Arprive

J'ai refais un control et tout fonctionne...merci bien pour votre aide. Amicalement A.

Dsl pour l'attente...j'étais absent 3 jours... C'est a n'y rien comprendre...j'ai recommencer la manoeuvre et il me dis qu'il ne trouve pas de virus...je re-scan le pc et il me dis qu'il n'a y plus de virus...alors que 3 jours avant...j'avais 9 virus et que depuis je n'ai rien fait.

Suite aux manoeuvres..j'ai fait un scan antivir...et..j'ai eu 9 alertes :/ Avira AntiVir Personal Report file date: lundi, 22. septembre 2008 21:29 Scanning for 1628080 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: SYSTEM Computer name: RIZZETTO Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12.08.2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26.06.2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12.09.2008 11:40:15 ANTIVIR3.VDF : 7.0.6.192 234496 Bytes 22.09.2008 14:03:13 Engineversion : 8.1.1.34 AEVDF.DLL : 8.1.0.5 102772 Bytes 25.02.2008 09:58:21 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 21.09.2008 11:40:21 AESCN.DLL : 8.1.0.23 119156 Bytes 10.07.2008 12:44:49 AERDL.DLL : 8.1.1.2 438644 Bytes 21.09.2008 11:40:21 AEPACK.DLL : 8.1.2.1 364917 Bytes 15.07.2008 12:58:35 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 21.09.2008 11:40:20 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 21.09.2008 11:40:19 AEHELP.DLL : 8.1.0.15 115063 Bytes 10.07.2008 12:44:48 AEGEN.DLL : 8.1.0.36 315764 Bytes 21.09.2008 11:40:17 AEEMU.DLL : 8.1.0.7 430452 Bytes 31.07.2008 08:33:21 AECORE.DLL : 8.1.1.11 172406 Bytes 21.09.2008 11:40:17 AEBB.DLL : 8.1.0.1 53617 Bytes 10.07.2008 12:44:48 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 21.09.2008 11:40:16 AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lundi, 22. septembre 2008 21:29 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'PSPAP.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 26 processes with 26 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '48' files ). Starting the file scan: Begin scan in 'C:\' <Disque slave> C:\Téléchargement Internet\Divers Programme anti-Infection\SmitfraudFix\SmitfraudFix\Reboot.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.F program [NOTE] The file was moved to '4939f34a.qua'! C:\Téléchargement Internet\Divers Programme anti-Infection\SmitfraudFix\SmitfraudFix\restart.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program [NOTE] The file was moved to '494af354.qua'! Begin scan in 'D:\' D:\pagefile.sys [WARNING] The file could not be opened! D:\Documents and Settings\Alex\Local Settings\Temp\TDSS2dfb.tmp [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '492af46f.qua'! D:\Documents and Settings\Alex\Local Settings\Temp\TDSSf4dc.tmp [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '492af475.qua'! D:\Documents and Settings\Alex\Local Settings\Temp\TDSSf5f6.tmp [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '492af479.qua'! D:\Program Files\SmitfraudFix\SmitfraudFix\Reboot.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.F program [NOTE] The file was moved to '4939f5ff.qua'! D:\Program Files\SmitfraudFix\SmitfraudFix\restart.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program [NOTE] The file was moved to '494af602.qua'! D:\System Volume Information\_restore{69033F32-0097-4D94-883E-FAAE87368D40}\RP101\A0036402.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Reboot.F program [NOTE] The file was moved to '4907f689.qua'! D:\System Volume Information\_restore{69033F32-0097-4D94-883E-FAAE87368D40}\RP101\A0036403.exe [DETECTION] Contains recognition pattern of the SPR/Tool.Hardoff.A program [NOTE] The file was moved to '4907f68d.qua'! D:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: lundi, 22. septembre 2008 21:58 Used time: 29:11 Minute(s) The scan has been done completely. 7210 Scanning directories 384916 Files were scanned 9 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 9 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 384905 Files not concerned 2122 Archives were scanned 3 Warnings 9 Notes

Rapport 1 - Recherche SmitFraudFix v2.353 Rapport fait à 17:23:21.07, 22.09.2008 Executé à partir de D:\Documents and Settings\Alex\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Process D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Thrustmaster\FunAccess\PSPAP.exe D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» D:\ »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32 D:\WINDOWS\system32\tdssservers.dat détecté, utilisez un scanner de Rootkit D:\WINDOWS\system32\tdssadw.dll détecté, utilisez un scanner de Rootkit D:\WINDOWS\system32\tdssinit.dll détecté, utilisez un scanner de Rootkit D:\WINDOWS\system32\tdssl.dll détecté, utilisez un scanner de Rootkit D:\WINDOWS\system32\tdsslog.dll détecté, utilisez un scanner de Rootkit D:\WINDOWS\system32\tdssmain.dll détecté, utilisez un scanner de Rootkit D:\WINDOWS\system32\drivers\tdssserv.sys détecté, utilisez un scanner de Rootkit »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Alex »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\Alex\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\Alex\Favoris »»»»»»»»»»»»»»»»»»»»»»»» Bureau »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="Ma page d'accueil" »»»»»»»»»»»»»»»»»»»»»»»» o4Patch !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! o4Patch Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="D:\\WINDOWS\\system32\\userinit.exe," "System"="" »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: WAN (PPP/SLIP) Interface DNS Server Search Order: 194.230.1.71 DNS Server Search Order: 194.230.1.39 HKLM\SYSTEM\CCS\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer=194.230.1.71 194.230.1.39 HKLM\SYSTEM\CS1\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer=194.230.1.71 194.230.1.39 HKLM\SYSTEM\CS2\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer=194.230.1.103 194.230.1.39 HKLM\SYSTEM\CS2\Services\Tcpip\..\{AF9AAF62-67F1-43D1-82C5-6962DB7A8245}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer=194.230.1.71 194.230.1.39 »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapoort 2- Nettoyage SmitFraudFix v2.353 Rapport fait à 17:49:01.18, 22.09.2008 Executé à partir de D:\Documents and Settings\Alex\Bureau\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Le type du système de fichiers est Fix executé en mode sans echec »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» VACFix VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix AntiXPVSTFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CS2\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer=194.230.1.103 194.230.1.39 HKLM\SYSTEM\CS2\Services\Tcpip\..\{AF9AAF62-67F1-43D1-82C5-6962DB7A8245}: DhcpNameServer=192.168.1.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer=194.230.1.103 194.230.1.39 »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin Rapport Malwarebytes Malwarebytes' Anti-Malware 1.28 Version de la base de données: 1193 Windows 5.1.2600 Service Pack 3 22.09.2008 18:23:28 mbam-log-2008-09-22 (18-23-19).txt Type de recherche: Examen complet (C:\|D:\|) Eléments examinés: 124232 Temps écoulé: 25 minute(s), 7 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 1 Clé(s) du Registre infectée(s): 3 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 8 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): D:\WINDOWS\system32\TDSSl.dll (Trojan.Agent) -> No action taken. Clé(s) du Registre infectée(s): HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> No action taken. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\poof (Rootkit.Agent) -> No action taken. Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): D:\WINDOWS\system32\tdssadw.dll (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\tdssl.dll (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\tdssserf.dll (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\tdssmain.dll (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> No action taken. D:\WINDOWS\system32\drivers\tdssserv.sys (Trojan.Agent) -> No action taken.

Bonjour, Après 2 essais et un nouveau téléchargement, Antivir fonctionne enfin correctement. J'ai fais déja 3 ou4 scan et aucun virus en vue. Par contre toujours impossible de faire tourner diskeeper..alors qu'il fonctionnait très bien avant. J'ai fait ce que vous m'avez dis concernant JavaRa, mais alors que je selectionne "Update Using jucheck.exe"...un panneau s'ouvre avec "Java Update Checker a rencontré un problème et doit fermer. Nous vous prions de nous excuser..ect..ec.t..ect" Pour ce qui concerne Diaghelp..voici le log. (Encore merci pour votre aide et votre disponibilité!!) DiagHelp version v1.4 - http://www.malekal.com excute le 22.09.2008 à 16:13:15.75 Liste des derniers fichies modifies/crees dans windir\system32 et prefetch D:\WINDOWS\System32\drivers\lirsgt.sys -->13.09.2008 15:55:51 D:\WINDOWS\System32\drivers\atksgt.sys -->13.09.2008 15:55:51 D:\WINDOWS\System32\drivers\LVUSBSta.sys -->26.07.2008 17:26:20 D:\WINDOWS\System32\drivers\lvrs.sys -->26.07.2008 17:25:46 D:\WINDOWS\System32\drivers\LV302V32.SYS -->26.07.2008 17:22:32 D:\WINDOWS\System32\drivers\lv302af.sys -->26.07.2008 17:22:20 D:\WINDOWS\System32\drivers\LVPr2Mon.sys -->26.07.2008 08:25:02 D:\WINDOWS\System32\wpa.dbl -->22.09.2008 16:01:02 D:\WINDOWS\System32\FNTCACHE.DAT -->22.09.2008 16:00:50 D:\WINDOWS\System32\CnxDslWz.log -->21.09.2008 13:38:33 D:\WINDOWS\System32\CONFIG.NT -->18.09.2008 17:44:37 D:\WINDOWS\System32\PerfStringBackup.INI -->18.09.2008 17:03:56 D:\WINDOWS\System32\perfh00C.dat -->18.09.2008 17:03:56 D:\WINDOWS\System32\perfh009.dat -->18.09.2008 17:03:56 D:\WINDOWS\System32\perfc00C.dat -->18.09.2008 17:03:56 D:\WINDOWS\System32\perfc009.dat -->18.09.2008 17:03:56 D:\WINDOWS\System32\lvcoinst.log -->17.09.2008 19:15:33 D:\WINDOWS\System32\CmdLineExt.dll -->09.09.2008 16:34:03 D:\WINDOWS\System32\MRT.exe -->26.08.2008 22:28:12 D:\WINDOWS\System32\TZLog.log -->15.08.2008 17:02:32 D:\WINDOWS\System32\jupdate-1.6.0_07-b06.log -->15.08.2008 16:51:09 D:\WINDOWS\System32\SI.bin -->28.07.2008 08:54:38 D:\WINDOWS\System32\LVUI2RC.dll -->26.07.2008 17:26:20 D:\WINDOWS\System32\LVUI2.dll -->26.07.2008 17:26:08 D:\WINDOWS\System32\lvci11801048.dll -->26.07.2008 17:23:28 D:\WINDOWS\System32\lvcodec2.dll -->26.07.2008 17:23:18 D:\WINDOWS\System32\Repository.reg -->26.07.2008 16:46:00 D:\WINDOWS\System32\lvcoinst.ini -->26.07.2008 16:42:50 D:\WINDOWS\System32\spupdwxp.log -->24.07.2008 16:34:47 D:\WINDOWS\System32\cdm.dll -->18.07.2008 22:10:48 D:\WINDOWS\System32\wuauclt.exe -->18.07.2008 22:10:42 D:\WINDOWS\System32\wups2.dll -->18.07.2008 22:10:40 D:\WINDOWS\WindowsUpdate.log -->22.09.2008 16:01:19 D:\WINDOWS\wiadebug.log -->22.09.2008 16:01:16 D:\WINDOWS\wiaservc.log -->22.09.2008 16:01:10 D:\WINDOWS\bootstat.dat -->22.09.2008 16:00:57 D:\WINDOWS\setupact.log -->21.09.2008 15:11:00 D:\WINDOWS\setupapi.log -->21.09.2008 13:32:03 D:\WINDOWS\DirectX.log -->13.09.2008 15:51:54 D:\WINDOWS\tsoc.log -->10.09.2008 18:10:28 D:\WINDOWS\tabletoc.log -->10.09.2008 18:10:28 D:\WINDOWS\ocmsn.log -->10.09.2008 18:10:28 D:\WINDOWS\ocgen.log -->10.09.2008 18:10:28 D:\WINDOWS\ntdtcsetup.log -->10.09.2008 18:10:28 D:\WINDOWS\netfxocm.log -->10.09.2008 18:10:28 D:\WINDOWS\msgsocm.log -->10.09.2008 18:10:28 D:\WINDOWS\MedCtrOC.log -->10.09.2008 18:10:28 winlogon.exe Verified: Signed svchost.exe Verified: Signed ws2_32.dll Verified: Signed user32.dll Verified: Signed tcpip.sys Verified: Signed ndis.sys Verified: Signed null.sys Verified: Signed ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ explorer.exe pid: 1640 Command line: D:\WINDOWS\Explorer.EXE Base Size Version Path 0x77be0000 0x58000 7.00.2600.5512 D:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 D:\WINDOWS\system32\CRYPT32.dll 0x76610000 0x84000 5.131.2600.5512 D:\WINDOWS\system32\CRYPTUI.dll 0x44080000 0xd0000 7.00.6000.16705 D:\WINDOWS\system32\WININET.dll 0x00400000 0x9000 6.00.5441.0000 D:\WINDOWS\system32\Normaliz.dll 0x43e00000 0x45000 7.00.6000.16705 D:\WINDOWS\system32\iertutil.dll 0x76be0000 0x2e000 5.131.2600.5512 D:\WINDOWS\system32\WINTRUST.dll 0x58b50000 0x9a000 5.82.2900.5512 D:\WINDOWS\system32\comctl32.dll 0x00b40000 0x200 D:\WINDOWS\system32\tdssadw.dll 0x76f80000 0x7f000 2001.12.4414.0700 D:\WINDOWS\system32\CLBCATQ.DLL 0x77000000 0xd4000 2001.12.4414.0700 D:\WINDOWS\system32\COMRes.dll 0x44160000 0x127000 7.00.6000.16705 D:\WINDOWS\system32\urlmon.dll 0x44360000 0x5cd000 7.00.6000.16705 D:\WINDOWS\system32\ieframe.dll 0x76ac0000 0x11000 3.05.2284.0001 D:\WINDOWS\system32\ATL.DLL 0x442b0000 0x3c000 7.00.6000.16705 D:\WINDOWS\system32\webcheck.dll 0x76010000 0x65000 6.02.3104.0000 D:\WINDOWS\system32\MSVCP60.dll 0x7d200000 0x2bc000 3.01.4001.5512 D:\WINDOWS\system32\msi.dll 0x00cc0000 0x1b000 11.80.1048.0000 D:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll 0x10000000 0x1c000 7.00.0000.0000 D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll 0x00e90000 0x24000 4.42.0000.0000 D:\Program Files\7-Zip\7-zip.dll 0x01260000 0x6b000 D:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll 0x012d0000 0x12000 7.00.0000.0015 D:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll 0x7c250000 0x102000 7.10.3077.0000 D:\Program Files\Avira\AntiVir PersonalEdition Classic\MFC71U.DLL 0x01330000 0x56000 7.10.3052.0004 D:\Program Files\Avira\AntiVir PersonalEdition Classic\MSVCR71.dll 0x5d360000 0xf000 7.10.3077.0000 D:\WINDOWS\system32\MFC71FRA.DLL 0x01300000 0xd000 7.00.0009.0050 D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll ListDLLs v2.25 - DLL lister for Win9x/NT Copyright © 1997-2004 Mark Russinovich Sysinternals - www.sysinternals.com ------------------------------------------------------------------------------ winlogon.exe pid: 556 Command line: winlogon.exe Base Size Version Path 0x01000000 0x82000 \??\D:\WINDOWS\system32\winlogon.exe 0x77be0000 0x58000 7.00.2600.5512 D:\WINDOWS\system32\msvcrt.dll 0x779e0000 0x97000 5.131.2600.5512 D:\WINDOWS\system32\CRYPT32.dll 0x76be0000 0x2e000 5.131.2600.5512 D:\WINDOWS\system32\WINTRUST.dll 0x005d0000 0x200 D:\WINDOWS\system32\tdssadw.dll 0x58b50000 0x9a000 5.82.2900.5512 D:\WINDOWS\system32\COMCTL32.dll 0x74730000 0x3d000 3.525.1132.0000 D:\WINDOWS\system32\ODBC32.dll 0x1f840000 0x18000 3.525.1117.0000 D:\WINDOWS\system32\odbcint.dll 0x76ac0000 0x11000 3.05.2284.0001 D:\WINDOWS\system32\ATL.DLL 0x77000000 0xd4000 2001.12.4414.0700 D:\WINDOWS\system32\COMRes.dll 0x76f80000 0x7f000 2001.12.4414.0700 D:\WINDOWS\system32\CLBCATQ.DLL Le volume dans le lecteur D n'a pas de nom. Le numéro de série du volume est E43F-60DE Répertoire de D:\WINDOWS\system32 14.04.2008 04:33 6'144 csrss.exe 1 fichier(s) 6'144 octets 0 Rép(s) 177'086'316'544 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur D n'a pas de nom. Le numéro de série du volume est E43F-60DE Répertoire de D:\WINDOWS\Downloaded Program Files 26.02.2008 22:52 <REP> . 26.02.2008 22:52 <REP> .. 26.02.2008 21:10 65 desktop.ini 20.11.2007 17:04 1'523'536 FP_AX_CAB_INSTALLER.exe 20.01.2000 16:25 1'162 Microsoft XML Parser for Java.osd 20.11.2007 16:50 247 swflash.inf 4 fichier(s) 1'525'010 octets Total des fichiers listés : 4 fichier(s) 1'525'010 octets 2 Rép(s) 177'086'316'544 octets libres Recherche de rootkit! (Merci S!Ri) Recherche d'infections connues Export des clefs sensibles.. Liste des fichiers en exception sur le pare-feu XP SP2 "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe" "D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe" "D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="D:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe" "D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"="D:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe:*:Enabled:hpqnrs08.exe" "D:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe"="D:\\Program Files\\Intuwave\\Shared\\mRouterRuntime\\mRouterRuntime.exe:*:Enabled:mRouterRuntime Module" "D:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe"="D:\\Program Files\\Sony Ericsson\\Mobile4\\Sync Manager\\DXP SyncML.exe:*:Enabled:DXP SyncML Module" "D:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos\\Warhammer.exe"="D:\\Program Files\\NAMCO BANDAI Games\\Warhammer® Mark of Chaos\\Warhammer.exe:*:Enabled:Warhammer®: Mark of Chaos™" "D:\\Program Files\\LimeWire\\LimeWire.exe"="D:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire" "D:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe"="D:\\Program Files\\THQ\\Dawn of War - Soulstorm\\Soulstorm.exe:*:Enabled:Soulstorm" "D:\\Program Files\\DNA\\btdna.exe"="D:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA" "D:\\Program Files\\BitTorrent\\bittorrent.exe"="D:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent" "D:\\Program Files\\iTunes\\iTunes.exe"="D:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" "D:\\WINDOWS\\system32\\dpvsetup.exe"="D:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test" "D:\\WINDOWS\\system32\\rundll32.exe"="D:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Exécuter une DLL en tant qu'application" "D:\\Program Files\\THQ\\Dawn Of War\\W40k.exe"="D:\\Program Files\\THQ\\Dawn Of War\\W40k.exe:*:Enabled:W40k" "D:\\Program Files\\RandomGames\\Chaos Gate\\WH40K.exe"="D:\\Program Files\\RandomGames\\Chaos Gate\\WH40K.exe:*:Enabled:WH40K" "D:\\WINDOWS\\system32\\drivers\\svchost.exe"="D:\\WINDOWS\\system32\\drivers\\svchost.exe:*:Disabled:svchost" "D:\\Program Files\\Skype\\Phone\\Skype.exe"="D:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype" "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger" "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="D:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)" Export de la clef SharedTaskScheduler [sharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Pré-chargeur Browseui" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Démon de cache des catégories de composant" exports des policies REGEDIT4 [system] "dontdisplaylastusername"=dword:00000000 "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"=dword:00000001 "undockwithoutlogon"=dword:00000001 Export des clefs sensibles.. Rechercher adresses sensibles dans le fichier HOSTS... catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-22 16:13:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden services & system hive ... disk error: D:\WINDOWS\system32\config\system, 0 scanning hidden registry entries ... disk error: D:\WINDOWS\system32\config\software, 0 disk error: D:\Documents and Settings\Alex\ntuser.dat, 0 scanning hidden files ... disk error: D:\ please note that you need administrator rights to perform deep scan KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Process list by traversal of KiWaitListHead 4 - System 520 - csrss.exe 556 - winlogon.exe 600 - services.exe 612 - lsass.exe 636 - alg.exe 768 - svchost.exe 848 - svchost.exe 908 - svchost.exe 960 - svchost.exe 1056 - spoolsv.exe 1124 - sched.exe 1232 - avguard.exe 1244 - AppleMobileDevi 1360 - LVComSer.exe 1388 - LVPrcSrv.exe 1416 - nvsvc32.exe 1476 - HPZipm12.exe 1632 - firefox.exe 1640 - explorer.exe 1952 - PSPAP.exe 1964 - avgnt.exe 4088 - cmd.exe Total number of processes = 23 NOTE: Under WinXP, this will not show all processes. KProcCheck Version 0.2-beta1 Proof-of-Concept by SIG^2 (www.security.org.sg) Driver/Module list by traversal of PsLoadedModuleList 804D7000 - \WINDOWS\system32\ntkrnlpa.exe 806E4000 - \WINDOWS\system32\hal.dll BADA8000 - \WINDOWS\system32\KDCOM.DLL BACB8000 - \WINDOWS\system32\BOOTVID.dll BA6A7000 - spzr.sys BADAA000 - \WINDOWS\System32\Drivers\WMILIB.SYS BA68F000 - \WINDOWS\System32\Drivers\SCSIPORT.SYS BA660000 - ACPI.sys BA64F000 - pci.sys BA8A8000 - isapnp.sys BAE70000 - pciide.sys BAB28000 - \WINDOWS\system32\DRIVERS\PCIIDEX.SYS BA8B8000 - MountMgr.sys BA630000 - ftdisk.sys BADAC000 - dmload.sys BA60A000 - dmio.sys BAB30000 - PartMgr.sys BA8C8000 - VolSnap.sys BA5F2000 - atapi.sys BA8D8000 - disk.sys BA8E8000 - \WINDOWS\system32\DRIVERS\CLASSPNP.SYS BA5D2000 - fltmgr.sys BA5C0000 - sr.sys BA8F8000 - PxHelp20.sys BA5A9000 - KSecDD.sys BA51C000 - Ntfs.sys BA4EF000 - NDIS.sys BA4D5000 - Mup.sys BA928000 - \SystemRoot\system32\DRIVERS\intelppm.sys B9E0F000 - \SystemRoot\system32\DRIVERS\nv4_mini.sys B9DFB000 - \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS B9DD3000 - \SystemRoot\system32\DRIVERS\HDAudBus.sys BAB80000 - \SystemRoot\system32\DRIVERS\usbuhci.sys B9DAF000 - \SystemRoot\system32\DRIVERS\USBPORT.SYS BAB88000 - \SystemRoot\system32\DRIVERS\usbehci.sys BAB98000 - \SystemRoot\system32\DRIVERS\fdc.sys B9D9E000 - \SystemRoot\system32\DRIVERS\serial.sys BAD58000 - \SystemRoot\system32\DRIVERS\serenum.sys B9D8A000 - \SystemRoot\system32\DRIVERS\parport.sys BA938000 - \SystemRoot\system32\DRIVERS\imapi.sys BA948000 - \SystemRoot\system32\DRIVERS\cdrom.sys BA958000 - \SystemRoot\system32\DRIVERS\redbook.sys B9D67000 - \SystemRoot\system32\DRIVERS\ks.sys BAD68000 - \SystemRoot\System32\Drivers\GEARAspiWDM.sys B9D2E000 - \SystemRoot\System32\Drivers\aftn7yna.SYS BAFB0000 - \SystemRoot\system32\DRIVERS\audstub.sys BA9B8000 - \SystemRoot\system32\DRIVERS\rasl2tp.sys BAD80000 - \SystemRoot\system32\DRIVERS\ndistapi.sys B9CEF000 - \SystemRoot\system32\DRIVERS\ndiswan.sys BA9C8000 - \SystemRoot\system32\DRIVERS\raspppoe.sys BA9D8000 - \SystemRoot\system32\DRIVERS\raspptp.sys BAC20000 - \SystemRoot\system32\DRIVERS\TDI.SYS B9CDE000 - \SystemRoot\system32\DRIVERS\psched.sys BA9E8000 - \SystemRoot\system32\DRIVERS\msgpc.sys BAC30000 - \SystemRoot\system32\DRIVERS\ptilink.sys BAC40000 - \SystemRoot\system32\DRIVERS\raspti.sys BA9F8000 - \SystemRoot\System32\Drivers\pcouffin.sys B9CAE000 - \SystemRoot\system32\DRIVERS\rdpdr.sys BAA08000 - \SystemRoot\system32\DRIVERS\termdd.sys BAC58000 - \SystemRoot\system32\DRIVERS\kbdclass.sys BAC68000 - \SystemRoot\system32\DRIVERS\mouclass.sys BADCC000 - \SystemRoot\system32\DRIVERS\swenum.sys B9C50000 - \SystemRoot\system32\DRIVERS\update.sys BA4B1000 - \SystemRoot\system32\DRIVERS\mssmbios.sys BAA18000 - \SystemRoot\System32\Drivers\NDProxy.SYS B66D2000 - \SystemRoot\system32\drivers\RtkHDAud.sys B66AE000 - \SystemRoot\system32\drivers\portcls.sys BAA48000 - \SystemRoot\system32\drivers\drmk.sys BAA58000 - \SystemRoot\system32\DRIVERS\usbhub.sys BADD8000 - \SystemRoot\system32\DRIVERS\USBD.SYS BAC90000 - \SystemRoot\system32\DRIVERS\flpydisk.sys BADDC000 - \SystemRoot\System32\Drivers\Fs_Rec.SYS BAE83000 - \SystemRoot\System32\Drivers\Null.SYS BADE0000 - \SystemRoot\System32\Drivers\Beep.SYS BACB0000 - \SystemRoot\system32\DRIVERS\HIDPARSE.SYS BAB40000 - \SystemRoot\System32\drivers\vga.sys BADE4000 - \SystemRoot\System32\Drivers\mnmdd.SYS BADE8000 - \SystemRoot\System32\DRIVERS\RDPCDD.sys BAB70000 - \SystemRoot\System32\Drivers\Msfs.SYS BAB90000 - \SystemRoot\System32\Drivers\Npfs.SYS BAD94000 - \SystemRoot\system32\DRIVERS\rasacd.sys B658B000 - \SystemRoot\system32\DRIVERS\ipsec.sys B6532000 - \SystemRoot\system32\DRIVERS\tcpip.sys B650C000 - \SystemRoot\system32\DRIVERS\ipnat.sys B64E4000 - \SystemRoot\system32\DRIVERS\netbt.sys BAA78000 - \SystemRoot\system32\DRIVERS\wanarp.sys B64C2000 - \SystemRoot\System32\drivers\afd.sys BAA88000 - \SystemRoot\system32\DRIVERS\netbios.sys BABB0000 - \SystemRoot\system32\DRIVERS\ssmdrv.sys B6497000 - \SystemRoot\system32\DRIVERS\rdbss.sys B6427000 - \SystemRoot\system32\DRIVERS\mrxsmb.sys BAAA8000 - \SystemRoot\System32\Drivers\Fips.SYS B9C30000 - \??\D:\WINDOWS\system32\drivers\EIO.sys B63EE000 - \SystemRoot\system32\DRIVERS\avipbb.sys BADEE000 - \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys BABC8000 - \SystemRoot\system32\DRIVERS\usbccgp.sys BAAE8000 - \SystemRoot\system32\drivers\LVUSBSta.sys B617C000 - \SystemRoot\system32\DRIVERS\LV302V32.SYS BAAF8000 - \SystemRoot\System32\Drivers\Cdfs.SYS BADF4000 - \SystemRoot\system32\DRIVERS\lv302af.sys BAB08000 - \SystemRoot\system32\drivers\usbaudio.sys B60E4000 - \SystemRoot\system32\DRIVERS\lvrs.sys B65D6000 - \SystemRoot\system32\DRIVERS\usbscan.sys BABE8000 - \SystemRoot\system32\DRIVERS\usbprint.sys BABF8000 - \SystemRoot\system32\DRIVERS\HPZius12.sys BAC08000 - \SystemRoot\system32\DRIVERS\USBSTOR.SYS BAB18000 - \SystemRoot\system32\DRIVERS\HPZid412.sys B65BE000 - \SystemRoot\system32\DRIVERS\HPZipr12.sys B602C000 - \SystemRoot\System32\Drivers\dump_atapi.sys BADFC000 - \SystemRoot\System32\Drivers\dump_WMILIB.SYS BF800000 - \SystemRoot\System32\win32k.sys B9C34000 - \SystemRoot\System32\drivers\Dxapi.sys BAC48000 - \SystemRoot\System32\watchdog.sys BF9C3000 - \SystemRoot\System32\drivers\dxg.sys BAFA6000 - \SystemRoot\System32\drivers\dxgthk.sys B641B000 - \SystemRoot\system32\DRIVERS\hidusb.sys BAA28000 - \SystemRoot\system32\DRIVERS\HIDCLASS.SYS B5F67000 - \SystemRoot\system32\DRIVERS\CnxEtU.sys B6417000 - \SystemRoot\system32\DRIVERS\mouhid.sys B668E000 - \SystemRoot\system32\DRIVERS\CnxEtP.sys B5F4E000 - \SystemRoot\system32\DRIVERS\CnxTgN.sys B63FF000 - \SystemRoot\system32\DRIVERS\kbdhid.sys BF9D5000 - \SystemRoot\System32\nv4_disp.dll B5A01000 - \SystemRoot\system32\DRIVERS\mrxdav.sys BADB0000 - \SystemRoot\System32\Drivers\ParVdm.SYS B596E000 - \SystemRoot\system32\DRIVERS\atksgt.sys BAC80000 - \SystemRoot\system32\DRIVERS\lirsgt.sys B5931000 * --[Hidden]-- B5AAE000 - \SystemRoot\system32\drivers\sysaudio.sys B587D000 - \??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys B54E3000 - \SystemRoot\system32\DRIVERS\srv.sys BAC10000 - \SystemRoot\system32\DRIVERS\LVPr2Mon.sys B51D2000 - \SystemRoot\System32\Drivers\HTTP.sys B4FC4000 - \SystemRoot\system32\drivers\kmixer.sys BAEEA000 - \SystemRoot\System32\DRIVERS\KProcCheck.sys Total number of drivers = 135 Liste des programmes installes 7-Zip 4.42 Adobe Flash Player ActiveX Adobe Reader 7.0.9 - Français AiO_Scan_CDA AiOSoftwareNPI Apple Mobile Device Support Apple Software Update Ashampoo WinOptimizer Platinum 3 Assistant de connexion Windows Live ASUS nVidia Driver AutoUpdate Avira AntiVir Personal - Free Antivirus BufferChm C5100 c5100_Help Coffret de pilotes Logitech Legacy USB Camera Coffret de pilotes Logitech QuickCam Compatibility Pack for the 2007 Office system ConvertXtoDVD 3.0.0.7 Correctif pour Windows Internet Explorer 7 (KB947864) Correctif pour Windows XP (KB952287) CP_CalendarTemplates1 cp_OnlineProjectsConfig CP_Package_Basic1 CP_Panorama1Config cp_PosterPrintConfig CueTour CustomerResearchQFolder Dawn Of War Dawn of War - Soulstorm Dawn of War - Soulstorm Destinations DeviceManagementQFolder DivX Codec DivX Content Uploader DivX Converter DivX Player DivX Web Player DocProc DocProcQFolder DocumentViewer DocumentViewerQFolder eSupportQFolder Fax_CDA FullDPAppQFolder FunAccess GeTax PP 2007 Heroes of Might and Magic V High Definition Audio Driver Package - KB888111 HP Customer Participation Program 7.0 HP Document Viewer 7.0 HP Imaging Device Functions 7.0 HP Photosmart Premier Software 6.5 HP Photosmart, Officejet and Deskjet 7.0.A HP Software Update HP Solution Center 7.0 HPPhotoSmartExpress HPProductAssistant InfraRecorder InstantShareDevices InstantShareDevicesMFC iTunes Java 6 Update 3 Java 6 Update 5 Java 6 Update 7 LimeWire PRO 4.12.6 LiveUpdate 2.0 (Symantec Corporation) Logitech QuickCam MarketResearch Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 French Language Pack Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft Internationalized Domain Names Mitigation APIs Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 Microsoft National Language Support Downlevel APIs Microsoft Office 2000 Premium Microsoft Office PowerPoint Viewer 2007 (French) Microsoft Visual C++ 2005 Redistributable Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) Mise à jour de sécurité pour Lecteur Windows Media 9 (KB936782) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB944533) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB950759) Mise à jour de sécurité pour Windows Internet Explorer 7 (KB953838) Mise à jour de sécurité pour Windows XP (KB938464) Mise à jour de sécurité pour Windows XP (KB941569) Mise à jour de sécurité pour Windows XP (KB946648) Mise à jour de sécurité pour Windows XP (KB950760) Mise à jour de sécurité pour Windows XP (KB950762) Mise à jour de sécurité pour Windows XP (KB950974) Mise à jour de sécurité pour Windows XP (KB951066) Mise à jour de sécurité pour Windows XP (KB951376-v2) Mise à jour de sécurité pour Windows XP (KB951376) Mise à jour de sécurité pour Windows XP (KB951698) Mise à jour de sécurité pour Windows XP (KB951748) Mise à jour de sécurité pour Windows XP (KB952954) Mise à jour de sécurité pour Windows XP (KB953839) Mise à jour pour Windows XP (KB951072-v2) Mise à jour pour Windows XP (KB951978) Mozilla Firefox (3.0.1) MSXML 4.0 SP2 (KB936181) NewCopy_CDA NVIDIA Drivers OCR Software by I.R.I.S 7.0 PanoStandAlone PayPen PayPen PhotoGallery ProductContextNPI QuickTime RandMap Readme REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Scan ScannerCopy Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) SkinsHP1 Skype 2.5 SlideShow SolutionCenter Sonic_PrimoSDK SpywareBlaster 4.1 Status Toolbox Total Uninstall 4.9.4 TrayApp Unload Warhammer Battle March WebFldrs XP WebReg Weight Watchers FlexiPoints Windows Internet Explorer 7 Windows Live installer Windows Live Messenger Windows XP Service Pack 3 Xvid 1.1.3 final uninstall XviD MPEG-4 Video Codec yellownet Java Edition ZyXEL ADSL USB Modem WAN Adapter Le volume dans le lecteur D n'a pas de nom. Le numéro de série du volume est E43F-60DE Répertoire de D:\Program Files 21.09.2008 22:30 <REP> . 21.09.2008 22:30 <REP> .. 27.02.2008 22:45 <REP> 7-Zip 18.09.2008 17:02 <REP> Adobe 27.02.2008 22:50 <REP> Apple Software Update 26.02.2008 22:20 <REP> Ashampoo 18.09.2008 17:50 <REP> Avira 24.07.2008 15:18 <REP> BACKUP 09.03.2008 14:09 <REP> BitTorrent 27.02.2008 23:24 <REP> C-CHANNEL 26.02.2008 22:39 <REP> Common Files 24.07.2008 16:33 <REP> DAEMON Tools Lite 21.09.2008 17:25 <REP> Diskeeper Corporation 21.09.2008 17:30 <REP> DivX 04.09.2008 07:06 <REP> DNA 21.09.2008 17:30 <REP> Fichiers communs 15.09.2008 22:36 <REP> GeTaxPP2007 26.02.2008 23:03 <REP> Hewlett-Packard 26.02.2008 23:08 <REP> HP 22.03.2008 14:07 <REP> InfraRecorder 18.09.2008 17:04 <REP> InstallShield Installation Information 26.02.2008 21:29 <REP> Intel 15.08.2008 17:02 <REP> Internet Explorer 28.04.2008 23:32 <REP> iPod 28.04.2008 23:32 <REP> iTunes 20.09.2008 00:17 <REP> Java 29.03.2008 16:41 <REP> LimeWire 17.09.2008 19:10 <REP> Logitech 15.08.2008 17:03 <REP> Messenger 02.06.2008 00:06 <REP> Microsoft CAPICOM 2.1.0.2 29.02.2008 23:01 <REP> microsoft frontpage 29.02.2008 23:13 <REP> Microsoft Office 24.07.2008 15:29 <REP> Movie Maker 22.09.2008 16:01 <REP> Mozilla Firefox 16.09.2008 21:20 <REP> MSECache 26.02.2008 21:08 <REP> MSN 26.02.2008 21:09 <REP> MSN Gaming Zone 27.02.2008 23:57 <REP> NAMCO BANDAI Games 24.07.2008 15:27 <REP> NetMeeting 26.02.2008 21:09 <REP> Online Services 24.07.2008 16:34 <REP> Outlook Express 21.09.2008 17:30 <REP> QuickTime 21.09.2008 17:30 <REP> Realtek 28.02.2008 01:14 <REP> Skype 21.09.2008 17:15 <REP> SpywareBlaster 29.02.2008 23:17 <REP> Symantec 15.07.2008 22:55 <REP> THQ 10.04.2008 20:51 <REP> Thrustmaster 21.09.2008 17:17 <REP> Total Uninstall 4 16.08.2008 14:52 <REP> Ubisoft 23.03.2008 12:12 <REP> VSO 25.06.2008 09:18 <REP> Weight Watchers FlexiPoints 03.06.2008 11:57 <REP> Windows Live 21.09.2008 17:30 <REP> Windows Media Player 24.07.2008 15:27 <REP> Windows NT 19.06.2008 23:14 <REP> WinISO 26.02.2008 21:11 <REP> xerox 21.08.2008 09:32 <REP> Xvid 02.09.2008 21:20 <REP> yellownet 19.06.2008 23:18 <REP> Zero G Registry 01.04.2008 16:33 <REP> ZyXEL 0 fichier(s) 0 octets 61 Rép(s) 177'077'112'832 octets libres Le volume dans le lecteur D n'a pas de nom. Le numéro de série du volume est E43F-60DE Répertoire de D:\Program Files\fichiers communs 21.09.2008 17:30 <REP> . 21.09.2008 17:30 <REP> .. 18.09.2008 17:03 <REP> Adobe 27.02.2008 22:49 <REP> Apple 29.02.2008 23:04 <REP> Designer 26.02.2008 23:03 <REP> Hewlett-Packard 26.02.2008 23:06 <REP> HP 27.02.2008 23:23 <REP> InstallShield 26.02.2008 22:14 <REP> Java 17.09.2008 19:12 <REP> LogiShrd 05.03.2008 22:39 <REP> Logitech 31.05.2008 12:01 <REP> Microsoft Shared 01.03.2008 00:25 <REP> Motorola Shared 26.02.2008 21:10 <REP> MSSoap 26.02.2008 21:10 <REP> Services 26.02.2008 23:06 <REP> Sonic Shared 26.02.2008 21:47 <REP> SpeechEngines 29.02.2008 23:17 <REP> Symantec Shared 24.07.2008 15:27 <REP> System 02.04.2008 22:34 <REP> Teleca Shared 21.09.2008 17:30 <REP> WindowsLiveInstaller 0 fichier(s) 0 octets 21 Rép(s) 177'077'108'736 octets libres Le volume dans le lecteur D n'a pas de nom. Le numéro de série du volume est E43F-60DE Répertoire de D:\Program Files\fichiers communs\Microsoft Shared\Web Folders 26.02.2008 21:17 <REP> . 26.02.2008 21:17 <REP> .. 18.05.2001 16:57 561'209 MSONSEXT.DLL 03.06.1999 13:09 122'937 MSOWS409.DLL 07.03.2001 08:00 127'033 MSOWS40c.DLL 18.03.1999 06:37 593'977 RAGENT.DLL 4 fichier(s) 1'405'156 octets 2 Rép(s) 177'077'108'736 octets libres Le volume dans le lecteur D n'a pas de nom. Le numéro de série du volume est E43F-60DE Répertoire de D:\Program Files\common files 26.02.2008 22:39 <REP> . 26.02.2008 22:39 <REP> .. 26.02.2008 22:52 <REP> Motive 0 fichier(s) 0 octets 3 Rép(s) 177'077'108'736 octets libres ****** Fin du rapport DiagHelp Veuillez svp envoyer le fichier C:\upload_moi_RIZZETTO.tar.gz a l'adresse http://upload.malekal.com

Voila, j'ai effectué la manoeuvre...et désinstallé les 2 programme..voici le rapport.. [Edit: A noté que j'ai effectué un scan avec Avira Antivir et il n'a rien trouvé...mais....impossible de lancer le programme de "guard" antivir. Le pc plante de suite et je dois rebooter. A noté aussi que diskeeper ne fonctionne plus non plus..quand je lance une analyse ou un défrag..il ne dis "Diskeeper could not initialize". J'ai bien tenté de désinstaller et réinstaller ces deux programme ..mais rien n'y fait.] Rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 00:17:25, on 20.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe D:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe D:\Program Files\Thrustmaster\FunAccess\PSPAP.exe D:\WINDOWS\system32\wuauclt.exe D:\WINDOWS\system32\msiexec.exe D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe D:\Documents and Settings\Alex\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/index_d.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" O4 - HKLM\..\Run: [PSPAP] D:\Program Files\Thrustmaster\FunAccess\PSPAP.exe min O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer = 194.230.1.71 194.230.1.39 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe -- End of file - 5148 bytes Rapport Antivir: Avira AntiVir Personal Report file date: samedi, 20. septembre 2008 00:28 Scanning for 1624929 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: Alex Computer name: RIZZETTO Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12.08.2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26.06.2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12.09.2008 15:54:27 ANTIVIR3.VDF : 7.0.6.180 188416 Bytes 18.09.2008 15:54:28 Engineversion : 8.1.1.34 AEVDF.DLL : 8.1.0.5 102772 Bytes 09.07.2008 08:46:50 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18.09.2008 15:54:34 AESCN.DLL : 8.1.0.23 119156 Bytes 18.09.2008 15:54:34 AERDL.DLL : 8.1.1.2 438644 Bytes 18.09.2008 15:54:33 AEPACK.DLL : 8.1.2.1 364917 Bytes 18.09.2008 15:54:32 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18.09.2008 15:54:32 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18.09.2008 15:54:31 AEHELP.DLL : 8.1.0.15 115063 Bytes 09.07.2008 08:46:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 18.09.2008 15:54:30 AEEMU.DLL : 8.1.0.7 430452 Bytes 18.09.2008 15:54:29 AECORE.DLL : 8.1.1.11 172406 Bytes 18.09.2008 15:54:29 AEBB.DLL : 8.1.0.1 53617 Bytes 24.04.2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18.09.2008 15:54:28 AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: samedi, 20. septembre 2008 00:28 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'PSPAP.exe' - '1' Module(s) have been scanned Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'DkService.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 29 processes with 29 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '50' files ). Starting the file scan: Begin scan in 'C:\' <Disque slave> Begin scan in 'D:\' D:\pagefile.sys [WARNING] The file could not be opened! D:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! End of the scan: samedi, 20. septembre 2008 00:48 Used time: 20:10 Minute(s) The scan has been done completely. 6664 Scanning directories 406799 Files were scanned 0 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 406797 Files not concerned 1423 Archives were scanned 3 Warnings 0 Notes

Re-bonjour et merci pour votre rapidité... Rapport toolbar-S&D: -----------\\ ToolBar S&D 1.2.0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E6750 @ 2.66GHz ) BIOS : Award Modular BIOS v6.00PG USER : Alex ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total : 149 Go Free : 81 Go D:\ (Local Disk) - NTFS - Total : 232 Go Free : 154 Go E:\ (CD or DVD) F:\ (USB) G:\ (CD or DVD) "D:\ToolBar SD" ( MAJ : 14-09-2008|23:30 ) Option : [1] ( 19.09.2008|16:36 ) -----------\\ Recherche de Fichiers / Dossiers ... D:\Program Files\DAEMON Tools Toolbar D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll D:\Program Files\DAEMON Tools Toolbar\FirefoxDTT D:\Program Files\DAEMON Tools Toolbar\Resources D:\Program Files\DAEMON Tools Toolbar\uninst.exe D:\Program Files\DAEMON Tools Toolbar\_DTLite.xml -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="D:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.bluewin.ch/index_d.html"'>http://www.bluewin.ch/index_d.html" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"'>http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157"'>http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896"'>http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv] Trojan ! .. D:\WINDOWS\system32\drivers\tdssserv.sys Trojan ! .. D:\WINDOWS\system32\tdssservers.dat Trojan ! .. D:\WINDOWS\system32\tdssserf.dll Trojan ! .. D:\WINDOWS\system32\tdssmain.dll Trojan ! .. D:\WINDOWS\system32\tdssinit.dll Trojan ! .. D:\WINDOWS\system32\tdssadw.dll Trojan ! .. D:\WINDOWS\system32\tdsslog.dll Trojan ! .. D:\WINDOWS\system32\tdssl.dll --------------------\\ Cracks & Keygens .. D:\DOCUME~1\Alex\Mes documents\Ma musique\Jacques Dutronc - Crack Boum Hue.MP3 D:\DOCUME~1\Alex\Mes documents\Nouveau dossier\Crack D:\DOCUME~1\Alex\Mes documents\Nouveau dossier\Crack\H5_Game.exe 1 - "D:\ToolBar SD\TB_1.txt" - 19.09.2008|16:37 - Option : [1] -----------\\ Fin du rapport a 16:37:27.98 2ème rapport Toolbar-S&D: -----------\\ ToolBar S&D 1.2.0 XP/Vista Microsoft Windows XP Professionnel ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : Intel® Core2 Duo CPU E6750 @ 2.66GHz ) BIOS : Award Modular BIOS v6.00PG USER : Alex ( Administrator ) BOOT : Normal boot Antivirus : Avira AntiVir PersonalEdition 8.0.1.27 (Activated) A:\ (USB) C:\ (Local Disk) - NTFS - Total : 149 Go Free : 81 Go D:\ (Local Disk) - NTFS - Total : 232 Go Free : 154 Go E:\ (CD or DVD) F:\ (USB) G:\ (CD or DVD) "D:\ToolBar SD" ( MAJ : 14-09-2008|23:30 ) Option : [2] ( 19.09.2008|16:39 ) -----------\\ SUPPRESSION Supprime! - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll Supprime! - D:\Program Files\DAEMON Tools Toolbar\FirefoxDTT Supprime! - D:\Program Files\DAEMON Tools Toolbar\Resources Supprime! - D:\Program Files\DAEMON Tools Toolbar\uninst.exe Supprime! - D:\Program Files\DAEMON Tools Toolbar\_DTLite.xml Supprime! - D:\Program Files\DAEMON Tools Toolbar -----------\\ Recherche de Fichiers / Dossiers ... -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="D:\\WINDOWS\\system32\\blank.htm" "Start Page"="http://www.bluewin.ch/index_d.html" "Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://www.msn.com/" --------------------\\ Recherche d'autres infections --------------------\\ ROOTKIT !! Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\CurrentControlSet\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet001\Enum\Root\tdssserv] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\LEGACY_TDSSSERV] Rootkit Tibs ! .. [HKLM\..\ControlSet003\Enum\Root\tdssserv] Trojan ! .. D:\WINDOWS\system32\drivers\tdssserv.sys Trojan ! .. D:\WINDOWS\system32\tdssservers.dat Trojan ! .. D:\WINDOWS\system32\tdssserf.dll Trojan ! .. D:\WINDOWS\system32\tdssmain.dll Trojan ! .. D:\WINDOWS\system32\tdssinit.dll Trojan ! .. D:\WINDOWS\system32\tdssadw.dll Trojan ! .. D:\WINDOWS\system32\tdsslog.dll Trojan ! .. D:\WINDOWS\system32\tdssl.dll --------------------\\ Cracks & Keygens .. D:\DOCUME~1\Alex\Mes documents\Ma musique\Jacques Dutronc - Crack Boum Hue.MP3 D:\DOCUME~1\Alex\Mes documents\Nouveau dossier\Crack D:\DOCUME~1\Alex\Mes documents\Nouveau dossier\Crack\H5_Game.exe 1 - "D:\ToolBar SD\TB_1.txt" - 19.09.2008|16:37 - Option : [1] 2 - "D:\ToolBar SD\TB_2.txt" - 19.09.2008|16:40 - Option : [2] -----------\\ Fin du rapport a 16:40:21.40 Rapport Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:42:56, on 19.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe D:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe D:\Program Files\Thrustmaster\FunAccess\PSPAP.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Mozilla Firefox\firefox.exe D:\Documents and Settings\Alex\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/index_d.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" O4 - HKLM\..\Run: [PSPAP] D:\Program Files\Thrustmaster\FunAccess\PSPAP.exe min O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = D:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = D:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user') O4 - Startup: Logitech . Enregistrement du produit.lnk = D:\Program Files\Logitech\QuickCam\eReg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{13FA50E3-09D9-4005-8556-1288CDBA393F}: NameServer = 194.230.1.71 194.230.1.39 O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe -- End of file - 6551 bytes

Bonjour, Depuis 3 jours j'ai de gros soucis sur mon pc, ralentissement et plantage à gogo. J'ai fais un scan avec mon "avast" et il m'a trouvé un virus "win32:Bravix-D [DRP]". Suite à cela j'ai jeter un œil sur ce forum et j'ai suivi votre conseil en installant "Antivir". Cela n'a bien évidement rien changé vu que le virus est déjà implanter sur mon pc. J'ai donc effectué un scan complet avec antivir et je vous mets a disposition le log "antivir" ainsi que le log "hijackthis" en espérant que vous pourrez p-e me donner un coup de main. Je vous en remercie d'avance...d'ailleur Alex (Edit: De plus il semblerait que Antivir est déconnecter et il m'est impossible de le remettre sans faire planter le pc :/ ) Log Antivir: Avira AntiVir Personal Report file date: vendredi, 19. septembre 2008 15:24 Scanning for 1624929 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 3) [5.1.2600] Boot mode: Normally booted Username: Alex Computer name: RIZZETTO Version information: BUILD.DAT : 8.1.0.331 16934 Bytes 12.08.2008 11:46:00 AVSCAN.EXE : 8.1.4.7 315649 Bytes 26.06.2008 08:57:53 AVSCAN.DLL : 8.1.4.0 40705 Bytes 26.05.2008 07:56:40 LUKE.DLL : 8.1.4.5 164097 Bytes 12.06.2008 12:44:19 LUKERES.DLL : 8.1.4.0 12033 Bytes 26.05.2008 07:58:52 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.07.2007 10:33:34 ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24.06.2008 13:54:15 ANTIVIR2.VDF : 7.0.6.153 3341312 Bytes 12.09.2008 15:54:27 ANTIVIR3.VDF : 7.0.6.180 188416 Bytes 18.09.2008 15:54:28 Engineversion : 8.1.1.34 AEVDF.DLL : 8.1.0.5 102772 Bytes 09.07.2008 08:46:50 AESCRIPT.DLL : 8.1.0.76 319867 Bytes 18.09.2008 15:54:34 AESCN.DLL : 8.1.0.23 119156 Bytes 18.09.2008 15:54:34 AERDL.DLL : 8.1.1.2 438644 Bytes 18.09.2008 15:54:33 AEPACK.DLL : 8.1.2.1 364917 Bytes 18.09.2008 15:54:32 AEOFFICE.DLL : 8.1.0.25 196986 Bytes 18.09.2008 15:54:32 AEHEUR.DLL : 8.1.0.59 1438071 Bytes 18.09.2008 15:54:31 AEHELP.DLL : 8.1.0.15 115063 Bytes 09.07.2008 08:46:50 AEGEN.DLL : 8.1.0.36 315764 Bytes 18.09.2008 15:54:30 AEEMU.DLL : 8.1.0.7 430452 Bytes 18.09.2008 15:54:29 AECORE.DLL : 8.1.1.11 172406 Bytes 18.09.2008 15:54:29 AEBB.DLL : 8.1.0.1 53617 Bytes 24.04.2008 08:50:42 AVWINLL.DLL : 1.0.0.12 15105 Bytes 09.07.2008 08:40:05 AVPREF.DLL : 8.0.2.0 38657 Bytes 16.05.2008 09:28:01 AVREP.DLL : 8.0.0.2 98344 Bytes 18.09.2008 15:54:28 AVREG.DLL : 8.0.0.1 33537 Bytes 09.05.2008 11:26:40 AVARKT.DLL : 1.0.0.23 307457 Bytes 12.02.2008 08:29:23 AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12.06.2008 12:27:49 SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.01.2008 17:28:02 SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12.06.2008 12:49:40 NETNT.DLL : 8.0.0.1 7937 Bytes 25.01.2008 12:05:10 RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12.06.2008 13:48:07 RCTEXT.DLL : 8.0.52.0 86273 Bytes 27.06.2008 13:34:37 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: d:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: C:, D:, Process scan.....................: on Scan registry....................: on Search for rootkits..............: off Scan all files...................: Intelligent file selection Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: medium Start of the scan: vendredi, 19. septembre 2008 15:24 The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'wuauclt.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'PSPAP.exe' - '1' Module(s) have been scanned Scan process 'CnxDslTb.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned Scan process 'LVComSer.exe' - '1' Module(s) have been scanned Scan process 'DkService.exe' - '1' Module(s) have been scanned Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'savedump.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 34 processes with 34 modules were scanned Starting master boot sector scan: Master boot sector HD0 [iNFO] No virus was found! Master boot sector HD1 [iNFO] No virus was found! Master boot sector HD2 [iNFO] No virus was found! [WARNING] System error [21]: Le périphérique n'est pas prêt. Start scanning boot sectors: Boot sector 'C:\' [iNFO] No virus was found! Boot sector 'D:\' [iNFO] No virus was found! Starting to scan the registry. The registry was scanned ( '57' files ). Starting the file scan: Begin scan in 'C:\' <Disque slave> Begin scan in 'D:\' D:\pagefile.sys [WARNING] The file could not be opened! D:\Documents and Settings\Alex\Local Settings\Temp\lhhnalca.exe [DETECTION] Is the TR/Dropper.Gen Trojan [NOTE] The file was moved to '493ba9f5.qua'! D:\Documents and Settings\Alex\Local Settings\Temporary Internet Files\Content.IE5\A08D4ET4\._file[1].exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4939a9fa.qua'! D:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! D:\WINDOWS\system32\drivers\svchost.exe [DETECTION] Is the TR/Crypt.XPACK.Gen Trojan [NOTE] The file was moved to '4936ad97.qua'! End of the scan: vendredi, 19. septembre 2008 15:46 Used time: 22:36 Minute(s) The scan has been done completely. 6721 Scanning directories 426079 Files were scanned 3 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 3 files were moved to quarantine 0 files were renamed 2 Files cannot be scanned 426074 Files not concerned 1456 Archives were scanned 3 Warnings 3 Notes Log Hijackthis: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 15:47:42, on 19.09.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe D:\Program Files\Bonjour\mDNSResponder.exe D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe D:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe D:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe D:\WINDOWS\system32\nvsvc32.exe D:\WINDOWS\system32\HPZipm12.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\system32\wbem\wmiapsrv.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\RTHDCPL.EXE D:\WINDOWS\system32\RUNDLL32.EXE D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe D:\Program Files\Thrustmaster\FunAccess\PSPAP.exe D:\WINDOWS\system32\ctfmon.exe D:\Documents and Settings\Alex\Bureau\Antivirus\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bluewin.ch/index_d.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [sunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [CnxDslTaskBar] "D:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" O4 - HKLM\..\Run: [PSPAP] D:\Program Files\Thrustmaster\FunAccess\PSPAP.exe min O4 - HKLM\..\Run: [DiskeeperSystray] "D:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: Logitech . Enregistrement du produit.lnk = D:\Program Files\Logitech\QuickCam\eReg.exe (User 'SYSTEM') O4 - .DEFAULT Startup: Logitech . Enregistrement du produit.lnk = D:\Program Files\Logitech\QuickCam\eReg.exe (User 'Default user') O4 - Startup: Logitech . Enregistrement du produit.lnk = D:\Program Files\Logitech\QuickCam\eReg.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - D:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - D:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - D:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe O23 - Service: LVCOMSer - Logitech Inc. - D:\Program Files\Fichiers communs\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - D:\Program Files\Fichiers communs\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe -- End of file - 6481 bytes