Aller au contenu

NONO61

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    39

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par NONO61

  1. NONO61
    voili c'est trés long ! DiagHelp version v1.4 - http://www.malekal.com excute le 2009-04-20 à 10:27:50.47 System information for \\TO1: Uptime: Error reading uptime Kernel version: Microsoft Windows XP, Multiprocessor Free Product type: Professional Product version: 5.1 Service pack: 3 Kernel build number: 2600 Registered organization: * Registered owner: * Install date: 2008-07-23, 14:54 Activation status: Error reading status IE version: 7.0000 System root: C:\WINDOWS Processors: 2 Processor speed: 2.6 GHz Processor type: AMD Athlon 64 X2 Dual Core Processor 5000+ Physical memory: 1984 MB Video driver: NVIDIA GeForce 6150SE nForce 430 Volume Type Format Label Size Free Free C: Fixed NTFS 149.04 GB 126.36 GB 84.8% D: CD-ROM 0.0% Y: Remote NTFS 136.72 GB 74.32 GB 54.4% Z: Remote NTFS DONNEES 26.10 GB 4.31 GB 16.5% C:\WINDOWS\prefetch\WMIAPSRV.EXE-1E2270A5.pf -->2009-04-20 10:28:05 C:\WINDOWS\prefetch\PSINFO.EXE-127303EC.pf -->2009-04-20 10:27:59 C:\WINDOWS\prefetch\AVWSC.EXE-347FCF75.pf -->2009-04-20 10:27:51 C:\WINDOWS\prefetch\CMD.EXE-087B4001.pf -->2009-04-20 10:27:33 C:\WINDOWS\prefetch\CHCP.COM-18156052.pf -->2009-04-20 10:27:30 C:\WINDOWS\prefetch\WINRAR.EXE-39C6DAD9.pf -->2009-04-20 10:27:10 C:\WINDOWS\prefetch\VERCLSID.EXE-3667BD89.pf -->2009-04-20 10:26:41 C:\WINDOWS\prefetch\SEARCHFILTERHOST.EXE-148579FB.pf -->2009-04-20 10:26:18 C:\WINDOWS\prefetch\RUNDLL32.EXE-268BFF96.pf -->2009-04-20 10:25:58 C:\WINDOWS\prefetch\NOTEPAD.EXE-336351A9.pf -->2009-04-20 10:20:38 C:\WINDOWS\System32\drivers\mbamswissarmy.sys -->2009-04-06 15:32:54 C:\WINDOWS\System32\drivers\mbam.sys -->2009-04-06 15:32:46 C:\WINDOWS\System32\drivers\srv.sys -->2008-12-11 12:57:09 C:\WINDOWS\System32\drivers\avipbb.sys -->2008-10-30 11:21:03 C:\WINDOWS\System32\drivers\mrxsmb.sys -->2008-10-24 13:21:09 C:\WINDOWS\System32\drivers\afd.sys -->2008-08-14 12:04:36 C:\WINDOWS\System32\drivers\tcpip.sys -->2008-06-20 13:51:12 C:\WINDOWS\System32\wpa.dbl -->2009-04-20 10:19:13 C:\WINDOWS\System32\ezsidmv.dat -->2009-04-09 10:13:37 C:\WINDOWS\System32\PerfStringBackup.INI -->2009-03-30 08:07:37 C:\WINDOWS\System32\perfh00C.dat -->2009-03-30 08:07:37 C:\WINDOWS\System32\perfh009.dat -->2009-03-30 08:07:37 C:\WINDOWS\System32\perfc00C.dat -->2009-03-30 08:07:37 C:\WINDOWS\System32\perfc009.dat -->2009-03-30 08:07:37 C:\WINDOWS\System32\FNTCACHE.DAT -->2009-03-11 18:06:39 C:\WINDOWS\System32\MRT.exe -->2009-02-25 13:55:00 C:\WINDOWS\System32\win32k.sys -->2009-02-09 16:05:54 C:\WINDOWS\System32\mshtml.dll -->2009-01-16 22:15:42 C:\WINDOWS\System32\wininet.dll -->2008-12-21 00:47:04 C:\WINDOWS\System32\webcheck.dll -->2008-12-21 00:47:03 C:\WINDOWS\System32\urlmon.dll -->2008-12-21 00:47:03 C:\WINDOWS\System32\url.dll -->2008-12-21 00:47:02 C:\WINDOWS\System32\pngfilt.dll -->2008-12-21 00:47:02 C:\WINDOWS\System32\occache.dll -->2008-12-21 00:47:02 C:\WINDOWS\System32\mstime.dll -->2008-12-21 00:47:02 C:\WINDOWS\System32\msrating.dll -->2008-12-21 00:47:01 C:\WINDOWS\System32\mshtmled.dll -->2008-12-21 00:47:01 C:\WINDOWS\System32\msfeedsbs.dll -->2008-12-21 00:46:57 C:\WINDOWS\System32\msfeeds.dll -->2008-12-21 00:46:56 C:\WINDOWS\System32\jsproxy.dll -->2008-12-21 00:46:56 C:\WINDOWS\System32\inetcpl.cpl -->2008-12-21 00:46:56 C:\WINDOWS\System32\iertutil.dll -->2008-12-21 00:46:54 C:\WINDOWS\WindowsUpdate.log -->2009-04-20 10:23:49 C:\WINDOWS\Brownie.ini -->2009-04-20 10:19:16 C:\WINDOWS\0.log -->2009-04-20 08:05:16 C:\WINDOWS\bootstat.dat -->2009-04-20 08:05:05 C:\WINDOWS\SchedLgU.Txt -->2009-04-17 16:09:02 C:\WINDOWS\KB959426.log -->2009-04-15 09:47:12 C:\WINDOWS\KB961373.log -->2009-04-15 09:47:09 C:\WINDOWS\KB963027-IE7.log -->2009-04-15 09:47:07 C:\WINDOWS\KB952004.log -->2009-04-15 09:46:44 C:\WINDOWS\setupapi.log -->2009-04-09 08:10:00 C:\WINDOWS\system.ini -->2009-04-08 15:42:52 C:\WINDOWS\BRWMARK.INI -->2009-04-06 08:28:08 C:\WINDOWS\wmsetup.log -->2009-04-03 15:13:40 C:\WINDOWS\TMFilter.log -->2009-03-27 09:03:46 C:\WINDOWS\pccntmon.INI -->2009-03-26 18:58:44 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 148B-5565 Répertoire de C:\WINDOWS 2009-04-15 09:46 <REP> $hf_mig$ 2008-07-23 17:14 <REP> $NtServicePackUninstall$ 2008-07-23 17:36 <REP> $NtServicePackUninstallIDNMitigationAPIs$ 2008-07-23 17:35 <REP> $NtServicePackUninstallNLSDownlevelMapping$ 2008-07-23 15:30 <REP> $NtUninstallKB888111WXPSP2$ 2008-07-23 16:45 <REP> $NtUninstallKB898461$ 2008-09-04 17:43 <REP> $NtUninstallKB917013$ 2008-07-23 17:37 <REP> $NtUninstallKB923689$ 2008-08-26 17:01 <REP> $NtUninstallKB929399$ 2008-08-26 17:00 <REP> $NtUninstallKB936782_WMP11$ 2008-09-10 16:56 <REP> $NtUninstallKB938464$ 2008-08-26 17:00 <REP> $NtUninstallKB939683$ 2008-07-23 17:33 <REP> $NtUninstallKB941569$ 2008-07-23 17:37 <REP> $NtUninstallKB942763$ 2008-08-26 17:02 <REP> $NtUninstallKB946648$ 2008-07-23 17:37 <REP> $NtUninstallKB950759$ 2008-07-23 17:37 <REP> $NtUninstallKB950760$ 2008-07-23 17:37 <REP> $NtUninstallKB950762$ 2008-08-26 17:02 <REP> $NtUninstallKB950974$ 2008-08-26 17:00 <REP> $NtUninstallKB951066$ 2008-08-26 17:01 <REP> $NtUninstallKB951072-v2$ 2008-07-23 17:37 <REP> $NtUninstallKB951376-v2$ 2008-07-23 17:37 <REP> $NtUninstallKB951698$ 2008-07-23 17:38 <REP> $NtUninstallKB951748$ 2008-07-23 17:38 <REP> $NtUninstallKB951978$ 2008-12-15 09:06 <REP> $NtUninstallKB952069_WM9$ 2008-08-26 17:01 <REP> $NtUninstallKB952287$ 2008-08-26 17:02 <REP> $NtUninstallKB952954$ 2008-08-26 17:02 <REP> $NtUninstallKB953839$ 2008-09-10 16:56 <REP> $NtUninstallKB954154_WM11$ 2008-10-15 17:01 <REP> $NtUninstallKB954211$ 2008-11-13 08:26 <REP> $NtUninstallKB954459$ 2008-12-15 09:06 <REP> $NtUninstallKB954600$ 2008-11-13 08:26 <REP> $NtUninstallKB955069$ 2008-12-15 09:08 <REP> $NtUninstallKB955839$ 2008-10-15 17:01 <REP> $NtUninstallKB956391$ 2008-12-15 09:06 <REP> $NtUninstallKB956802$ 2008-10-15 17:01 <REP> $NtUninstallKB956803$ 2008-10-15 17:01 <REP> $NtUninstallKB956841$ 2008-10-15 17:01 <REP> $NtUninstallKB957095$ 2008-11-13 08:27 <REP> $NtUninstallKB957097$ 2008-10-27 08:37 <REP> $NtUninstallKB958644$ 2009-01-14 18:01 <REP> $NtUninstallKB958687$ 2009-03-11 18:00 <REP> $NtUninstallKB958690$ 2009-03-11 18:00 <REP> $NtUninstallKB959772_WM11$ 2009-03-11 18:00 <REP> $NtUninstallKB960225$ 2009-02-11 18:00 <REP> $NtUninstallKB960715$ 2009-02-25 18:00 <REP> $NtUninstallKB967715$ 2008-07-23 17:42 <REP> $NtUninstallMSCompPackV1$ 2008-07-23 17:42 <REP> $NtUninstallWMFDist11$ 2008-07-23 17:42 <REP> $NtUninstallwmp11$ 2008-07-23 17:41 <REP> $NtUninstallWudf01000$ 2008-12-16 10:13 <REP> $NtUninstallXPSEPSCLP$ 2009-01-13 08:56 <REP> CSC 2008-07-23 17:36 <REP> ie7 2009-04-15 09:47 <REP> inf 2009-03-11 15:59 <REP> Installer 2007-10-29 14:00 49,102 winnt.bmp 2007-10-29 14:00 49,102 winnt256.bmp 2008-09-04 17:50 23 yacht.xws 4 fichier(s) 98,976 octets 57 Rép(s) 135,682,617,344 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 148B-5565 Répertoire de C:\WINDOWS\system32 2009-03-11 18:00 <REP> dllcache 2009-04-09 10:13 56 ezsidmv.dat 2008-04-13 19:33 168,032 nevimh.o 9 fichier(s) 172,809 octets 1 Rép(s) 135,682,600,960 octets libres winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed userinit.exe kernel32.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 4792 Command line: C:\WINDOWS\Explorer.EXE Base Size Version Path 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76610000 0x84000 5.131.2600.5512 C:\WINDOWS\system32\CRYPTUI.dll 0x44080000 0xd0000 7.00.6000.16791 C:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 C:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16791 C:\WINDOWS\system32\iertutil.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\comctl32.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x7d200000 0x2bc000 3.01.4001.5512 C:\WINDOWS\system32\msi.dll 0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x44360000 0x5cd000 7.00.6000.16791 C:\WINDOWS\system32\ieframe.dll 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x44160000 0x127000 7.00.6000.16791 C:\WINDOWS\system32\urlmon.dll 0x442b0000 0x3c000 7.00.6000.16791 C:\WINDOWS\system32\webcheck.dll 0x164a0000 0x23000 5.02.5721.5145 C:\WINDOWS\system32\WPDShServiceObj.dll 0x109c0000 0x2c000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceTypes.dll 0x10930000 0x49000 5.02.5721.5145 C:\WINDOWS\system32\PortableDeviceApi.dll 0x02f70000 0x4b000 6.00.6000.16431 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll 0x03410000 0x4c000 9.00.0000.0000 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA 0x03640000 0x56000 7.10.3052.0004 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCR71.dll 0x7c3a0000 0x7b000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MSVCP71.dll 0x7c140000 0x103000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\InCD\MFC71.DLL 0x04100000 0x190000 5.05.0002.0008 C:\Program Files\Nero\Nero 7\InCD\InCDAPI2.dll 0x042f0000 0x16000 5.05.0002.0008 C:\Program Files\Nero\Nero 7\InCD\NBHApi.dll 0x030e0000 0x2e000 3.80.0000.0000 C:\Program Files\WinRAR\rarext.dll 0x10000000 0x1e1000 2.09.0001.0000 C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll 0x4eb80000 0x1a6000 5.01.3102.5581 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll 0x74da0000 0x6d000 5.30.0023.1230 C:\WINDOWS\system32\RICHED20.dll 0x57000000 0x22000 17.02.0056.0000 C:\Program Files\Fichiers communs\Autodesk Shared\AcShellEx\AcShellExtension.dll 0x7c420000 0x87000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll 0x78130000 0x9b000 8.00.50727.0762 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll 0x03110000 0x19000 2.09.0001.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll 0x7c250000 0x102000 7.10.3077.0000 C:\Program Files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL 0x03130000 0x12000 7.00.0000.0015 C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x031c0000 0x12000 1.01.0000.0000 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 0x1c000000 0x18000 5.05.0002.0008 C:\Program Files\Nero\Nero 7\InCD\InCDshx.dll 0x03460000 0x5b000 9.00.0000.0332 C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll 0x325c0000 0x12000 11.00.5510.0000 C:\Program Files\Microsoft Office\OFFICE11\msohev.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 792 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\C:\WINDOWS\system32\winlogon.exe 0x77be0000 0x58000 7.00.2600.5512 C:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 C:\WINDOWS\system32\CRYPT32.dll 0x76be0000 0x2e000 5.131.2600.5512 C:\WINDOWS\system32\WINTRUST.dll 0x58b50000 0x9a000 5.82.2900.5512 C:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1132.0000 C:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 C:\WINDOWS\system32\odbcint.dll 0x01370000 0x42000 1.08.0031.0009 C:\WINDOWS\system32\WgaLogon.dll 0x76f80000 0x7f000 2001.12.4414.0700 C:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 C:\WINDOWS\system32\COMRes.dll 0x76ac0000 0x11000 3.05.2284.0001 C:\WINDOWS\system32\ATL.DLL 0x76010000 0x65000 6.02.3104.0000 C:\WINDOWS\system32\MSVCP60.dll 0x75ed0000 0x13000 5.131.2600.5512 C:\WINDOWS\system32\cryptnet.dll 0x776d0000 0x44000 2001.12.4414.0706 C:\WINDOWS\system32\ES.DLL 0x748f0000 0x114000 8.100.1048.0000 C:\WINDOWS\system32\msxml3.dll Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 148B-5565 Répertoire de C:\WINDOWS\Downloaded Program Files 2009-04-09 10:19 <REP> . 2009-04-09 10:19 <REP> .. 2004-12-07 18:07 32 bdcore.dll 2006-05-25 02:21 118,784 bdupd.dll 2002-03-21 16:26 815 bitdefender.inf 2003-01-30 17:52 348,160 bitdefender.ocx 2008-07-23 14:51 65 desktop.ini 2007-04-11 14:55 1,292 erma.inf 2000-07-12 03:02 36,864 fxfileop.dll 2008-06-26 10:25 512 gp.inf 2008-06-26 10:25 118,640 gp.ocx 2008-02-10 09:31 301,208 IDrop.ocx 2008-02-10 09:31 112,280 IDropENU.dll 2008-02-25 10:47 114,504 IDropFRA.dll 2006-05-25 02:21 53,248 ipsupd.dll 2005-03-16 13:34 7,407 lang.ini 2004-12-07 18:07 32 libfn.dll 2005-03-14 15:38 126 live.ini 2004-04-07 14:48 159,857 OfficeScanRemoveCtrl.dll 2003-03-28 17:59 260 OfficeScanRemoveCtrl.inf 2004-04-07 14:48 106,599 OfficeScanSetup.dll 2003-03-28 17:59 482 OfficeScanSetup.inf 2004-04-07 14:48 143,469 OfficeScanSetupINI.dll 2003-05-02 12:07 254 OfficeScanSetupINI.inf 2006-06-01 03:57 1,331 oscan8.inf 2006-06-01 03:54 471,040 oscan8.ocx 2006-05-31 05:15 10 oscan81.ocx_x 2005-03-14 15:58 7,073 scanoptions.tsi 26 fichier(s) 2,104,344 octets Total des fichiers listés : 26 fichier(s) 2,104,344 octets 2 Rép(s) 135,682,433,024 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 "DisableRegistryTools"=dword:00000000 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-20 10:28:36 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kseznj] "DisplayName"="Boot Installer" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Fournit le mappeur du point de sortie et divers services RPC." [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kseznj\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\nevimh.dll" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kseznj] "DisplayName"="Boot Installer" "Type"=dword:00000020 "Start"=dword:00000002 "ErrorControl"=dword:00000000 "ImagePath"=str(2):"%SystemRoot%\system32\svchost.exe -k netsvcs" "ObjectName"="LocalSystem" "Description"="Fournit le mappeur du point de sortie et divers services RPC." [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kseznj\Parameters] "ServiceDll"=str(2):"C:\WINDOWS\system32\nevimh.dll" scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden services: 0 hidden files: 0 Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully kernel: MBR read successfully user & kernel MBR OK KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 136 - PccNTMon.exe 192 - RichVideo.exe 300 - TmListen.exe 468 - searchindexer.e 728 - csrss.exe 792 - winlogon.exe 836 - services.exe 848 - lsass.exe 1060 - svchost.exe 1100 - iexplore.exe 1108 - svchost.exe 1196 - svchost.exe 1316 - svchost.exe 1356 - svchost.exe 1512 - spoolsv.exe 1568 - sched.exe 1668 - OfcDog.exe 1708 - avguard.exe 1740 - cmd.exe 1796 - InCDsrv.exe 1848 - MDM.EXE 1892 - NTRtScan.exe 1924 - nvsvc32.exe 1948 - StandAloneSlv.e 1980 - GoogleUpdate.ex 1992 - NBHGui.exe 2184 - InCD.exe 2516 - rundll32.exe 2716 - ctfmon.exe 3032 - WindowsSearch.e 3060 - sldIMScheduler. 3132 - avgnt.exe 3436 - GoogleToolbarNo 3920 - PDVDServ.exe 4008 - swBOEngine.exe 4292 - searchprotocolh 4428 - SolidWorksLicTe 4468 - SolidWorksLicen 4676 - rundll32.exe 4792 - explorer.exe 5012 - RTHDCPL.exe 5036 - BrStsWnd.exe 5060 - brpjp04a.exe 5992 - searchfilterhos Total number of processes = 45 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E4000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA778000 - ACPI.sys BADAA000 - \WINDOWS\system32\DRIVERS\WMILIB.SYS BA767000 - pci.sys BA8A8000 - isapnp.sys BAE70000 - pciide.sys BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BA8B8000 - MountMgr.sys BA748000 - ftdisk.sys BADAC000 - dmload.sys BA722000 - dmio.sys BAB30000 - PartMgr.sys BA8C8000 - VolSnap.sys BA70A000 - atapi.sys BA8D8000 - disk.sys BA8E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS BA6EA000 - fltmgr.sys BA6D8000 - sr.sys BA6C1000 - KSecDD.sys BA634000 - Ntfs.sys BA607000 - NDIS.sys BA5ED000 - Mup.sys BAA28000 - \SystemRoot\system32\DRIVERS\processr.sys BA594000 - \SystemRoot\system32\DRIVERS\serial.sys BAD68000 - \SystemRoot\system32\DRIVERS\serenum.sys BA580000 - \SystemRoot\system32\DRIVERS\parport.sys BAA38000 - \SystemRoot\system32\DRIVERS\i8042prt.sys BABE8000 - \SystemRoot\system32\DRIVERS\kbdclass.sys BABF0000 - \SystemRoot\system32\DRIVERS\mouclass.sys BABF8000 - \SystemRoot\system32\DRIVERS\usbohci.sys BA55C000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BAC00000 - \SystemRoot\system32\DRIVERS\usbehci.sys BA534000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys BAA48000 - \SystemRoot\system32\DRIVERS\nvnetbus.sys BA44C000 - \SystemRoot\system32\DRIVERS\NVNRM.SYS BAA58000 - \SystemRoot\system32\DRIVERS\imapi.sys BAA68000 - \SystemRoot\system32\DRIVERS\cdrom.sys BAA78000 - \SystemRoot\system32\DRIVERS\redbook.sys BA429000 - \SystemRoot\system32\DRIVERS\ks.sys BAC08000 - \SystemRoot\system32\drivers\InCDPass.sys BAA88000 - \SystemRoot\system32\drivers\InCDRm.sys B9D9C000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys B9D88000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS BAFFB000 - \SystemRoot\system32\DRIVERS\audstub.sys BAA98000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys BAD74000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B9D71000 - \SystemRoot\system32\DRIVERS\ndiswan.sys BAAA8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys BAAB8000 - \SystemRoot\system32\DRIVERS\raspptp.sys BAC10000 - \SystemRoot\system32\DRIVERS\TDI.SYS B9D60000 - \SystemRoot\system32\DRIVERS\psched.sys BAAC8000 - \SystemRoot\system32\DRIVERS\msgpc.sys BAC18000 - \SystemRoot\system32\DRIVERS\ptilink.sys BAC20000 - \SystemRoot\system32\DRIVERS\raspti.sys B9D30000 - \SystemRoot\system32\DRIVERS\rdpdr.sys BAAD8000 - \SystemRoot\system32\DRIVERS\termdd.sys BADBC000 - \SystemRoot\system32\DRIVERS\swenum.sys B9CAA000 - \SystemRoot\system32\DRIVERS\update.sys BAD90000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BAB08000 - \SystemRoot\System32\Drivers\NDProxy.SYS BAB18000 - \SystemRoot\system32\DRIVERS\usbhub.sys BADBE000 - \SystemRoot\system32\DRIVERS\USBD.SYS BA918000 - \SystemRoot\system32\DRIVERS\NVENETFD.sys B702A000 - \SystemRoot\system32\drivers\RtkHDAud.sys B7006000 - \SystemRoot\system32\drivers\portcls.sys BA938000 - \SystemRoot\system32\drivers\drmk.sys BADC2000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAFB2000 - \SystemRoot\System32\Drivers\Null.SYS BADC4000 - \SystemRoot\System32\Drivers\Beep.SYS BAC48000 - \SystemRoot\System32\drivers\vga.sys BADC6000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADC8000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BAD58000 - \SystemRoot\System32\Drivers\InCDrec.SYS B6FA2000 - \SystemRoot\system32\drivers\InCDFs.sys BAC50000 - \SystemRoot\System32\Drivers\Msfs.SYS BAC58000 - \SystemRoot\System32\Drivers\Npfs.SYS BAD5C000 - \SystemRoot\system32\DRIVERS\rasacd.sys B6F8F000 - \SystemRoot\system32\DRIVERS\ipsec.sys B6F36000 - \SystemRoot\system32\DRIVERS\tcpip.sys B6EE6000 - \SystemRoot\system32\DRIVERS\netbt.sys B6EC0000 - \SystemRoot\system32\DRIVERS\ipnat.sys B6E9E000 - \SystemRoot\System32\drivers\afd.sys BA948000 - \SystemRoot\system32\DRIVERS\netbios.sys BAC60000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys B6E73000 - \SystemRoot\system32\DRIVERS\rdbss.sys BA958000 - \SystemRoot\system32\DRIVERS\wanarp.sys B6E03000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys BA968000 - \SystemRoot\System32\Drivers\Fips.SYS BAC68000 - \SystemRoot\system32\DRIVERS\usbprint.sys B6BB2000 - \SystemRoot\system32\DRIVERS\avipbb.sys BADCC000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys BA9B8000 - \SystemRoot\System32\Drivers\Cdfs.SYS B6B9A000 - \SystemRoot\System32\Drivers\dump_atapi.sys BADD2000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B6FEE000 - \SystemRoot\System32\drivers\Dxapi.sys BAC88000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAEE5000 - \SystemRoot\System32\drivers\dxgthk.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll BFFA0000 - \SystemRoot\System32\ATMFD.DLL BA9A8000 - \??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys B61D6000 - \??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys B616B000 - \??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys B61BE000 - \SystemRoot\system32\DRIVERS\ndisuio.sys B5EE6000 - \SystemRoot\system32\DRIVERS\mrxdav.sys BAE6C000 - \SystemRoot\System32\Drivers\ParVdm.SYS B5DBA000 - \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys B5A98000 - \SystemRoot\system32\DRIVERS\srv.sys B57AF000 - \SystemRoot\System32\Drivers\HTTP.sys B574A000 - \SystemRoot\system32\drivers\wdmaud.sys B5C6A000 - \SystemRoot\system32\drivers\sysaudio.sys B477D000 - \SystemRoot\System32\Drivers\Fastfat.SYS B4687000 - \SystemRoot\system32\drivers\kmixer.sys BADDE000 * --[Hidden]-- BAEAD000 * --[Hidden]-- Total number of drivers = 119 Liste des programmes installes Adobe Flash Player 10 ActiveX Adobe Reader 9 - Français adsl TV Archiveur WinRAR AutoCAD LT 2009 - Français AutoCAD LT 2009 - Français Avira AntiVir Personal - Free Antivirus Brother HL-2150N Client Trend Micro OfficeScan Correctif pour Lecteur Windows Media 11 (KB939683) Correctif pour Windows XP (KB952287) COSMOSFloWorks 2008 SP04 COSMOSM 2008 (2008/140) COSMOSMotion 2008 SP04 COSMOSWorks 2008 SP04 DVD Suite DWGeditor eDrawings 2008 Free Mp3 Wma Converter V 1.8.0 Google Earth Google Toolbar for Internet Explorer Google Update Helper Google Earth High Definition Audio Driver Package - KB888111 HijackThis 2.0.2 Hotfix for Windows Media Format 11 SDK (KB929399) Lecteur Windows Media 11 Malwarebytes' Anti-Malware Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 Language Pack - FRA Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 French Language Pack Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office 2003 Web Components Microsoft Office Professional Edition 2003 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Mise à jour critique pour Lecteur Windows Media 11 (KB959772) Mise à jour de sécurité pour Lecteur Windows Media (KB952069) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) Mise à jour de sécurité pour Lecteur Windows Media 11 (KB954154) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127-v2) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB956390) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB958215) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB960714) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB961260) Mise à jour de sécurité pour Windows XP (KB923689) Mise à jour de sécurité pour Windows XP (KB923789) Mise à jour de sécurité pour Windows XP (KB938464) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB950759) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour de sécurité pour Windows XP (KB954211) Mise à jour de sécurité pour Windows XP (KB954459) Mise à jour de sécurité pour Windows XP (KB954600) Mise à jour de sécurité pour Windows XP (KB955069) Mise à jour de sécurité pour Windows XP (KB956391) Mise à jour de sécurité pour Windows XP (KB956802) Mise à jour de sécurité pour Windows XP (KB956803) Mise à jour de sécurité pour Windows XP (KB956841) Mise à jour de sécurité pour Windows XP (KB957095) Mise à jour de sécurité pour Windows XP (KB957097) Mise à jour de sécurité pour Windows XP (KB958644) Mise à jour de sécurité pour Windows XP (KB958687) Mise à jour de sécurité pour Windows XP (KB958690) Mise à jour de sécurité pour Windows XP (KB960225) Mise à jour de sécurité pour Windows XP (KB960715) Mise à jour pour Windows XP (KB942763) Mise à jour pour Windows XP (KB951072-v2) Mise à jour pour Windows XP (KB951978) Mise à jour pour Windows XP (KB955839) Mise à jour pour Windows XP (KB967715) Module de prise en charge linguistique de Microsoft .NET Framework 2.0 - FRA Module de prise en charge linguistique du français de Microsoft .NET Framework 3.0 MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 6.0 Parser (KB925673) Nero 7 Essentials neroxml NVIDIA Drivers Outil de mise à jour Google PowerDVD PowerProducer Realtek High Definition Audio Driver Security Update pour Microsoft .NET Framework 2.0 (KB928365) Shadows 2.1 Skype™ 3.8 SolidWorks 2008 SP02.1 SolidWorks 2008 SP04 SolidWorks 2008 SP04 SolidWorks Explorer 2008 sp02.1 SolidWorks viewer TerraExplorer thinkdesign 7.0 VideoLAN VLC media player 0.8.6f WebFldrs XP Windows Communication Foundation Windows Communication Foundation Language Pack - FRA Windows Desktop Search 3.01 Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Media Format 11 runtime Windows Media Format 11 runtime Windows Media Player 11 Windows Presentation Foundation Windows Presentation Foundation Language Pack (FRA) Windows Workflow Foundation Windows Workflow Foundation FR Language Pack Windows XP Service Pack 3 XML Paper Specification Shared Components Language Pack 1.0 XML Paper Specification Shared Components Pack 1.0 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 148B-5565 Répertoire de C:\Program Files 2009-04-03 15:13 <REP> . 2009-04-03 15:13 <REP> .. 2008-08-21 09:57 <REP> Adobe 2009-03-11 14:24 <REP> adslTV 2008-09-08 08:31 <REP> AGEIA Technologies 2009-02-25 10:07 <REP> AutoCAD LT 2009 2009-03-26 19:02 <REP> Avira 2008-07-30 14:36 <REP> Brother 2008-07-30 14:37 <REP> Brownie 2008-07-23 14:49 <REP> ComPlus Applications 2008-07-23 15:38 <REP> CyberLink 2009-04-08 15:13 <REP> Fichiers communs 2009-04-03 15:13 <REP> Free Audio Pack 2009-03-11 15:59 <REP> Google 2009-04-07 16:38 <REP> Internet Explorer 2009-04-09 08:59 <REP> Malwarebytes' Anti-Malware 2008-08-26 17:02 <REP> Messenger 2008-07-23 14:52 <REP> microsoft frontpage 2008-09-04 17:44 <REP> Microsoft Office 2008-07-30 11:30 <REP> Microsoft Visual Studio 2008-07-30 11:30 <REP> Microsoft Works 2008-07-30 11:31 <REP> Microsoft.NET 2008-07-23 17:18 <REP> Movie Maker 2008-09-04 17:40 <REP> MSBuild 2008-09-04 17:42 <REP> MSECache 2008-07-23 14:49 <REP> MSN 2008-07-23 14:49 <REP> MSN Gaming Zone 2008-07-23 17:37 <REP> MSXML 4.0 2008-07-23 15:41 <REP> Nero 2008-07-23 17:17 <REP> NetMeeting 2008-08-21 09:54 <REP> NOS 2008-07-23 14:49 <REP> Online Services 2008-07-23 17:17 <REP> Outlook Express 2008-07-23 15:30 <REP> Realtek 2008-09-04 17:38 <REP> Reference Assemblies 2008-07-23 14:51 <REP> Services en ligne 2008-10-02 09:21 <REP> Shadows 2.1 2008-10-21 16:20 <REP> Skyline 2008-11-04 16:40 <REP> Skype 2008-09-08 08:16 <REP> SolidWorks 2008-09-25 09:48 <REP> SwCadDb 2008-10-30 10:25 <REP> think3 2009-03-31 09:23 <REP> Trend Micro 2008-07-23 17:40 <REP> VideoLAN 2008-09-04 17:43 <REP> Windows Desktop Search 2008-07-23 17:42 <REP> Windows Media Connect 2 2008-07-23 17:42 <REP> Windows Media Player 2008-07-23 17:17 <REP> Windows NT 2008-10-02 09:22 <REP> WinRAR 2008-07-23 14:52 <REP> xerox 0 fichier(s) 0 octets 50 Rép(s) 135,664,689,152 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 148B-5565 Répertoire de C:\Program Files\fichiers communs 2009-04-08 15:13 <REP> . 2009-04-08 15:13 <REP> .. 2008-08-21 09:57 <REP> Adobe 2008-07-23 15:42 <REP> Ahead 2009-02-25 10:07 <REP> Autodesk Shared 2008-09-04 17:44 <REP> DESIGNER 2008-09-04 17:54 <REP> eDrawings2008 2008-09-05 15:18 <REP> Gestionnaire d'installation SolidWorks 2008-09-04 17:42 <REP> InstallShield 2008-09-04 17:42 <REP> Microsoft Shared 2008-07-23 14:50 <REP> MSSoap 2008-07-23 16:42 <REP> ODBC 2008-07-23 14:50 <REP> Services 2008-11-04 16:40 <REP> Skype 2008-09-08 08:29 <REP> SolidWorks Shared 2008-07-23 16:42 <REP> SpeechEngines 2008-07-30 11:30 <REP> System 0 fichier(s) 0 octets 17 Rép(s) 135,664,689,152 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 148B-5565 Répertoire de C:\Program Files\fichiers communs\Microsoft Shared\Web Folders 2008-07-30 11:31 <REP> . 2008-07-30 11:31 <REP> .. 2008-07-30 11:31 <REP> 1033 2008-07-30 11:30 <REP> 1036 2003-07-11 10:15 1,292,872 MSONSEXT.DLL 2003-07-15 06:52 35,896 MSOSV.DLL 1999-06-03 12:09 122,937 MSOWS409.DLL 2001-03-07 07:00 127,033 MSOWS40c.DLL 2003-07-11 02:25 80,448 PKMWS.DLL 5 fichier(s) 1,659,186 octets 4 Rép(s) 135,664,689,152 octets libres Attention : C:\autorun.inf existe c:\Documents and Settings\Administrateur\Bureau\trcryptfix.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\catchme.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\diff.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\dumphive.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\FilesInfoCmd.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\find2.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Fport.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\grep.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\gzip.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\KProcCheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LFiles.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\LISTDLLS.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\mbr.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\md5sums.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\Psinfo.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\pslist.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\sigcheck.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\streams.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\swreg.exe c:\Documents and Settings\Administrateur\Bureau\DiagHelp\DiagHelp\tar.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosfloworks\cfsetup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosfloworks\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosfloworks\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosfloworks\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosfloworks\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosm\cosmosmsetup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosm\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\cosmosm\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSMotion\cmsetup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSMotion\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSMotion\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSMotion\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSMotion\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSWorks\cwsetup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSWorks\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSWorks\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSWorks\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\cwwi\COSMOSWorks\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\dwgeditor\instmsiw.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\dwgeditor\setup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\dwgeditor\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\dwgeditor\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\eDrawings\setup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\pdmwserver\setup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\pdmwserver\WindowsInstaller-KB893803-x86.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\pdmwserver\Support\dotnet30\dotnetfx3.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\pdmwserver\Support\dotnet30\dotnetfx3_x64.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\pdmwserver\Support\VCRedist\vcredist_x64.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\pdmwserver\Support\VCRedist\vcredist_x86.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\sldim\regval.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\sldim\sldadminoptioneditor.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\sldim\sldim.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\sldim\sldIMDownloader.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swlicmgr\instmsiw.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swlicmgr\setup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\swcreatemst.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\swpurgewi.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\swsetup.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\dotnetfx\dotnetfx3.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\dotnetfx\dotnetfx3_x64.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\OfficeWeb11\owc11.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\support\i386\AddinCompatibilityTester.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\support\i386\lang\reginfo.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-chs.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-cht.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-deu.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-enu.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-esn.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-fra.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-ita.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-jpn.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3_XP-x64-kor.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-chs.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-cht.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-csy.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-deu.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-enu.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-esn.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-fra.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-ita.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-jpn.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-kor.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-plk.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-ptb.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-Srv2K3-x86-rus.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-chs.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-cht.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-csy.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-deu.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-enu.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-esn.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-fra.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-ita.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-jpn.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-kor.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-plk.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-ptb.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\WindowsDesktopSearch-KB917013-V301-XP-x86-rus.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Chinese\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Chinese-Simplified\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Czech\MDAC_TYP.EXE c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\English\MDAC_TYP.EXE c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\French\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\German\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Italian\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Japanese\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Korean\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Polish\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Portuguese-Brazilian\MDAC_TYP.EXE c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Russian\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\temp\~MDAC270\Spanish\mdac_typ.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\VCRedist\vcredist_x86.exe c:\Documents and Settings\Administrateur\Bureau\SolidWorks 2008 SP05\swwi\data\WinNT\WindowsInstaller-KB893803-v2-x86.exe c:\Documents and Settings\Administrateur\Local Settings\Temporary Internet Files\Content.IE5\SDL45RC1\mbam-setup[1].exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\cfsetup.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosm\cosmosmsetup.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosm\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosm\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\cmsetup.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\cwsetup.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\WinNT\instmsi.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\instmsiw.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\setup.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\eDrawings\setup.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\regval.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\sldadminoptioneditor.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\sldim.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\sldIMDownloader.exe c:\Documents and Settings\Administrateur\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sw2008-2.1-4.0-i\swspmanager.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\cfsetup.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosfloworks\WinNT\instmsi.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosm\cosmosmsetup.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosm\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\cosmosm\WinNT\instmsi.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\cmsetup.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSMotion\WinNT\instmsi.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\cwsetup.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\Support Files\LicenseAdmin.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\cwwi\COSMOSWorks\WinNT\instmsi.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\instmsiw.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\setup.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\Support\i386\lang\swlmutil.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\dwgeditor\Support\i386\lang\swlmwiz.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\eDrawings\setup.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\regval.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\sldadminoptioneditor.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\sldim.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sldim\sldIMDownloader.exe c:\Documents and Settings\Administrateur.TO1\Mes documents\SolidWorks Downloads\SolidWorks 2008 SP04\sw2008-2.1-4.0-i\swspmanager.exe c:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe c:\Documents and Settings\andre\Mes documents\sounds.exe c:\Documents and Settings\andre\Mes documents\André\fond ecran\Deutz Engine.exe c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\ZIP 1\Christmas.exe c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\ZIP 1\Click Here.exe c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\ZIP 2\Click Here.exe c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\Click Here.exe c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\cotation fonct\cotation.exe c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\cotation fonct\logiciel cotation\cotation.exe c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_COMMA\GS_COMMA.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_COMMA\UTILITAI\CODE_ISO.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_DESSI\GS_DESSI.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_UTILS\CRE_CONF\CRE_CONF.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_UTILS\CRE_CONF\RECOPIE.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_UTILS\DIVERS\CALCULAT.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_UTILS\ENS_JEUX\ENS_JEUX.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_UTILS\RESULTAT\CALENDRI.EXE c:\Documents and Settings\andre\Mes documents\André\TECHNO FRAISAGE TOURNAGE\zip3\dessin indus\GS_UTILS\RESULTAT\RESULTAT.EXE c:\Documents and Settings\norbert\Application Data\Google\Google Earth\googleearth.exe c:\Documents and Settings\norbert\Application Data\Google\Google Earth\gpsbabel.exe c:\Documents and Settings\norbert\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\ARPPRODUCTICON.exe c:\Documents and Settings\norbert\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe c:\Documents and Settings\norbert\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe c:\Documents and Settings\norbert\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe c:\Documents and Settings\norbert\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\NewShortcut2_407B9B5CDAC54F44A756B57CAB4E6A8B.exe c:\Documents and Settings\norbert\Application Data\Microsoft\Installer\{1E04F83B-2AB9-4301-9EF7-E86307F79C72}\UNINST_Uninstall_G_3DE5E7D47B88403CA3FD2017A8240C5B.exe c:\Documents and Settings\norbert\Bureau\trcryptfix.exe c:\Documents and Settings\norbert\Bureau\sauve cle\Divx.Pro.v6.4.Multilangages.Incl-Keygen\DivXInstaller.exe c:\Documents and Settings\norbert\Bureau\sauve cle\Divx.Pro.v6.4.Multilangages.Incl-Keygen\KeyGen PRO\keygenPRO.exe c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Setup.exe c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\SkylineGlobeShell.exe c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TerraExplorer.exe c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\teutil.exe c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Tools\PyramidTool\PyramidTool.exe c:\Documents and Settings\norbert\Local Settings\Temporary Internet Files\Content.IE5\G789T9I5\antivir_workstation_winu_fr_h[1].exe c:\Documents and Settings\norbert\Mes documents\terraexplorer_terraexplorer_5.0.2.10_basic_francais_40985.exe c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe c:\Documents and Settings\Administrateur\Application Data\IM\lang\french\sldadminoptioneditorresu.dll c:\Documents and Settings\Administrateur\Application Data\IM\lang\french\sldIMresu.dll c:\Documents and Settings\Administrateur.TO1\Application Data\IM\lang\french\sldadminoptioneditorresu.dll c:\Documents and Settings\Administrateur.TO1\Application Data\IM\lang\french\sldIMresu.dll c:\Documents and Settings\All Users\Application Data\Nero\DrWeb\Drweb32.dll c:\Documents and Settings\All Users\Application Data\Skyline\TEDetect.dll c:\Documents and Settings\andre\Application Data\IM\lang\french\sldadminoptioneditorresu.dll c:\Documents and Settings\andre\Application Data\IM\lang\french\sldIMresu.dll c:\Documents and Settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemyext.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\apiloader.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\atl71.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\auth.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\base.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\basicingest.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\collada.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\common.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\componentframework.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\earthps.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\evll.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\flightsim.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\fusioncommon.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\ge_net.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\geobase.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\googleearth.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\googlesearch.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\gps.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\ijl20.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\input_plugin.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\layer.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\libexpatw.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\libIGCore.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\libIGExportCommon.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\libIGMath.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\libIGOpt.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\libIGUtils.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\math.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\measure.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\moduleframework.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\msvcp71.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\msvcr71.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\navigate.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\pthreadVC.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\qt-mt338.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\render.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\sockets.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\webbrowser.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\wmsbase.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\zlibwapi.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemy\dx\libIGAttrs.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemy\dx\libIGGfx.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemy\dx\libIGSg.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemy\ogl\libIGAttrs.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemy\ogl\libIGGfx.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemy\ogl\libIGSg.dll c:\Documents and Settings\norbert\Application Data\Google\Google Earth\alchemy\optimizations\libIGOptExtension.dll c:\Documents and Settings\norbert\Application Data\IM\lang\french\sldadminoptioneditorresu.dll c:\Documents and Settings\norbert\Application Data\IM\lang\french\sldIMresu.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TEDetect.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\bmgc32.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\bmproj32.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\BMTransf.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\MptDll.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Terra.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TerraCommon.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TerraExplorerX.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\tgmdx6.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\tgmdx9.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEArcSDEPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEAsciiPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEDSNPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEDxfPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEFltPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEGeoDBPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEOraclePlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TERTEPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEShapePlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TETLFPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\TEWFSPlugin.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\bin\msvcr71.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\bin\pe.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\bin\sde.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Plugs\bin\sg.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TBPlugs\gdal12.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TBPlugs\MPTFile.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TBPlugs\msvcp60.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TBPlugs\NCScnet.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TBPlugs\NCSEcw.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TBPlugs\NCSUtil.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\TBPlugs\WorldRect.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Tools\Collaboration\SLCU.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Tools\Collaboration\SLFM.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Tools\Collaboration\TECollaboration.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Tools\GPSTracking\SkyGps.dll c:\Documents and Settings\norbert\Local Settings\Application Data\Skyline\TerraExplorer\Tools\PyramidTool\SLMPU.dll c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\Objectps.dll c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll c:\Documents and Settings\outilleur1\Application Data\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll c:\Documents and Settings\philippe\Application Data\IM\lang\french\sldadminoptioneditorresu.dll c:\Documents and Settings\philippe\Application Data\IM\lang\french\sldIMresu.dll ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_CFAIADMIN.tar.gz a l'adresse http://upload.malekal.com
  2. NONO61
    voilà le rapport : Avira AntiVir Personal Date de création du fichier de rapport : lundi 20 avril 2009 09:02 La recherche porte sur 1356481 souches de virus. Détenteur de la licence :Avira AntiVir PersonalEdition Classic Numéro de série : 0000149996-ADJIE-0001 Plateforme : Windows XP Version de Windows :(Service Pack 3) [5.1.2600] Mode Boot : Démarré normalement Identifiant : SYSTEM Nom de l'ordinateur :TO1 Informations de version : BUILD.DAT : 8.2.0.52 16931 Bytes 02/12/2008 14:55:00 AVSCAN.EXE : 8.1.4.10 315649 Bytes 18/11/2008 08:21:00 AVSCAN.DLL : 8.1.4.1 49921 Bytes 21/07/2008 13:44:27 LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:16 LUKERES.DLL : 8.1.4.0 13057 Bytes 04/07/2008 07:30:27 ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 11:30:36 ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 11/02/2009 17:04:23 ANTIVIR2.VDF : 7.1.3.63 1588224 Bytes 16/04/2009 13:35:11 ANTIVIR3.VDF : 7.1.3.74 28672 Bytes 19/04/2009 06:07:22 Version du moteur: 8.2.0.148 AEVDF.DLL : 8.1.1.0 106868 Bytes 26/03/2009 17:04:41 AESCRIPT.DLL : 8.1.1.75 373113 Bytes 14/04/2009 13:35:06 AESCN.DLL : 8.1.1.10 127348 Bytes 06/04/2009 06:10:26 AERDL.DLL : 8.1.1.3 438645 Bytes 04/11/2008 13:58:38 AEPACK.DLL : 8.1.3.14 397685 Bytes 20/04/2009 06:07:27 AEOFFICE.DLL : 8.1.0.36 196987 Bytes 26/03/2009 17:04:35 AEHEUR.DLL : 8.1.0.119 1724791 Bytes 20/04/2009 06:07:26 AEHELP.DLL : 8.1.2.2 119158 Bytes 26/03/2009 17:04:31 AEGEN.DLL : 8.1.1.36 340341 Bytes 20/04/2009 06:07:24 AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 10:05:56 AECORE.DLL : 8.1.6.9 176500 Bytes 14/04/2009 13:35:02 AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 10:05:56 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:02 AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:27:58 AVREP.DLL : 8.0.0.3 155905 Bytes 17/04/2009 13:35:12 AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:37 AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:19 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:46 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:36 NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:07 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 04/07/2008 07:23:16 RCTEXT.DLL : 8.0.52.1 86273 Bytes 17/07/2008 10:08:43 Configuration pour la recherche actuelle : Nom de la tâche..................: Contrôle intégral du système Fichier de configuration.........: c:\program files\avira\antivir personaledition classic\sysscan.avp Documentation....................: bas Action principale................: interactif Action secondaire................: ignorer Recherche sur les secteurs d'amorçage maître: marche Recherche sur les secteurs d'amorçage: marche Secteurs d'amorçage..............: C:, Recherche dans les programmes actifs: marche Recherche en cours sur l'enregistrement: marche Recherche de Rootkits............: arrêt Fichier mode de recherche........: Tous les fichiers Recherche sur les archives.......: marche Limiter la profondeur de récursivité: 20 Archive Smart Extensions.........: marche Heuristique de macrovirus........: marche Heuristique fichier..............: moyen Début de la recherche : lundi 20 avril 2009 09:02 La recherche sur les processus démarrés commence : Processus de recherche 'avscan.exe' - '1' module(s) sont contrôlés Processus de recherche 'avcenter.exe' - '1' module(s) sont contrôlés Processus de recherche 'iexplore.exe' - '1' module(s) sont contrôlés Processus de recherche 'avgnt.exe' - '1' module(s) sont contrôlés Processus de recherche 'SolidWorksLicensing.exe' - '1' module(s) sont contrôlés Processus de recherche 'SolidWorksLicTemp.0001' - '1' module(s) sont contrôlés Processus de recherche 'swBOEngine.exe' - '1' module(s) sont contrôlés Processus de recherche 'WindowsSearch.exe' - '1' module(s) sont contrôlés Processus de recherche 'msmsgs.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleToolbarNotifier.exe' - '1' module(s) sont contrôlés Processus de recherche 'brpjp04a.exe' - '1' module(s) sont contrôlés Processus de recherche 'ctfmon.exe' - '1' module(s) sont contrôlés Processus de recherche 'sldIMScheduler.exe' - '1' module(s) sont contrôlés Processus de recherche 'BrStsWnd.exe' - '1' module(s) sont contrôlés Processus de recherche 'PccNTMon.exe' - '1' module(s) sont contrôlés Processus de recherche 'InCD.exe' - '1' module(s) sont contrôlés Processus de recherche 'NBHGui.exe' - '1' module(s) sont contrôlés Processus de recherche 'PDVDServ.exe' - '1' module(s) sont contrôlés Processus de recherche 'rundll32.exe' - '1' module(s) sont contrôlés Processus de recherche 'RTHDCPL.exe' - '1' module(s) sont contrôlés Processus de recherche 'alg.exe' - '1' module(s) sont contrôlés Processus de recherche 'explorer.exe' - '1' module(s) sont contrôlés Processus de recherche 'OfcDog.exe' - '1' module(s) sont contrôlés Processus de recherche 'searchindexer.exe' - '1' module(s) sont contrôlés Processus de recherche 'TmListen.exe' - '1' module(s) sont contrôlés Processus de recherche 'RichVideo.exe' - '1' module(s) sont contrôlés Processus de recherche 'GoogleUpdate.exe' - '1' module(s) sont contrôlés Processus de recherche 'StandAloneSlv.exe' - '1' module(s) sont contrôlés Processus de recherche 'nvsvc32.exe' - '1' module(s) sont contrôlés Processus de recherche 'NTRtScan.exe' - '1' module(s) sont contrôlés Processus de recherche 'MDM.EXE' - '1' module(s) sont contrôlés Processus de recherche 'InCDsrv.exe' - '1' module(s) sont contrôlés Processus de recherche 'avguard.exe' - '1' module(s) sont contrôlés Processus de recherche 'sched.exe' - '1' module(s) sont contrôlés Processus de recherche 'spoolsv.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'svchost.exe' - '1' module(s) sont contrôlés Processus de recherche 'lsass.exe' - '1' module(s) sont contrôlés Processus de recherche 'services.exe' - '1' module(s) sont contrôlés Processus de recherche 'winlogon.exe' - '1' module(s) sont contrôlés Processus de recherche 'csrss.exe' - '1' module(s) sont contrôlés Processus de recherche 'smss.exe' - '1' module(s) sont contrôlés '45' processus ont été contrôlés avec '45' modules La recherche sur les secteurs d'amorçage maître commence : Secteur d'amorçage maître HD0 [iNFO] Aucun virus trouvé ! La recherche sur les secteurs d'amorçage commence : Secteur d'amorçage 'C:\' [iNFO] Aucun virus trouvé ! La recherche sur les renvois aux fichiers exécutables (registre) commence. Le registre a été contrôlé ( '56' fichiers). La recherche sur les fichiers sélectionnés commence : Recherche débutant dans 'C:\' C:\pagefile.sys [AVERTISSEMENT] Impossible d'ouvrir le fichier ! C:\System Volume Information\_restore{D8439FFC-74EC-470B-9A71-1F87F8BFDD35}\RP1\A0000026.dll [RESULTAT] Contient le cheval de Troie TR/Crypt.XPACK.Gen [REMARQUE] Le fichier a été déplacé dans le répertoire de quarantaine sous le nom '4a1c2b0d.qua' ! Fin de la recherche : lundi 20 avril 2009 10:09 Temps nécessaire: 1:06:55 Heure(s) La recherche a été effectuée intégralement 8081 Les répertoires ont été contrôlés 933538 Des fichiers ont été contrôlés 1 Des virus ou programmes indésirables ont été trouvés 0 Des fichiers ont été classés comme suspects 0 Des fichiers ont été supprimés 0 Des virus ou programmes indésirables ont été réparés 1 Les fichiers ont été déplacés dans la quarantaine 0 Les fichiers ont été renommés 1 Impossible de contrôler des fichiers 933536 Fichiers non infectés 4674 Les archives ont été contrôlées 1 Avertissements 1 Consignes
  3. NONO61
    j'ai pas tout compris ! je viens de finir le scan AVIRA, c'est peut être inutile d'afficher le rapport ? sinon j'applique la procédure et je te tiens au courant @+
  4. NONO61
    bonjour Angelique désolé pour la réponse tardive, j'étais en vacances la semaine dernière, aujourd'hui c'est la reprise. il y a toujours une alerte Dans le fichier 'C:\WINDOWS\system32\nevimh.dll' un virus ou un programme indésirable 'TR/Crypt.XPACK.Gen' [trojan] a été détecté. Action exécutée : Déplacer le fichier en quarantaine DONC je l'ai tjrs, je viens de lancer un scan complet avec antivir et j'ajouterai le rapport ci dessous que veux tu dire avec "quanrantine la detection de MBAM" ? @+
  5. NONO61
    bonjour voici le rapport rookit : GMER 1.0.15.14966 - http://www.gmer.net Rootkit scan 2009-04-09 08:08:57 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT BAEE3CA4 ZwCreateThread SSDT BAEE3C90 ZwOpenProcess SSDT BAEE3C95 ZwOpenThread SSDT BAEE3C9F ZwTerminateProcess SSDT BAEE3C9A ZwWriteVirtualMemory Code \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys pIofCallDriver ---- Kernel code sections - GMER 1.0.15 ---- ? Combo-Fix.sys Le fichier spécifié est introuvable. ! ? C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys Le fichier spécifié est introuvable. ! ? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Le fichier spécifié est introuvable. ! ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\SearchIndexer.exe[400] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00F51B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs TmPreFlt.sys (Pre-Filter For XP/Trend Micro Inc.) AttachedDevice \FileSystem\Ntfs \Ntfs InCDrec.SYS (InCD File System Recognizer/Nero AG) ---- EOF - GMER 1.0.15 ---- et celui de l'analyse de explorer.exe File: explorer.exe Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database) MD5: f2317622d29f9ff0f88aeecd5f60f0dd Packers detected: - Scan taken on 08 Apr 2009 15:09:03 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Quick Heal Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing et ce matin encore ce message : Dans le fichier 'C:\WINDOWS\system32\nevimh.o' un virus ou un programme indésirable 'TR/Crypt.XPACK.Gen' [trojan] a été détecté. Action exécutée : Déplacer le fichier en quarantaine et voici celui de malwarebytes, comme action j'ai choisi éliminer les éléments selectionnés : Malwarebytes' Anti-Malware 1.36 Version de la base de données: 1954 Windows 5.1.2600 Service Pack 3 2009-04-09 10:17:34 mbam-log-2009-04-09 (10-17-22).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 190988 Temps écoulé: 1 hour(s), 16 minute(s), 1 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 1 Valeur(s) du Registre infectée(s): 1 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 1 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/uninst.bat (Trojan.Agent) -> No action taken. Valeur(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken. Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\WINDOWS\Downloaded Program Files\uninst.bat (Trojan.Agent) -> No action taken. t'inquiètes moi aussi je traite pas plus d'un pc à la fois ! merki à+ nono61
  6. NONO61
    merci ça scanne, ça scanne... je crois que je vais le laisser tourner toute la nuit, pendant ce temps j'ai installé AVIRA sur d'autres Pc de mon bureau et ils sont tous infectés. nous qui pensions être à jour , notre antivirus OFFICE SCAN ne se met plus à jour sur notre serveur, donc tous les postes qui vont y chercher la mise à jour ne sont pas à jour! va y a voir du taf! merci encore ANGELIQUE et à demain
  7. NONO61
    Merci bcp ANGELIQUE voici le rapport, je n'ai pas encore lancé de scan avec AVIRA ComboFix 09-04-04.01 - Administrateur 2009-04-08 15:12:24.2 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1983.1275 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\trcryptfix.exe Commutateurs utilisés :: c:\documents and settings\Administrateur\Bureau\cfscript.txt AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_UXTURVZRP -------\Service_uxturvzrp ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-08 au 2009-04-08 )))))))))))))))))))))))))))))))))))) . 2009-04-06 15:02 . 2009-04-06 15:02 <REP> d-------- c:\documents and settings\norbert\Application Data\Malwarebytes 2009-04-03 16:42 . 2009-04-03 16:42 <REP> d-------- c:\documents and settings\philippe\Application Data\SolidWorks 2008 2009-04-03 16:41 . 2009-04-03 16:41 <REP> d-------- c:\documents and settings\philippe\Application Data\SolidWorks 2009-04-03 15:13 . 2009-04-03 15:13 <REP> d-------- c:\program files\Free Audio Pack 2009-04-01 07:38 . 2009-04-01 07:38 <REP> d-------- c:\documents and settings\andre\Application Data\DassaultSystemes 2009-04-01 07:38 . 2009-04-01 07:38 <REP> d-------- c:\documents and settings\All Users\Application Data\DassaultSystemes 2009-03-31 09:20 . 2009-03-31 09:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-31 09:20 . 2009-03-31 09:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-31 09:20 . 2009-03-31 09:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-03-31 09:20 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-31 09:20 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-26 19:02 . 2009-03-26 19:02 <REP> d-------- c:\program files\Avira 2009-03-26 19:02 . 2009-03-26 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-26 18:58 . 2009-03-26 18:58 24 --a------ c:\windows\pccntmon.INI 2009-03-26 16:09 . 2009-03-26 16:10 <REP> d-------- c:\windows\avxoscan 2009-03-26 16:07 . 2009-03-26 16:08 <REP> d-------- c:\windows\BDOSCAN8 2009-03-26 11:20 . 2009-03-26 11:24 <REP> d-------- c:\documents and settings\andre\thinkdesign 7.0 2009-03-23 09:48 . 2009-03-23 09:48 <REP> d-------- c:\documents and settings\norbert\Application Data\CyberLink . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-08 13:42 --------- d-----w c:\documents and settings\Administrateur\Application Data\IM 2009-04-08 08:10 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-04-07 21:00 --------- d-----w c:\documents and settings\Administrateur\Application Data\SolidWorks 2009-04-07 13:37 --------- d-----w c:\documents and settings\norbert\Application Data\IM 2009-04-06 06:16 --------- d-----w c:\documents and settings\norbert\Application Data\SolidWorks 2009-04-03 14:41 --------- d-----w c:\documents and settings\philippe\Application Data\IM 2009-04-03 13:30 --------- d-----w c:\documents and settings\andre\Application Data\IM 2009-04-03 13:29 --------- d-----w c:\documents and settings\andre\Application Data\SolidWorks 2009-04-01 15:47 --------- d-----w c:\documents and settings\norbert\Application Data\Skype 2009-04-01 14:05 --------- d-----w c:\documents and settings\norbert\Application Data\skypePM 2009-03-31 07:23 --------- d-----w c:\program files\Trend Micro 2009-03-11 13:59 --------- d-----w c:\program files\Google 2009-03-11 12:24 --------- d-----w c:\program files\adslTV 2009-02-25 08:07 --------- d-----w c:\program files\Fichiers communs\Autodesk Shared 2009-02-25 08:07 --------- d-----w c:\program files\AutoCAD LT 2009 2009-02-25 07:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\Autodesk 2009-02-25 07:50 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-02-12 10:51 --------- d-----w c:\documents and settings\norbert\Application Data\Ahead 2008-11-04 14:42 56 ---ha-w c:\documents and settings\All Users\Application Data\ezsidmv.dat . ((((((((((((((((((((((((((((( SnapShot@2009-04-07_16.41.31,10 ))))))))))))))))))))))))))))))))))))))))) . + 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE + 2009-04-08 13:42:41 16,384 ----atw c:\windows\temp\Perflib_Perfdata_960.dat . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2004-04-07 311296] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-07-31 815104] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2008-06-14 6862104] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-02-25 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\norbert\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\philippe\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\Administrateur.TO1\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\andre\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [2008-06-04 237568] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-10-30 205328] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2007-10-30 36368] S2 gupdate1c9a25192db0aca;Service Google Update (gupdate1c9a25192db0aca);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 133104] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-21 31592] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] . Contenu du dossier 'Tâches planifiées' 2009-04-08 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 05:11] 2009-04-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 15:59] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {157D1E77-D33D-497B-85C4-E406A508FBD7} = 192.168.2.1,192.168.2.254 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-08 15:42:50 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... c:\windows\explorer.exe [2580] 0x88712020 Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** . ------------------------ Autres processus actifs ------------------------ . c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Trend Micro\OfficeScan Client\NTRtScan.exe c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Trend Micro\OfficeScan Client\TmListen.exe c:\windows\system32\searchindexer.exe c:\program files\Trend Micro\OfficeScan Client\OfcDog.exe c:\windows\system32\rundll32.exe c:\docume~1\ADMINI~1\LOCALS~1\Temp\SolidWorksLicTemp.0001 c:\program files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe c:\windows\system32\searchprotocolhost.exe c:\windows\system32\searchfilterhost.exe . ************************************************************************** . Heure de fin: 2009-04-08 15:48:34 - La machine a redémarré [Administrateur] ComboFix-quarantined-files.txt 2009-04-08 13:48:31 ComboFix2.txt 2009-04-07 14:43:10 Avant-CF: 135,593,857,024 octets libres Après-CF: 135,558,569,984 octets libres
  8. NONO61
    j'ai appliqué la procédure décrite sur le site en installant trcryptfix.exe : je n'ai pas trouvé les fichiers cités sauf autorun.inf mais dans mon ordi il y a plusieurs autorun.inf qui m'ont l'air importants, alors je n'y ai pas touché. j'ai ensuite lancé flash_disinfector, en prenant soin de couper avira puis aprés j'ai réactivé AVIRA et lancé un nouveau scan, et il m'a dabord trouvé WORM/Generic.4084 qui est normal , puis à nouveau TR/Crypt.XPACK.Gen qu'est ce qui ne va pas? voici l' analyse et plus loin le rapport hijackthis MERCI de Votre aide ComboFix 09-04-04.01 - Administrateur 2009-04-07 16:38:30.1 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.1983.1297 [GMT 2:00] Lancé depuis: c:\documents and settings\Administrateur\Bureau\trcryptfix.exe AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Updated) * Un nouveau point de restauration a été créé (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) c:\documents and settings\andre\Menu Démarrer\Programmes\Démarrage\.lnk c:\program files\Internet Explorer\fxavx.ini ((((((((((((((((((((((((((((( Fichiers créés du 2009-03-07 au 2009-04-07 )))))))))))))))))))))))))))))))))))) 2009-04-06 15:02 . 2009-04-06 15:02 <REP> d-------- c:\documents and settings\norbert\Application Data\Malwarebytes 2009-04-03 16:42 . 2009-04-03 16:42 <REP> d-------- c:\documents and settings\philippe\Application Data\SolidWorks 2008 2009-04-03 16:41 . 2009-04-03 16:41 <REP> d-------- c:\documents and settings\philippe\Application Data\SolidWorks 2009-04-03 15:13 . 2009-04-03 15:13 <REP> d-------- c:\program files\Free Audio Pack 2009-04-01 07:38 . 2009-04-01 07:38 <REP> d-------- c:\documents and settings\andre\Application Data\DassaultSystemes 2009-04-01 07:38 . 2009-04-01 07:38 <REP> d-------- c:\documents and settings\All Users\Application Data\DassaultSystemes 2009-03-31 09:20 . 2009-03-31 09:20 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-31 09:20 . 2009-03-31 09:20 <REP> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-31 09:20 . 2009-03-31 09:20 <REP> d-------- c:\documents and settings\Administrateur\Application Data\Malwarebytes 2009-03-31 09:20 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-31 09:20 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-26 19:02 . 2009-03-26 19:02 <REP> d-------- c:\program files\Avira 2009-03-26 19:02 . 2009-03-26 19:02 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira 2009-03-26 18:58 . 2009-03-26 18:58 24 --a------ c:\windows\pccntmon.INI 2009-03-26 16:09 . 2009-03-26 16:10 <REP> d-------- c:\windows\avxoscan 2009-03-26 16:07 . 2009-03-26 16:08 <REP> d-------- c:\windows\BDOSCAN8 2009-03-26 11:20 . 2009-03-26 11:24 <REP> d-------- c:\documents and settings\andre\thinkdesign 7.0 2009-03-23 09:48 . 2009-03-23 09:48 <REP> d-------- c:\documents and settings\norbert\Application Data\CyberLink (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) 2009-04-07 14:34 --------- d-----w c:\documents and settings\Administrateur\Application Data\IM 2009-04-07 13:37 --------- d-----w c:\documents and settings\norbert\Application Data\IM 2009-04-07 07:09 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-04-06 06:16 --------- d-----w c:\documents and settings\norbert\Application Data\SolidWorks 2009-04-03 14:41 --------- d-----w c:\documents and settings\philippe\Application Data\IM 2009-04-03 13:30 --------- d-----w c:\documents and settings\andre\Application Data\IM 2009-04-03 13:29 --------- d-----w c:\documents and settings\andre\Application Data\SolidWorks 2009-04-01 15:47 --------- d-----w c:\documents and settings\norbert\Application Data\Skype 2009-04-01 14:05 --------- d-----w c:\documents and settings\norbert\Application Data\skypePM 2009-03-31 07:23 --------- d-----w c:\program files\Trend Micro 2009-03-26 22:04 --------- d-----w c:\documents and settings\Administrateur\Application Data\SolidWorks 2009-03-11 13:59 --------- d-----w c:\program files\Google 2009-03-11 12:24 --------- d-----w c:\program files\adslTV 2009-02-25 08:07 --------- d-----w c:\program files\Fichiers communs\Autodesk Shared 2009-02-25 08:07 --------- d-----w c:\program files\AutoCAD LT 2009 2009-02-25 07:58 --------- d-----w c:\documents and settings\Administrateur\Application Data\Autodesk 2009-02-25 07:50 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-02-12 10:51 --------- d-----w c:\documents and settings\norbert\Application Data\Ahead 2009-02-09 14:05 1,846,912 ----a-w c:\windows\system32\win32k.sys 2008-11-04 14:42 56 ---ha-w c:\documents and settings\All Users\Application Data\ezsidmv.dat ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-21 39408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-29 21755688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "NeroFilterCheck"="c:\program files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328] "OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2004-04-07 311296] "BrStsWnd"="c:\program files\Brownie\BrstsWnd.exe" [2007-07-31 815104] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SolidWorks_CheckForUpdates"="c:\program files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" [2008-06-14 6862104] "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] "nwiz"="nwiz.exe" [2008-02-25 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\norbert\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\philippe\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\Administrateur.TO1\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\andre\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Moteur du Planificateur de tƒches SolidWorks.lnk - c:\program files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe [2008-06-14 488728] c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 118784] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R2 Remote Solver for COSMOSFloWorks 2008;Remote Solver for COSMOSFloWorks 2008;c:\program files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe [2008-06-04 237568] R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [2007-10-30 205328] R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [2007-10-30 36368] S2 gupdate1c9a25192db0aca;Service Google Update (gupdate1c9a25192db0aca);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 133104] S2 uxturvzrp;nelry;c:\windows\system32\svchost.exe -k netsvcs [2007-10-29 14336] S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-08-21 31592] S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs uxturvzrp . Contenu du dossier 'Tâches planifiées' 2009-04-07 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 05:11] 2009-04-07 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-11 15:59] . . ------- Examen supplémentaire ------- . IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 TCP: {157D1E77-D33D-497B-85C4-E406A508FBD7} = 192.168.2.1,192.168.2.254 DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://www.zebulon.fr/scan8/oscan8.cab . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-07 16:40:35 Windows 5.1.2600 Service Pack 3 NTFS Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\uxturvzrp] "ServiceDll"="c:\windows\system32\nevimh.dll" . Heure de fin: 2009-04-07 16:43:09 ComboFix-quarantined-files.txt 2009-04-07 14:42:48 Avant-CF: 133 824 999 424 octets libres Après-CF: 135,722,885,120 octets libres WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professionnel" /noexecute=optin /fastdetect je joins aussi mon rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:04, on 2009-04-08 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16791) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\Trend Micro\OfficeScan Client\ofcdog.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe C:\Program Files\Nero\Nero 7\InCD\InCD.exe C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [securDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe O4 - HKLM\..\Run: [inCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow O4 - HKLM\..\Run: [brStsWnd] C:\Program Files\Brownie\BrstsWnd.exe Autorun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [solidWorks_CheckForUpdates] "C:\Program Files\Fichiers communs\Gestionnaire d'installation SolidWorks\Scheduler\sldIMScheduler.exe" /scheduler O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Moteur du Planificateur de tâches SolidWorks.lnk = C:\Program Files\SolidWorks\SolidWorks\swScheduler\swBOEngine.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) - file://srvadmin/ofcscan/Web_console/ClientInstall/setupini.cab O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - file://srvadmin/ofcscan/Web_console/ClientInstall/setup.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.zebulon.fr/scan8/oscan8.cab O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - file://srvadmin/ofcscan/Web_console/ClientInstall/RemoveCtrl.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.inoculer.com/antivirus/Msie/bitdefender.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cfaiadmin.fr O17 - HKLM\Software\..\Telephony: DomainName = cfaiadmin.fr O17 - HKLM\System\CCS\Services\Tcpip\..\{157D1E77-D33D-497B-85C4-E406A508FBD7}: NameServer = 192.168.2.1,192.168.2.254 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cfaiadmin.fr O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Planificateur Avira AntiVir Personal - Free Antivirus (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Service Google Update (gupdate1c9a25192db0aca) (gupdate1c9a25192db0aca) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe O23 - Service: Scan en temps réel OfficeScanNT (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Remote Solver for COSMOSFloWorks 2008 - Unknown owner - C:\Program Files\SolidWorks\COSMOSFloWorks\FloWorks\binCFW\StandAloneSlv.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
  9. NONO61
    message transféré vers un nouveau post!
  10. NONO61
    bonjour jacmanou je suis allé visiter le tuto de pierre PINARD, il n'y est pas indiqué comment les supprimer mais simplement Comment activer / désactiver les points de restauration, quelle est la bonne procédure ? actuellement je ne suis pas sur le poste concerné, j'espère avoir le temps en soirée! j'ai vu aussi que la plupart des fichiers provenaient de mon disque D en ATA ; c'est mon ancien DD qui est maintenant en esclave depuis plus de 2 ans et dans lequel je peux retrouver certaines anciennes sauvegardes , et ma licence originale XP PRO, car quand j'ai changé pour un SATA de plus grande contenance, mon cd d'install XP pro SP1 ne tenait pas compte du SATA, c'est donc un ami qui m'a fourni un cd non officiel et avec des n° de lic* intégrés et autres que les miens. je n'ai pas possibilité de changer les n° de lic* sur mon SATA, et je ne peux pas non plus reformater le SATA pour réinstaller mon XP dessus à moins d'avoir un CD avec XP pro SP2 intégrant le SATA et sans N° de lic intégré! merci A bientôt nono
  11. NONO61
    voici le rapport de antivir aprés environ 4heures de scan Avira AntiVir Personal Report file date: mardi 20 mai 2008 16:43 Scanning for 1281002 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: PCBUREAU Version information: BUILD.DAT : 8.1.00.296 16479 Bytes 29/04/2008 10:47:00 AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/05/2008 14:42:15 AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/05/2008 14:42:15 LUKE.DLL : 8.1.2.9 151809 Bytes 20/05/2008 14:42:16 LUKERES.DLL : 8.1.2.1 12033 Bytes 20/05/2008 14:42:16 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15 ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 14:42:16 ANTIVIR2.VDF : 7.0.4.53 1848832 Bytes 17/05/2008 14:42:16 ANTIVIR3.VDF : 7.0.4.69 76288 Bytes 20/05/2008 14:42:16 Engineversion : 8.1.0.46 AEVDF.DLL : 8.1.0.5 102772 Bytes 20/05/2008 14:42:16 AESCRIPT.DLL : 8.1.0.33 266618 Bytes 20/05/2008 14:42:16 AESCN.DLL : 8.1.0.18 119156 Bytes 20/05/2008 14:42:16 AERDL.DLL : 8.1.0.20 418165 Bytes 20/05/2008 14:42:16 AEPACK.DLL : 8.1.1.5 364918 Bytes 20/05/2008 14:42:16 AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/05/2008 14:42:16 AEHEUR.DLL : 8.1.0.29 1253750 Bytes 20/05/2008 14:42:16 AEHELP.DLL : 8.1.0.14 115063 Bytes 20/05/2008 14:42:16 AEGEN.DLL : 8.1.0.21 303477 Bytes 20/05/2008 14:42:16 AEEMU.DLL : 8.1.0.6 430451 Bytes 20/05/2008 14:42:16 AECORE.DLL : 8.1.0.29 168311 Bytes 20/05/2008 14:42:16 AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/05/2008 14:42:15 AVPREF.DLL : 8.0.0.1 25857 Bytes 20/05/2008 14:42:15 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVREG.DLL : 8.0.0.0 30977 Bytes 20/05/2008 14:42:15 AVARKT.DLL : 1.0.0.23 307457 Bytes 20/05/2008 14:42:15 AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/05/2008 14:42:15 SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/05/2008 14:42:16 SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/05/2008 14:42:16 NETNT.DLL : 8.0.0.1 7937 Bytes 20/05/2008 14:42:16 RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/05/2008 14:42:13 RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/05/2008 14:42:13 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: mardi 20 mai 2008 16:43 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'Mediadet.exe' - '1' Module(s) have been scanned Scan process 'NMBgMonitor.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'CTNotify.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'lsmouse.exe' - '1' Module(s) have been scanned Scan process 'vsnpstd.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'Popup-Destroy.exe' - '1' Module(s) have been scanned Scan process 'Ctmix32.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'sstray.exe' - '1' Module(s) have been scanned Scan process 'winampa.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'wscntfy.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'Ctsvccda.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 43 processes with 43 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '28' files ). Starting the file scan: Begin scan in 'C:\' C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\maxime\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-1aed29bd-3dc6ada4.class [DETECTION] Contains suspicious code HEUR/HTML.Malware [NOTE] The fund was classified as suspicious. [NOTE] The file was moved to '4893eaec.qua'! C:\Documents and Settings\maxime\Bureau\photoshop\CRACK + CONVERTI IN ITALIANO\Photoshop.CS2.KeyGen.exe [DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl [NOTE] The file was moved to '48a1eb2f.qua'! C:\Documents and Settings\norbert\Mes documents\smartphone\Jeux\JEUX1\The Sudoku Challenge - Full Version.zip [0] Archive type: ZIP --> The_Sudoku_Challenge.exe [DETECTION] Is the Trojan horse TR/Agent.DRV [NOTE] The file was moved to '4897ecb6.qua'! C:\SDFix\backups\backups.zip [0] Archive type: ZIP --> backups/9129837.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen --> backups/regscan.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen --> backups/~.exe [DETECTION] Is the Trojan horse TR/Agent.cyt.107 [NOTE] The file was moved to '4895f1ea.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP201\A0107159.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f25f.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP202\A0108176.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f267.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP202\A0109161.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f269.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP202\A0111171.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f26f.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP203\A0111186.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f271.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP203\A0112185.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f272.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP203\A0112196.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda0f3.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP204\A0115200.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f274.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP204\A0116198.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f275.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP204\A0118196.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f276.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP205\A0119198.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f278.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP205\A0120215.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda0f9.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP206\A0120218.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f27a.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP206\A0120247.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f27b.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP206\A0122245.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f27c.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP206\A0123253.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda0fd.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP206\A0123272.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f27d.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP207\A0124264.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f27f.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP207\A0125263.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda000.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP207\A0125283.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f280.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP208\A0126285.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f282.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP208\A0126308.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda003.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP208\A0127310.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f283.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP209\A0128308.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f284.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP209\A0129309.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f285.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP209\A0130310.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f286.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP209\A0132309.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f287.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP210\A0133321.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f289.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP210\A0134317.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f28a.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP210\A0134349.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f28b.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP210\A0135349.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda00c.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP210\A0135463.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f28f.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP211\A0136406.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f291.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP211\A0136418.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda012.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0137421.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f293.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0138421.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f294.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0139421.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda015.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0140421.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f295.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0141449.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f296.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0142453.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda017.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0142465.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f297.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP212\A0143466.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f298.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP213\A0143499.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f29a.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP213\A0143509.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda01b.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP213\A0144510.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f29b.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP213\A0144528.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f29c.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP213\A0145530.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '49fda01d.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP213\A0145641.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen [NOTE] The file was moved to '4863f2a0.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP214\A0146590.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '4863f2a2.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP214\A0146591.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '4863f2a3.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP214\A0146599.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [NOTE] The file was moved to '49fda024.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP214\A0146600.exe [DETECTION] Is the Trojan horse TR/Crypt.ULPM.Gen [NOTE] The file was moved to '4863f2a5.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP214\A0146602.exe [DETECTION] Is the Trojan horse TR/Agent.cyt.107 [NOTE] The file was moved to '49fda026.qua'! C:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP215\A0146759.exe [DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl [NOTE] The file was moved to '4863f2a9.qua'! Begin scan in 'D:\' D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\058F0N4N\t[1].html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '4863fb53.qua'! D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\BYV15PR7\bill[2] [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '489efc25.qua'! D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\BYV15PR7\bill[3] [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '491f4e96.qua'! D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\KP63WD6Z\argentgagnant[1].html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '4899fd3c.qua'! D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\ODGNGVWZ\produits[1].html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48a1ff00.qua'! D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\ODGNGVWZ\tag_script[1].php [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '4899fef1.qua'! D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\ONZV68P5\t[1].html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '4863ff00.qua'! D:\Documents and Settings\Léa\Local Settings\Temporary Internet Files\Content.IE5\WL85IB8T\max9300[1].html [DETECTION] Contains detection pattern of the HTML script virus HTML/Infected.WebPage.Gen [NOTE] The file was moved to '48aaff6f.qua'! D:\Documents and Settings\Maxime\Bureau\oldblivion\oldblivion_0.11t5\oldblivion.exe [DETECTION] Is the Trojan horse TR/Hijacker.Gen [NOTE] The file was moved to '48970035.qua'! D:\Documents and Settings\Maxime\Bureau\photoshop\CRACK + CONVERTI IN ITALIANO\Photoshop.CS2.KeyGen.exe [DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl [NOTE] The file was moved to '48a200f8.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\10136a3.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864014e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\105120f.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4868014e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\108e47.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b014f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\10ab1b7.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48940150.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\10eed4e.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48980150.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1116f48.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48640152.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\119d538.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486c0153.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\128c66d.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b0154.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1334441.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48660156.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1480713.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b0158.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\15f4ad6.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48990159.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1665c00.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4869015b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\16bbc7d.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4895015c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\171446.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864015d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\197f075.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486a0160.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\198f1dd.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b0161.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\19f1c7.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48990161.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1a5f2.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4868018a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1a927e2.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486c018b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1b2806d.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4865018c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1baa073.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4894018d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1c5912f.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4868018e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1dfb84.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48990190.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1edfd9f.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48970192.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1f0536c.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48630193.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\1f768d8.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486a0194.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\20f7a8d.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4899015f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\20fa09.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48990160.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\228bb74.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b0162.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\234de57.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48670164.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\23b3fc8.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48950164.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\23e792e.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48980165.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\2414347.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48640167.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\24c489.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48960167.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\25675ec.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48690169.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\25e6abb.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4898016a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\273b060.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4866016c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\2994808.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486c016f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\2a02fd2.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48630198.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\2c12f5.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864019a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\2cc62f0.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4896019b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\3a1b2e.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491ba2eb.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\3a9c78.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486c019b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\3d0490.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4863019e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\3e2269.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486501a0.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\4114aa.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864016c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\413457.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4866016d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\488e4a.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b0175.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\4a670.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4869019f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\4c32c4.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486601a1.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\4c6c03.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486901a2.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\4de2a8.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '489801a4.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\4e1725.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486401a5.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\4fbf1d.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '489501a7.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\524c1.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48670174.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\54bfac.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48950177.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\57f1b2.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4899017a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\5b9469.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486c01a6.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\5d8a47.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b01a9.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\5ee056.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '489801ab.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\61f952.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48990177.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\6493e3.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486c017b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\6d6431.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486901ab.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\6fd6e7.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '489701ae.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\70dd4.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48970179.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\71cffb.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4896017b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\8805cc.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48630182.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\91e222.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4898017c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\938727.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b017f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\94f496.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48990181.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\96ae4b.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48940183.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\971956.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48640185.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\9912d2.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48640188.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\9ac26b.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '489601b0.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\9f83ce.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b01b6.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\a2c091.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48960183.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\a56f6e.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48690187.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\a8a60.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4894018a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\a8dd42.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4897018b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\ae7c4b.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486a01b9.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\b9de97.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4897018d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\bb83d6.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486b01b7.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\bc359f.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486601b9.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\be3d44.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486601bc.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\c1cf3f.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48960188.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\c3a564.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4894018b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\c70650.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48630190.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\cf9fb.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486c01bf.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\d6140.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48640190.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\da6e3.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486901bc.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\dee69d.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '489801c0.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\e1f849.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4899018d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\e877a4.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '486a0195.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\f200dd.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491ca2e1.qua'! D:\Documents and Settings\Maxime\Local Settings\Temp\f3da0e.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48970191.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\03V7MWPT\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487402cf.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\03V7MWPT\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64ee8.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\03V7MWPT\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487402d0.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\03V7MWPT\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487402d1.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\0PIZC5YV\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874036d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\0PIZC5YV\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874036e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\0PIZC5YV\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f5b1df.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\0PIZC5YV\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874036f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\0PIZC5YV\upAYB[5].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740370.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\0PIZC5YV\upAYB[6].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64f49.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\49S7OFW7\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487403f2.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\49S7OFW7\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487403f3.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\4HAJSTMV\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874041c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\4HAJSTMV\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64825.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\54PLNP57\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740441.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\54PLNP57\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f6487a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\54PLNP57\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740443.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\54PLNP57\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740442.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\54PLNP57\upAYB[5].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f6487b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\54PLNP57\upAYB[6].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740444.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\5AF1TMG6\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874046f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\5AF1TMG6\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740470.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\5AF1TMG6\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64849.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\5AF1TMG6\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740472.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\5AF1TMG6\upAYB[5].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740471.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\6VH80JUX\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740496.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\6VH80JUX\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f648af.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\6VH80JUX\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740497.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\77PZFXCW\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487404be.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\77PZFXCW\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64887.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\77PZFXCW\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487404b0.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\A3SFR0D8\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487404e2.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BODDRGOK\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740508.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BODDRGOK\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64931.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BODDRGOK\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874050a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BODDRGOK\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64933.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BODDRGOK\upAYB[5].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740509.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BXAE53V1\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740552.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BXAE53V1\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f6496b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BXAE53V1\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740553.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\BXAE53V1\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740554.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\CLQJK1UZ\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487405d2.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\CLQJK1UZ\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487405d3.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\CLQJK1UZ\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f649ec.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\CLQJK1UZ\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487405d5.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\F5GKGBN7\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740600.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\F5GKGBN7\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64a39.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\F5GKGBN7\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740601.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\F5GKGBN7\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64a3a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\G1YZCPQZ\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874062b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\G1YZCPQZ\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64a14.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\G1YZCPQZ\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874062d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\I1KB6T61\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740655.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\I1KB6T61\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64a6e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\JFH9T5HQ\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740679.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\JFH9T5HQ\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64a42.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\JFH9T5HQ\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874067b.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\JFH9T5HQ\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874067a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\JFH9T5HQ\upAYB[5].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64a43.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\K16NKTIZ\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487406a0.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\K16NKTIZ\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487406a1.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\K16NKTIZ\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64a9a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\K16NKTIZ\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487406a3.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\NBUMS87E\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740702.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\NBUMS87E\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740703.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\NBUMS87E\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f5b5b4.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\OTOL2JW9\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740723.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\OTOL2JW9\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64b1c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\OTOL2JW9\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740724.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\QR41I5GF\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740773.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\QR41I5GF\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64b4c.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\S567SDY7\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740799.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\S567SDY7\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874079a.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\S567SDY7\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64ba3.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\S92ZO9YV\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487407bd.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\S92ZO9YV\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487407be.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\S92ZO9YV\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64b87.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\U1JW54VU\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487407e1.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\U1JW54VU\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f5b552.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UN2NQXUN\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874080e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UN2NQXUN\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64437.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UN2NQXUN\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48740800.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UN2NQXUN\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874080f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UN2NQXUN\upAYB[5].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64428.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UNUZMLEV\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874083d.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UNUZMLEV\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874083e.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UNUZMLEV\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64407.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\UNUZMLEV\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4874083f.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\W5IB4DMV\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487408b7.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\W5IB4DMV\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f64480.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\W5IB4DMV\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487408b9.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\WHENG1IV\upAYB[1].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487408e0.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\WHENG1IV\upAYB[2].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '49f5ba51.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\WHENG1IV\upAYB[3].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487408e2.qua'! D:\Documents and Settings\Maxime\Local Settings\Temporary Internet Files\Content.IE5\WHENG1IV\upAYB[4].int [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '487408e1.qua'! D:\Program Files\MP3 Player Utilities 3.5.01\DelDrv.exe [DETECTION] Is the Trojan horse TR/DelAll.Q.1 [NOTE] The file was moved to '489f0d33.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146814.exe [DETECTION] Is the Trojan horse TR/Hijacker.Gen [NOTE] The file was moved to '486416fe.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146815.exe [DETECTION] Contains detection pattern of the worm WORM/Autorun.cxl [NOTE] The file was moved to '486416ff.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146816.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641700.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146817.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641701.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146818.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cd2.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146819.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641702.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146820.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cd3.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146821.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641703.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146822.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cd4.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146823.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641704.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146824.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cd5.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146825.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641705.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146826.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cd6.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146827.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641706.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146828.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b225f.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146829.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641707.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146830.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2250.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146831.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641708.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146832.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641709.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146833.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2252.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146834.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864170a.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146835.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2253.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146836.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864170b.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146837.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2254.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146838.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864170c.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146839.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2255.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146840.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864170d.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146841.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cde.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146842.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864170e.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146843.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2257.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146844.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864170f.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146845.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2248.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146846.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641710.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146847.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2249.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146848.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641711.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146849.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b224a.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146850.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641712.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146851.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b224b.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146852.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641713.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146853.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641714.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146854.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b224d.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146855.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641715.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146856.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b224e.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146857.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641716.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146858.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b224f.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146859.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641717.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146860.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2240.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146861.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641718.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146862.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641719.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146863.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2242.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146864.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864171a.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146865.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8ccb.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146866.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864171b.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146867.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2244.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146868.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864171c.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146869.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8ccd.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146870.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864171d.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146871.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cce.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146872.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864171e.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146873.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8ccf.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146874.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864171f.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146875.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cf0.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146876.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641720.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146877.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cf1.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146878.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641721.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146879.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cf2.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146880.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641722.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146881.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641723.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146882.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491a8cf4.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146883.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641724.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146884.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b227d.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146885.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641725.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146886.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641726.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146887.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b227f.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146888.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641727.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146889.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2270.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146890.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641728.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146891.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2271.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146892.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641729.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146893.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2272.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146894.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864172a.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146895.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864172b.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146896.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2274.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146897.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864172c.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146898.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2275.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146899.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864172d.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146900.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864172e.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146901.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2277.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146902.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '4864172f.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146903.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b2268.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146904.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641730.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146905.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641731.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146906.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b226a.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146907.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641732.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146908.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b226b.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146909.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '48641733.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146910.exe [DETECTION] Is the Trojan horse TR/Dldr.Swizzor.DV [NOTE] The file was moved to '491b226c.qua'! D:\System Volume Information\_restore{B52B1DBB-4358-4D98-B9E8-843C9EF03574}\RP216\A0146918.exe [DETECTION] Is the Trojan horse TR/DelAll.Q.1 [NOTE] The file was moved to '48641734.qua'! End of the scan: mardi 20 mai 2008 20:49 Used time: 4:06:17 min The scan has been done completely. 18624 Scanning directories 931029 Files were scanned 358 viruses and/or unwanted programs were found 1 Files were classified as suspicious: 0 files were deleted 0 files were repaired 357 files were moved to quarantine 0 files were renamed 1 Files cannot be scanned 930671 Files not concerned 17300 Archives were scanned 1 Warnings 357 Notes bonne soirée a+ nono61
  12. NONO61
    ok je suis en cours de vérification avec antivir, cela demande un certain temps. il a déjà trouvé 2 detections que j'ai mis en quarantaine 1 fichier suspicieux et 1 warning j'ai désinstallé adaware puis installé MalwareBytes, comme je n'ai pas fini l'inspection antivir, je ferai l'analyse MalwareBytes ultérieurement. a présent tout à l'air de fonctionner correctement, mais il va falloir que je fasse encore du vide! qu'entends tu par danger des cracks, y aurait il dans le rapport quelque chose qui te ferais dire qu'il y a des logiciels craqués? si oui lesquels? merci encore nono61
  13. NONO61
    bonjour jacmanou et d'avance merci voici mon rapport SDFIX SDFix: Version 1.184 Run by maxime on 20/05/2008 at 16:04 Microsoft Windows XP [version 5.1.2600] Running From: C:\SDFix Checking Services : Name : new_drv Path : \??\C:\WINDOWS\new_drv.sys new_drv - Deleted Restoring Windows Registry Values Restoring Windows Default Hosts File Rebooting Checking Files : Trojan Files Found: C:\WINDOWS\system32\~.exe - Deleted C:\Documents and Settings\maxime\new.txt - Deleted C:\WINDOWS\9129837.exe - Deleted C:\WINDOWS\system32\regscan.exe - Deleted Removing Temp Files ADS Check : Final Check : catchme 0.3.1359.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-20 16:19:39 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... IPC error: 2 Le fichier spécifié est introuvable. scanning hidden services & system hive ... scanning hidden registry entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 Remaining Services : Authorized Application Key Export: [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "C:\\Program Files\\BitTorrent_DNA\\dna.exe"="C:\\Program Files\\BitTorrent_DNA\\dna.exe:*:Enabled:BitTorrent DNA" "C:\\Documents and Settings\\maxime\\Bureau\\steamapps\\ekureuil\\counter-strike source\\hl2.exe"="C:\\Documents and Settings\\maxime\\Bureau\\steamapps\\ekureuil\\counter-strike source\\hl2.exe:*:Enabled:hl2" "C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv" "C:\\Documents and Settings\\maxime\\Local Settings\\Temporary Internet Files\\Content.IE5\\3VPFBLSS\\wow[1].exe"="C:\\Documents and Settings\\maxime\\Local Settings\\Temporary Internet Files\\Content.IE5\\3VPFBLSS\\wow[1].exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Magic Workstation\\MWSPlay.exe"="C:\\Program Files\\Magic Workstation\\MWSPlay.exe:*:Enabled:Magic Workstation Play Module" "C:\\Documents and Settings\\maxime\\Bureau\\wow.exe"="C:\\Documents and Settings\\maxime\\Bureau\\wow.exe:*:Enabled:Blizzard Downloader" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager" "C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager" "C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application" "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Remaining Files : File Backups: - C:\SDFix\backups\backups.zip Files with Hidden Attributes : Mon 24 Mar 2008 24 ..SH. --- "C:\WINDOWS\S8E44938A.tmp" Sat 19 Jan 2008 374,784 ...H. --- "C:\Program Files\Mio Backup2\iBootDev.exe" Sat 19 Jan 2008 72,192 ...H. --- "C:\Program Files\Mio Backup2\MainShell.exe" Sat 19 Jan 2008 120,233 ...H. --- "C:\Program Files\Mio Backup2\MUI.exe" Sat 19 Jan 2008 31,232 ...H. --- "C:\Program Files\Mio Backup2\upgradeUT.exe" Fri 18 Jan 2008 374,784 A..H. --- "C:\Program Files\Mio Backup\iBootDev.exe" Fri 18 Jan 2008 72,192 A..H. --- "C:\Program Files\Mio Backup\MainShell.exe" Fri 18 Jan 2008 120,233 A..H. --- "C:\Program Files\Mio Backup\MUI.exe" Fri 18 Jan 2008 31,232 A..H. --- "C:\Program Files\Mio Backup\upgradeUT.exe" Fri 8 Dec 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak" Fri 18 Jan 2008 31,232 A..H. --- "C:\Program Files\Mio Backup2\HDD\upgradeUT.exe" Fri 18 Jan 2008 31,232 A..H. --- "C:\Program Files\Mio Backup\HDD\upgradeUT.exe" Thu 14 Feb 2008 71,168 ..SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\Setup.exe" Sat 9 Jul 2005 16,384 A.SHR --- "C:\Program Files\Mio Technology\SpeedCAM Tool\_Setup.dll" Sun 28 Oct 2007 20,233,232 A..H. --- "C:\Documents and Settings\L‚a\Local Settings\Temp\BIT2.tmp" Sun 8 Jul 2007 26,112 ...H. --- "C:\Documents and Settings\norbert\Mes documents\offres d'emploi\~WRL1207.tmp" Fri 18 Jan 2008 374,784 A..H. --- "C:\Program Files\Mio Backup2\HDD\Program files\iBootDev.exe" Fri 18 Jan 2008 374,784 A..H. --- "C:\Program Files\Mio Backup\HDD\Program files\iBootDev.exe" Sat 29 Mar 2008 25,839,664 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\b7c21b5db948e35a308c052076388cfe\BIT2.tmp" Fri 18 Jan 2008 374,784 A..H. --- "C:\Documents and Settings\All Users\Documents\mio c520\Mio Backup\iBootDev.exe" Fri 18 Jan 2008 72,192 A..H. --- "C:\Documents and Settings\All Users\Documents\mio c520\Mio Backup\MainShell.exe" Fri 18 Jan 2008 120,233 A..H. --- "C:\Documents and Settings\All Users\Documents\mio c520\Mio Backup\MUI.exe" Fri 18 Jan 2008 31,232 A..H. --- "C:\Documents and Settings\All Users\Documents\mio c520\Mio Backup\upgradeUT.exe" Fri 8 Dec 2006 4,348 A..H. --- "C:\Documents and Settings\L‚a\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Tue 3 Jul 2007 20 A..H. --- "C:\Documents and Settings\L‚a\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Sat 10 Mar 2007 9,855 A.SH. --- "C:\Documents and Settings\L‚a\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Tue 11 Mar 2008 19,456 ...H. --- "C:\Documents and Settings\maxime\Application Data\Microsoft\Word\~WRL0540.tmp" Tue 11 Mar 2008 20,992 ...H. --- "C:\Documents and Settings\maxime\Application Data\Microsoft\Word\~WRL1798.tmp" Tue 11 Mar 2008 19,968 ...H. --- "C:\Documents and Settings\maxime\Application Data\Microsoft\Word\~WRL3326.tmp" Fri 8 Dec 2006 4,348 ...H. --- "C:\Documents and Settings\maxime\Mes documents\Ma musique\Sauvegarde de la licence\drmv1key.bak" Wed 14 Nov 2007 20 A..H. --- "C:\Documents and Settings\maxime\Mes documents\Ma musique\Sauvegarde de la licence\drmv1lic.bak" Sat 10 Mar 2007 9,855 A.SH. --- "C:\Documents and Settings\maxime\Mes documents\Ma musique\Sauvegarde de la licence\drmv2key.bak" Fri 18 Jan 2008 31,232 A..H. --- "C:\Documents and Settings\All Users\Documents\mio c520\Mio Backup\HDD\upgradeUT.exe" Fri 18 Jan 2008 374,784 A..H. --- "C:\Documents and Settings\All Users\Documents\mio c520\Mio Backup\HDD\Program files\iBootDev.exe" Finished! et voici mon rapport hijackthis Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:28:19, on 20/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE C:\Program Files\PopUp Destroy\Popup-Destroy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Trust\Mouse 14914\lsmouse.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\maxime\Bureau\HiJackThis(2).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [MEDIAMOUSE] C:\Program Files\Trust\Mouse 14914\lsmouse.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download Using &BitSpirit - C:\Documents and Settings\maxime\Bureau\bsurl.htm O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe -- End of file - 7518 bytes tu me dis que j'utilise un logiciel p2p , c'est probablement mon fils, quel est ce logiciel et comment enlever les entrées correspondantes? et de quoi se débarrasser comme lignes inutiles sur mon rapport hijackthis pour optimiser mon PC? encore merci
  14. NONO61
    bonjour à tous nouvel inscrit sur ce forum, qui, a lire tous les posts m'a paru vraiment très efficace ! depuis peut être un mois la session de mon fils est infectée : AVAST m'informe être infecté par new_drv.sys à deux reprises. si je tente d'annuler ou d'éradiquer ou de mettre en quarantaine, j'ai ensuite un message m'informant que le système va être arrété, et il s'arrête. je sais que ce post a été abondemment traité, mais que la procédure est différente pour chaque cas c'est pourquoi je poste un nouveau sujet! je viens de télécharger hijackthis voici son rapport: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:05:29, on 20/05/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\system32\sstray.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE C:\Program Files\PopUp Destroy\Popup-Destroy.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Trust\Mouse 14914\lsmouse.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BitTorrent\bittorrent.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\system32\regscan.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\9129837.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\system32\CTSvcCDA.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\PROGRA~1\MOZILL~1\FIREFOX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\System32\svchost.exe C:\Documents and Settings\maxime\Bureau\HiJackThis(2).exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.fr/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wanadoo R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: (no name) - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - (no file) O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - (no file) O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t O4 - HKLM\..\Run: [PopUp Destroy] C:\Program Files\PopUp Destroy\Popup-Destroy.exe O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [MEDIAMOUSE] C:\Program Files\Trust\Mouse 14914\lsmouse.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [bitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized O4 - HKCU\..\Run: [Regscan] C:\WINDOWS\system32\regscan.exe O4 - HKCU\..\Run: [ttool] C:\WINDOWS\9129837.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Download Using &BitSpirit - C:\Documents and Settings\maxime\Bureau\bsurl.htm O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Créer un favori mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppD...ap/PhtPkMSN.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe merci de votre aide nono61
×
×
  • Créer...