcon.exe skyDSLClient = "C:\Program Files\TELES\skyDSL\tskyclnt.exe" -q Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" avgnt = "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min SpySweeper = C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\system32\ctfmon.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] = -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\system32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] StubPath = C:\WINDOWS\system32\ieudinit.exe [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: *No jobs found* -------------------------------------------------- Enumerating Download Program Files: [WUWebControl Class] InProcServer32 = C:\WINDOWS\system32\wuweb.dll CODEBASE = http://update.microsoft.com/windowsupdate/...b?1163757201231 [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [ActiveScan Installer Class] InProcServer32 = C:\WINDOWS\Downloaded Program Files\asinst.dll CODEBASE = http://acs.pandasoftware.com/activescan/as5free/asinst.cab [Java Plug-in 1.5.0_08] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab [shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: %windir%\system32\skysocks.dll (file MISSING) Protocol #2: %windir%\system32\skysocks.dll (file MISSING) Protocol #3: %windir%\system32\skysocks.dll (file MISSING) Protocol #4: %windir%\system32\skysocks.dll (file MISSING) Protocol #5: %windir%\system32\skysocks.dll (file MISSING) Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\rsvpsp.dll Protocol #10: C:\WINDOWS\system32\rsvpsp.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll Protocol #16: C:\WINDOWS\system32\mswsock.dll Protocol #17: C:\WINDOWS\system32\mswsock.dll Protocol #18: C:\WINDOWS\system32\mswsock.dll Protocol #19: C:\WINDOWS\system32\mswsock.dll Protocol #20: C:\WINDOWS\system32\mswsock.dll Protocol #21: C:\WINDOWS\system32\mswsock.dll Protocol #22: C:\WINDOWS\system32\mswsock.dll Protocol #23: %windir%\system32\skysocks.dll (file MISSING) -------------------------------------------------- Enumerating Windows NT/2000/XP services Pilote ACPI Microsoft: system32\DRIVERS\ACPI.sys (system) Suppresseur d'écho acoustique (Noyau Microsoft): system32\drivers\aec.sys (manual start) AFD: \SystemRoot\System32\drivers\afd.sys (system) Avertissement: %SystemRoot%\system32\svchost.exe -k LocalService (disabled) Service de la passerelle de la couche Application: %SystemRoot%\System32\alg.exe (manual start) Pilote de processeur AMD K7: system32\DRIVERS\amdk7.sys (system) AntiVir PersonalEdition Classic Scheduler: "C:\Program Files\AntiVir PersonalEdition Classic\sched.exe" (autostart) AntiVir PersonalEdition Classic Guard: "C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe" (autostart) Gestion d'applications: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Service d'état ASP.NET: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) avast! iAVS4 Control Service: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" (autostart) Pilote de média asynchrone RAS: system32\DRIVERS\asyncmac.sys (manual start) Contrôleur de disque dur IDE/ESDI standard: system32\DRIVERS\atapi.sys (system) Protocole client ATM ARP: system32\DRIVERS\atmarpc.sys (manual start) Audio Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote audio Stub: system32\DRIVERS\audstub.sys (manual start) avast! Antivirus: "C:\Program Files\Alwil Software\Avast4\ashServ.exe" (autostart) avast! Mail Scanner: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (manual start) avast! Web Scanner: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (manual start) avgio: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgio.sys (system) avgntflt: \??\C:\Program Files\AntiVir PersonalEdition Classic\avgntflt.sys (manual start) avipbb: system32\DRIVERS\avipbb.sys (system) Service de transfert intelligent en arrière-plan: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Explorateur d'ordinateur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de CD-ROM: system32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) Gestionnaire de l'Album: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) Application système COM+: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Services de cryptographie: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Lanceur de processus serveur DCOM: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) Client DHCP: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de disque: system32\DRIVERS\disk.sys (system) Service d'administration du Gestionnaire de disque logique: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) dmio: System32\drivers\dmio.sys (disabled) dmload: System32\drivers\dmload.sys (disabled) Gestionnaire de disque logique: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Synthétiseur DLS du noyau Microsoft: system32\drivers\DMusic.sys (manual start) Client DNS: %SystemRoot%\system32\svchost.exe -k NetworkService (autostart) Filtre de décodeur DRM (Noyau Microsoft): system32\drivers\drmkaud.sys (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Journal des événements: %SystemRoot%\system32\services.exe (autostart) Système d'événements de COM+: C:\WINDOWS\system32\svchost.exe -k netsvcs (manual start) Compatibilité avec le Changement rapide d'utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote de contrôleur de lecteur de disquettes: system32\DRIVERS\fdc.sys (manual start) Pilote NT de carte VIA PCI 10/100Mo Fast Ethernet: system32\DRIVERS\fetnd5.sys (manual start) VIA Rhine Family Fast Ethernet Adapter Driver Service: system32\DRIVERS\fetnd5b.sys (manual start) Pilote de lecteur de disquettes: system32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\DRIVERS\fltMgr.sys (system) Pilote du Gestionnaire de volume: system32\DRIVERS\ftdisk.sys (system) Énumérateur de port jeu: system32\DRIVERS\gameenum.sys (manual start) Classificateur de paquets générique: system32\DRIVERS\msgpc.sys (manual start) Aide et support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Accès du périphérique d'interface utilisateur: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) Pilote pour clavier i8042 et souris sur port PS/2: system32\DRIVERS\i8042prt.sys (system) Pilote de filtre de gravure CD: system32\DRIVERS\imapi.sys (system) Service COM de gravage de CD IMAPI: C:\WINDOWS\system32\imapi.exe (manual start) InCDPass: System32\DRIVERS\InCDPass.sys (system) InCD Helper: C:\Program Files\Ahead\InCD\InCDsrv.exe (autostart) Pilote du pare-feu Windows IPv6: system32\DRIVERS\Ip6Fw.sys (manual start) TELES IpDmx Miniport: system32\DRIVERS\tlsipdmx.sys (manual start) Pilote de filtre de trafic IP: system32\DRIVERS\ipfltdrv.sys (manual start) Pilote de tunnelage IP dans IP: system32\DRIVERS\ipinip.sys (manual start) Traducteur d'adresses réseau IP: system32\DRIVERS\ipnat.sys (manual start) Pilote IPSEC: system32\DRIVERS\ipsec.sys (system) Service énumérateur IR: system32\DRIVERS\irenum.sys (manual start) irtnampsmltl: system32\drivers\irtnampsmltl.sys (manual start) Pilote de bus Plug-and-Play ISA/EISA: system32\DRIVERS\isapnp.sys (system) Pilote de la classe Clavier: system32\DRIVERS\kbdclass.sys (system) Mélangeur audio Wave de noyau Microsoft: system32\drivers\kmixer.sys (manual start) Serveur: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Station de travail: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Assistance TCP/IP NetBIOS: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Affichage des messages: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Partage de Bureau à distance NetMeeting: C:\WINDOWS\system32\mnmsrvc.exe (manual start) Pilote de la classe Souris: system32\DRIVERS\mouclass.sys (system) Redirecteur client WebDav: system32\DRIVERS\mrxdav.sys (manual start) MRXSMB: system32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\system32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Proxy de service de répartition Microsoft: system32\drivers\MSKSSRV.sys (manual start) Proxy d'horloge de répartition Microsoft: system32\drivers\MSPCLOCK.sys (manual start) Proxy de gestion de qualité de répartition Microsoft: system32\drivers\MSPQM.sys (manual start) Pilote BIOS de gestion de systèmes Microsoft: system32\DRIVERS\mssmbios.sys (manual start) Pilote TAPI NDIS d'accès distant: system32\DRIVERS\ndistapi.sys (manual start) NDIS mode utilisateur E/S Protocole: system32\DRIVERS\ndisuio.sys (manual start) Pilote réseau étendu NDIS d'accès distant: system32\DRIVERS\ndiswan.sys (manual start) Interface NetBIOS: system32\DRIVERS\netbios.sys (system) NetBIOS sur TCP/IP: system32\DRIVERS\netbt.sys (system) DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) DSDM DDE réseau: %SystemRoot%\system32\netdde.exe (disabled) Ouverture de session réseau: %SystemRoot%\system32\lsass.exe (manual start) Connexions réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NLA (Network Location Awareness): %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Fournisseur de la prise en charge de sécurité LM NT: %SystemRoot%\system32\lsass.exe (manual start) Stockage amovible: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) NTSIM: \??\C:\WINDOWS\system32\ntsim.sys (manual start) nv: system32\DRIVERS\nv4_mini.sys (manual start) Pilote de filtre de trafic IPX: system32\DRIVERS\nwlnkflt.sys (manual start) Pilote de transfert de trafic IPX: system32\DRIVERS\nwlnkfwd.sys (manual start) Pilote de port parallèle: system32\DRIVERS\parport.sys (manual start) PCI Bus Driver: system32\DRIVERS\pci.sys (system) VSO Software pcouffin: System32\Drivers\Pcouffin.sys (manual start) Padus ASPI Shell: system32\drivers\pfc.sys (manual start) Plug-and-Play: %SystemRoot%\system32\services.exe (autostart) Services IPSEC: %SystemRoot%\system32\lsass.exe (autostart) Miniport réseau étendu (PPTP): system32\DRIVERS\raspptp.sys (manual start) Emplacement protégé: %SystemRoot%\system32\lsass.exe (autostart) Planificateur de paquets QoS: system32\DRIVERS\psched.sys (manual start) Pilote de liaison parallèle directe: system32\DRIVERS\ptilink.sys (manual start) Pilote de connexion automatique d'accès distant: system32\DRIVERS\rasacd.sys (system) Gestionnaire de connexion automatique d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Miniport réseau étendu (L2TP): system32\DRIVERS\rasl2tp.sys (manual start) Gestionnaire de connexions d'accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) Pilote PPPOE d'accès à distance: system32\DRIVERS\raspppoe.sys (manual start) Parallèle direct: system32\DRIVERS\raspti.sys (manual start) Rdbss: system32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Gestionnaire de session d'aide sur le Bureau à distance: C:\WINDOWS\system32\sessmgr.exe (manual start) Pilote de filtre de lecture digitale de CD audio: system32\DRIVERS\redbook.sys (system) Routage et accès distant: %SystemRoot%\system32\svchost.exe -k netsvcs (disabled) Localisateur d'appels de procédure distante (RPC): %SystemRoot%\system32\locator.exe (manual start) Appel de procédure distante (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\system32\rsvp.exe (manual start) Gestionnaire de comptes de sécurité: %SystemRoot%\system32\lsass.exe (autostart) Carte à puce: %SystemRoot%\System32\SCardSvr.exe (manual start) Planificateur de tâches: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: system32\DRIVERS\secdrv.sys (manual start) Connexion secondaire: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Notification d'événement système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Pilote de filtre Serenum: system32\DRIVERS\serenum.sys (manual start) Pilote de port série: system32\DRIVERS\serial.sys (system) Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Détection matériel noyau: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Splitter audio du noyau Microsoft: system32\drivers\splitter.sys (manual start) Spouleur d'impression: %SystemRoot%\system32\spoolsv.exe (autostart) Pilote de filtre de restauration système: system32\DRIVERS\sr.sys (system) Service de restauration système: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Srv: system32\DRIVERS\srv.sys (manual start) Service de découvertes SSDP: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Spy Sweeper File System Filer Driver: 0509: SYSTEM32\Drivers\SSFS0509.SYS (system) Spy Sweeper Hookrack MiniDriver: SYSTEM32\Drivers\SSHRMD.SYS (system) Spy Sweeper Interdiction Driver: SYSTEM32\Drivers\SSIDRV.SYS (system) Webroot Spy Sweeper Keylogger Shield Keyboard Filter: System32\Drivers\sskbfd.sys (manual start) ssmdrv: system32\DRIVERS\ssmdrv.sys (system) Acquisition d'image Windows (WIA): %SystemRoot%\system32\svchost.exe -k imgsvc (manual start) Pilote de bus logiciel: system32\DRIVERS\swenum.sys (manual start) Synthétiseur de table de sons GC noyau Microsoft: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\system32\dllhost.exe /Processid:{7E981E2F-ABE3-46E1-A038-FC1546074C9E} (manual start) Périphérique audio système du noyau Microsoft: system32\drivers\sysaudio.sys (manual start) Journaux et alertes de performance: %SystemRoot%\system32\smlogsvc.exe (manual start) Téléphonie: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Pilote du protocole TCP/IP: system32\DRIVERS\tcpip.sys (system) Pilote de périphérique terminal: system32\DRIVERS\termdd.sys (system) Services Terminal Server: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Thèmes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) TELES Usr Helper Driver: system32\DRIVERS\tlsusr.sys (manual start) NT Driver for the Virtual skyDSL Modem: system32\DRIVERS\tlswandmx.sys (manual start) Proxy skyDSL: "C:\Program Files\TELES\skyDSL\Proxy\craxy.exe" service (autostart) Client de suivi de lien distribué: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) TechnoTrend DVB PCI budget Driver: system32\DRIVERS\ttdvblcd.sys (manual start) Filtre AGP version 3.5 Microsoft: system32\DRIVERS\uagp35.sys (system) Pilote de mise à jour microcode: system32\DRIVERS\update.sys (manual start) Hôte de périphérique universel Plug-and-Play: %SystemRoot%\system32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0: system32\DRIVERS\usbehci.sys (manual start) Concentrateur USB2: system32\DRIVERS\usbhub.sys (manual start) Pilote de stockage de masse USB: system32\DRIVERS\USBSTOR.SYS (manual start) Pilote miniport de contrôleur hôte universel USB Microsoft: system32\DRIVERS\usbuhci.sys (manual start) Service Messenger Sharing Folders USN Journal Reader: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start) VgaSave: \SystemRoot\System32\drivers\vga.sys (system) VIA AGP Filter: system32\DRIVERS\viaagp1.sys (system) ViaIde: system32\DRIVERS\viaide.sys (system) Cliché instantané de volume: %SystemRoot%\System32\vssvc.exe (manual start) Horloge Windows: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Pilote ARP IP d'accès distant: system32\DRIVERS\wanarp.sys (manual start) Pilote WINMM de compatibilité audio WDM Microsoft: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Moteur Webroot Spy Sweeper: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe (autostart) Infrastructure de gestion Windows: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Service de numéro de série du lecteur multimédia portable: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Carte de performance WMI: C:\WINDOWS\system32\wbem\wmiapsrv.exe (manual start) Service Partage réseau du Lecteur Windows Media: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start) Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0: \SystemRoot\System32\drivers\ws2ifsl.sys (system) Centre de sécurité: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Mises à jour automatiques: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start) Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start) Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start) Configuration automatique sans fil: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Service d'approvisionnement réseau: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\system32\webcheck.dll SysTray: C:\WINDOWS\system32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 35 045 bytes Report generated in 0,219 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

SmitFraudFix v2.207 Rapport fait à 14:26:46,78, 28/07/2007 Executé à partir de C:\Documents and Settings\Dominique\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 85.255.116.105 DNS Server Search Order: 85.255.112.63 HKLM\SYSTEM\CCS\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer=85.255.116.105 85.255.112.63 »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 85.255.116.105 DNS Server Search Order: 85.255.112.63 HKLM\SYSTEM\CCS\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer=85.255.116.105 85.255.112.63

salut resultat de smitfraux SmitFraudFix v2.207 Rapport fait à 12:38:31,09, 28/07/2007 Executé à partir de C:\Documents and Settings\Dominique\Bureau\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est NTFS Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» DNS Avant Fix Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: Carte Fast Ethernet compatible VIA - Miniport d'ordonnancement de paquets DNS Server Search Order: 85.255.116.105 DNS Server Search Order: 85.255.112.63 Votre ordinateur est certainement victime d'un détournement de DNS: 85.255.x.x détecté ! Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 85.255.116.105 DNS Server Search Order: 85.255.112.63 HKLM\SYSTEM\CCS\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer=85.255.116.105 85.255.112.63 HKLM\SYSTEM\CCS\Services\Tcpip\..\{6008E5E1-EE68-4862-B557-D800EA1E7B23}: DhcpNameServer=85.255.116.105,85.255.112.63 HKLM\SYSTEM\CCS\Services\Tcpip\..\{7AB95F61-1E64-4825-9D0D-E38E79B671A2}: DhcpNameServer=85.255.116.105,85.255.112.63 HKLM\SYSTEM\CS1\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer=85.255.116.105 85.255.112.63 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6008E5E1-EE68-4862-B557-D800EA1E7B23}: DhcpNameServer=85.255.116.105,85.255.112.63 HKLM\SYSTEM\CS1\Services\Tcpip\..\{7AB95F61-1E64-4825-9D0D-E38E79B671A2}: DhcpNameServer=85.255.116.105,85.255.112.63 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6008E5E1-EE68-4862-B557-D800EA1E7B23}: DhcpNameServer=85.255.116.105,85.255.112.63 HKLM\SYSTEM\CS2\Services\Tcpip\..\{7AB95F61-1E64-4825-9D0D-E38E79B671A2}: DhcpNameServer=85.255.116.105,85.255.112.63 »»»»»»»»»»»»»»»»»»»»»»»» DNS Après Fix

salut donc j'ai enlevé le fichier et installer java et maintenant voila le resultat du scan de hijack et autrement mon pc ne s'arrete pas encore. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:43:36, on 27/07/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe C:\PROGRA~1\Wanadoo\CnxMon.exe C:\PROGRA~1\Wanadoo\TaskbarIcon.exe C:\Program Files\TELES\skyDSL\tskyclnt.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\TELES\skyDSL PCI\DVBData.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\TELES\skyDSL\Proxy\craxy.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\TELES\skyDSL\tskymtpc.exe C:\Program Files\Webroot\Spy Sweeper\SSU.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\WinRAR\WinRAR.exe C:\DOCUME~1\DOMINI~1\LOCALS~1\Temp\Rar$EX00.968\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8080;https=127.0.0.1:8080;ftp=127.0.0.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe" O4 - HKLM\..\Run: [WooCnxMon] C:\PROGRA~1\Wanadoo\CnxMon.exe O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\TaskbarIcon.exe O4 - HKLM\..\Run: [skyDSLClient] "C:\Program Files\TELES\skyDSL\tskyclnt.exe" -q O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: DVB Data (skyDSL PCI).lnk = C:\Program Files\TELES\skyDSL PCI\DVBData.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: skyDSL++ - {F7522CA2-3DDA-11d3-8560-0060977792B1} - C:\Program Files\TELES\skyDSL\sky2sky.exe O9 - Extra button: skyDSL- - - {F7522CA8-3DDA-11d3-8560-0060977792B1} - C:\Program Files\TELES\skyDSL\sky2fon.exe O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\WANADO~1\Wanadoo Messager.exe O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.wanadoo.fr (file missing) (HKCU) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1163757201231 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer = 85.255.116.105 85.255.112.63 O17 - HKLM\System\CS1\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer = 85.255.116.105 85.255.112.63 O17 - HKLM\System\CS2\Services\Tcpip\..\{09F01665-3BD8-4217-9A22-1F986C9EC9E0}: NameServer = 85.255.116.105 85.255.112.63 O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing) O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing) O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing) O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: Proxy skyDSL (tntcraxy) - TELES Wireless Broadband Internet GmbH, Berlin - C:\Program Files\TELES\skyDSL\Proxy\craxy.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- End of file - 6337 bytes

salut resultat du scane | | Magyar | Deutsch | Česky | Polski | Español Virus Total Virustotal is a service that analyzes suspicious files and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information... File irtnampsmltl.sys received on 07.27.2007 04:06:30 (CET) Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED Loading server information... Your file is queued in position: 1. Estimated start time is between 40 and 58 seconds. Do not close the window untill scan is complete. The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result. If you are waiting for more than five minutes you have to resend your file. Your file is being scanned by VirusTotal in this moment, results will be shown as they're generated. Print results Print Your file has expired or do not exists. Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time. You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished. Email: Antivirus Version Last Update Result AhnLab-V3 2007.7.27.0 2007.07.26 - AntiVir 7.4.0.50 2007.07.26 - Authentium 4.93.8 2007.07.26 - Avast 4.7.997.0 2007.07.27 - AVG 7.5.0.476 2007.07.27 - BitDefender 7.2 2007.07.27 - CAT-QuickHeal 9.00 2007.07.26 - ClamAV 0.91 2007.07.26 - DrWeb 4.33 2007.07.27 - eSafe 7.0.15.0 2007.07.24 - eTrust-Vet 31.1.5008 2007.07.26 - Ewido 4.0 2007.07.26 - FileAdvisor 1 2007.07.27 - Fortinet 2.91.0.0 2007.07.27 - F-Prot 4.3.2.48 2007.07.26 - F-Secure 6.70.13030.0 2007.07.27 - Ikarus T3.1.1.8 2007.07.27 - Kaspersky 4.0.2.24 2007.07.27 - McAfee 5084 2007.07.26 - Microsoft 1.2704 2007.07.27 - NOD32v2 2424 2007.07.26 - Norman 5.80.02 2007.07.26 - Panda 9.0.0.4 2007.07.26 - Rising 19.33.40.00 2007.07.27 - Sophos 4.19.0 2007.07.26 - Sunbelt 2.2.907.0 2007.07.26 - Symantec 10 2007.07.27 - TheHacker 6.1.7.155 2007.07.27 - VBA32 3.12.2.1 2007.07.24 - VirusBuster 4.3.26:9 2007.07.27 - Webwasher-Gateway 6.5.3 2007.07.26 - Additional information File size: 8576 bytes MD5: 843cb965b5d3b7c4dbb477bf3a179c0e SHA1: 59704bf669be451039ecba9e98a0a42814123fce ATENTION ATENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware. Scan another file VirusTotal © Hispasec Sistemas - Blog - Contact: info@virustotal.com

je ne peut pas allé a l'adresse que vous m'avez donné sa marque 404 no found alors comment faire

AntiVir PersonalEdition Classic Report file date: mardi 17 juillet 2007 12:57 Scanning for 740715 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Dominique Computer name: LARGY-001 Version information: BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01 ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02 ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02 AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Hard Disks Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 17 juillet 2007 12:57 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 13 processes with 13 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '16' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\TELES\skyDSL\Proxy\http\a\alexieane.info\mpack\mpack\.htm [DETECTION] Contains signature of the exploits EXP/MS06.006 [iNFO] The file was moved to '46ccc968.qua'! C:\System Volume Information\_restore{9551E52E-681E-4D4D-896E-DC4CA7C75664}\RP214\A0022871.exe [0] Archive type: MIME --> file0.txt [DETECTION] Is the Trojan horse TR/Drop.Zlob.AL.21 [iNFO] The file was deleted! Begin scan in 'D:\' End of the scan: mardi 17 juillet 2007 18:26 Used time: 5:28:43 min The scan has been done completely. 42356 Scanning directories 333607 Files were scanned 2 viruses and/or unwanted programs were found 0 classified as suspicious: 1 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 333605 Files not concerned 90587 Archives were scanned 1 Warnings 0 Notes 0 Hidden objects were found AntiVir PersonalEdition Classic Report file date: mardi 17 juillet 2007 12:48 Scanning for 740715 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Dominique Computer name: LARGY-001 Version information: BUILD.DAT : 248 14437 Bytes 31/05/2007 16:59:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.37.1.151 4303360 Bytes 23/02/2007 13:09:01 ANTIVIR2.VDF : 6.38.0.214 729600 Bytes 12/04/2007 13:09:02 ANTIVIR3.VDF : 6.38.0.225 50688 Bytes 16/04/2007 13:09:02 AVEWIN32.DLL : 7.4.0.12 2404864 Bytes 13/04/2007 13:04:24 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.8 360488 Bytes 27/03/2007 07:48:28 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Local Drives Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldrives.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: I:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 17 juillet 2007 12:48 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 12 processes with 12 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] In the drive 'E:\' no data medium is inserted! Boot sector 'F:\' [NOTE] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [NOTE] In the drive 'G:\' no data medium is inserted! Boot sector 'J:\' [NOTE] In the drive 'J:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '16' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\pagefile.sys [WARNING] The file could not be opened! C:\Program Files\TELES\skyDSL\Proxy\http\a\alexieane.info\mpack\mpack\.htm [DETECTION] Contains signature of the exploits EXP/MS06.006 [WARNING] An error has occurred and the file was not deleted. ErrorID: 16004 [WARNING] The source file could not be found. C:\System Volume Information\_restore{9551E52E-681E-4D4D-896E-DC4CA7C75664}\RP214\A0022871.exe [0] Archive type: MIME --> file0.txt [DETECTION] Is the Trojan horse TR/Drop.Zlob.AL.21 [WARNING] An error has occurred and the file was not deleted. ErrorID: 16003 [WARNING] The file could not be deleted! C:\System Volume Information\_restore{9551E52E-681E-4D4D-896E-DC4CA7C75664}\RP214\A0022898.exe [0] Archive type: MIME --> file0.txt [DETECTION] Is the Trojan horse TR/Drop.Zlob.AQ.1 [iNFO] The file was moved to '46ccda4a.qua'! C:\System Volume Information\_restore{9551E52E-681E-4D4D-896E-DC4CA7C75664}\RP214\A0022995.exe [DETECTION] Contains signature of the dial-up program DIAL/302366 [iNFO] The file was moved to '46ccda53.qua'! Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: mardi 17 juillet 2007 17:43 Used time: 4:55:34 min The scan has been done completely. 42355 Scanning directories 333605 Files were scanned 4 viruses and/or unwanted programs were found 0 classified as suspicious: 0 files were deleted 0 files were repaired 2 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 333601 Files not concerned 90588 Archives were scanned 3 Warnings 0 Notes 0 Hidden objects were found AntiVir PersonalEdition Classic Report file date: mardi 24 juillet 2007 17:10 Scanning for 977696 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: Dominique Computer name: LARGY-001 Version information: BUILD.DAT : 247 14437 Bytes 10/05/2007 11:55:00 AVSCAN.EXE : 7.0.4.15 282664 Bytes 20/04/2007 11:37:14 AVSCAN.DLL : 7.0.4.4 33832 Bytes 27/03/2007 11:31:54 LUKE.DLL : 7.0.4.11 143400 Bytes 27/03/2007 11:26:04 LUKERES.DLL : 7.0.4.0 10280 Bytes 19/03/2007 11:18:59 ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 13:08:58 ANTIVIR1.VDF : 6.39.0.129 7251968 Bytes 10/07/2007 14:37:39 ANTIVIR2.VDF : 6.39.0.177 762368 Bytes 23/07/2007 14:37:40 ANTIVIR3.VDF : 6.39.0.182 39424 Bytes 24/07/2007 14:37:40 AVEWIN32.DLL : 7.4.0.44 2499072 Bytes 24/07/2007 14:37:41 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.1 24616 Bytes 27/03/2007 11:31:50 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.3.0.13 360488 Bytes 24/07/2007 14:37:42 AVREG.DLL : 7.0.1.2 31784 Bytes 15/03/2007 08:05:08 AVEVTLOG.DLL : 7.0.0.18 86056 Bytes 27/03/2007 11:16:05 AVARKT.DLL : 1.0.0.17 278568 Bytes 02/05/2007 10:32:26 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.15 2228264 Bytes 13/03/2007 09:46:18 RCTEXT.DLL : 7.0.45.0 86056 Bytes 19/03/2007 11:42:42 Configuration settings for the scan: Jobname..........................: Manual Selection Configuration file...............: C:\Documents and Settings\All Users\Application Data\AntiVir PersonalEdition Classic\PROFILES\folder.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: off Scan boot sector.................: on Boot sectors.....................: J:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mardi 24 juillet 2007 17:10 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'msiexec.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'ssu.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'tskymtpc.exe' - '1' Module(s) have been scanned Scan process 'SpySweeper.exe' - '1' Module(s) have been scanned Scan process 'craxy.exe' - '1' Module(s) have been scanned Scan process 'DVBData.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'SpySweeperUI.exe' - '1' Module(s) have been scanned Scan process 'tskyclnt.exe' - '1' Module(s) have been scanned Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned Scan process 'CnxMon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'ashDisp.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'ashServ.exe' - '1' Module(s) have been scanned Scan process 'aswUpdSv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'InCDsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 38 processes with 38 modules were scanned Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] In the drive 'E:\' no data medium is inserted! Boot sector 'F:\' [NOTE] In the drive 'F:\' no data medium is inserted! Boot sector 'G:\' [NOTE] In the drive 'G:\' no data medium is inserted! Boot sector 'J:\' [NOTE] In the drive 'J:\' no data medium is inserted! Starting to scan the registry. The registry was scanned ( '17' files ). Starting the file scan: Begin scan in 'C:\' <SYSTEM> C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Dominique\Application Data\Thunderbird\Profiles\9qrgai2o.default\Mail\Local Folders\Inbox [0] Archive type: Netscape/Mozilla Mailbox --> Mailbox_[From: "" <accounts-id39300148ib@bbt.com>][Message-ID: <394010408.20070228152630@bbt.com>][subject: BB&T: urgent security notification ]9472.mim [DETECTION] Contains signature of the Phish-File/Email PHISH/Bankfraud.5 [WARNING] The file was ignored! C:\Documents and Settings\Dominique\Bureau\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> CFCleanUp.bat [DETECTION] Contains signature of the batch virus BAT/Small.501 [iNFO] The file was deleted! C:\fixwareout\FindT\nircmd.exe [DETECTION] Contains signature of the application APPL/NirCmd.C [iNFO] The file was deleted! C:\Program Files\TELES\skyDSL\Proxy\http\8\81.95.145.240\logo\index.php [0] Archive type: MIME --> file0.html [DETECTION] Is the Trojan horse TR/Dldr.Agent.KR.2 [iNFO] The file was deleted! C:\Program Files\TELES\skyDSL\Proxy\http\8\85.255.118.43\data\do_z.html [DETECTION] Contains signature of the Java script virus JS/Psyme.SE.3 [iNFO] The file was deleted! C:\Program Files\TELES\skyDSL\Proxy\http\8\85.255.118.43\data\if_z.html [DETECTION] Contains signature of the Java script virus JS/Psyme.SE.4 [iNFO] The file was deleted! C:\Program Files\TELES\skyDSL\Proxy\http\s\sexvideostation.info\images\if_z.html [DETECTION] Contains signature of the HTML script virus HTML/ADODB.Exploit.Gen [iNFO] The file was deleted! C:\WINDOWS\system32\ActiveScan\pskahk.dll [DETECTION] Is the Trojan horse TR/Agent.1810432 [iNFO] The file was deleted! C:\WINDOWS\system32\ActiveScan\pskavs.dll [DETECTION] Contains signature of the Windows virus W95/Blumblebee.1738 [iNFO] The file was deleted! Begin scan in 'D:\' Begin scan in 'E:\' Search path E:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'F:\' Search path F:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'G:\' Search path G:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'H:\' Search path H:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'I:\' Search path I:\ could not be opened! Le périphérique n'est pas prêt. Begin scan in 'J:\' Search path J:\ could not be opened! Le périphérique n'est pas prêt. End of the scan: mardi 24 juillet 2007 20:34 Used time: 3:24:36 min The scan has been done completely. 46714 Scanning directories 374707 Files were scanned 9 viruses and/or unwanted programs were found 1 classified as suspicious: 8 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 374697 Files not concerned 105917 Archives were scanned 3 Warnings 0 Notes 0 Hidden objects were found