Se connecter / S'enregistrer
Votre question

aidez moi please TR/Dldr.Swizzor.Gen - Trojan me pourrit la vie !

Tags :
  • Antivir
  • Sécurité
Dernière réponse : dans Sécurité et virus
3 Février 2008 17:06:57

Bonjour à tous !

Je suis équipée de l'antivirus ANTIVIR (gratuit) qui n'arrête pas de me deteter : TR/Dldr.Swizzor.Gen - Trojan
Je suis en train de faire le scan et de tout mettre en quarantaine mais comment faire pour tout nettoyer et que mon ordi soit enfin guéri ?
merci de votre aide...

Autres pages sur : aidez please dldr swizzor gen trojan pourrit vie

a b 8 Sécurité
3 Février 2008 19:47:35

Bonjour,

Quel emplacement ?

Télécharge puis installe Hijackthis (Trend Micro).
Poste ensuite un rapport dans ta prochaine réponse.
AIDE : Comment utiliser Hijackthis v2.0.2
3 Février 2008 20:05:25

re bonjour enfin quelqu'un qui m'aide ihiii


AntiVir PersonalEdition Classic
Report file date: Sunday, February 03, 2008 16:44

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: YOUR-0CDC4F5844

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, February 03, 2008 16:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'everest.bin' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'digstream.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\body copy second city\CoolAim.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4814e1e2.qua'!
C:\Documents and Settings\All Users\Application Data\body copy second city\heart funk.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4806e1dc.qua'!
C:\Documents and Settings\All Users\Application Data\body copy second city\Title save.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4819e1e3.qua'!
C:\Documents and Settings\LocalService\Application Data\Cdrom Window\OozeMemoObj.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '481fe2d6.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0116221.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6e80b.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0118219.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6ea04.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0118253.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6ea64.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0119653.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6eae9.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0121663.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6ec2a.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0121697.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6ec84.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0129365.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6ed4f.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0129401.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6edd9.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0131409.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6ef1b.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0132802.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6f01c.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0132838.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6f047.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0134832.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6f189.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136720.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f27c.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136721.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f281.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136722.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f286.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136723.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f28d.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144052.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f361.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144053.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f367.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144054.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f36e.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144055.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f373.qua'!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: Sunday, February 03, 2008 18:09
Used time: 1:25:03 min

The scan has been done completely.

5979 Scanning directories
446831 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
24 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
446807 Files not concerned
11762 Archives were scanned
2 Warnings
0 Notes

Contenus similaires
a b 8 Sécurité
3 Février 2008 20:08:57

C'est pas ce que j'ai demandé...
3 Février 2008 20:10:04

je sais désolé voila encore merci
AntiVir PersonalEdition Classic
Report file date: Sunday, February 03, 2008 16:44

Scanning for 835736 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: YOUR-0CDC4F5844

Version information:
BUILD.DAT : 270 15603 Bytes 9/19/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 8/23/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 8/16/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 8/14/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 8/21/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 7/18/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 9/13/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 9/13/2007 14:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 9/13/2007 14:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 9/17/2007 17:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 2/26/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 7/18/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 4/16/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 8/3/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 7/18/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 8/28/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 7/18/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 3/8/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 8/7/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 8/21/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 7/23/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Sunday, February 03, 2008 16:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'everest.bin' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'mqtgsvc.exe' - '1' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'mqsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'msdtc.exe' - '1' Module(s) have been scanned
Scan process 'BTStackServer.exe' - '1' Module(s) have been scanned
Scan process 'MPAPI3s.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'PcSync2.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'issch.exe' - '1' Module(s) have been scanned
Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned
Scan process 'digstream.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'QLBCTRL.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'HP Wireless Assistant.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
52 processes with 52 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '47' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\body copy second city\CoolAim.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4814e1e2.qua'!
C:\Documents and Settings\All Users\Application Data\body copy second city\heart funk.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4806e1dc.qua'!
C:\Documents and Settings\All Users\Application Data\body copy second city\Title save.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '4819e1e3.qua'!
C:\Documents and Settings\LocalService\Application Data\Cdrom Window\OozeMemoObj.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '481fe2d6.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0116221.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6e80b.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0118219.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6ea04.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0118253.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6ea64.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0119653.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6eae9.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0121663.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6ec2a.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP380\A0121697.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6ec84.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0129365.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6ed4f.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0129401.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6edd9.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0131409.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6ef1b.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0132802.EXE
[DETECTION] Is the Trojan horse TR/Keygen.BM
[INFO] The file was moved to '47d6f01c.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0132838.EXE
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Pcclient.GV.210 Backdoor server programs
[INFO] The file was moved to '47d6f047.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP408\A0134832.EXE
[DETECTION] Is the Trojan horse TR/Keygen.P
[INFO] The file was moved to '47d6f189.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136720.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f27c.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136721.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f281.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136722.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f286.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP410\A0136723.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f28d.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144052.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f361.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144053.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f367.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144054.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f36e.qua'!
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP426\A0144055.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was moved to '47d6f373.qua'!
Begin scan in 'D:\' <HP_RECOVERY>


End of the scan: Sunday, February 03, 2008 18:09
Used time: 1:25:03 min

The scan has been done completely.

5979 Scanning directories
446831 Files were scanned
24 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
24 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
446807 Files not concerned
11762 Archives were scanned
2 Warnings
0 Notes


3 Février 2008 20:11:11

re bonjour , comment je fait pour savoir ou il trouve ???? merci d avance
3 Février 2008 20:16:56

désole me suis trompé en postant le rapport ,mille escuse voila le bon et encore merci
Logfile of HijackThis v1.99.1
Scan saved at 20:07:22, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\mqsvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavalys\EVEREST Home Edition\everest.bin
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection_2_0_...
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

a b 8 Sécurité
3 Février 2008 20:23:12

Même souci ?
3 Février 2008 20:31:43

j'ai tout mis en quanrantaine, mais qu'est que je dois faire ????
je suis pas trop doué dans ce domene donc désoler.
j' en deduit que si j'ai mis en quarantaine c'es du provisoire non ?
merci de ton aide
a b 8 Sécurité
3 Février 2008 20:33:22

Re,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Lop S&D.exe sur ton Bureau.
  • Double-clique dessus pour lancer l'installation
  • Puis double-clique sur le raccourci Lop S&D présent sur ton Bureau
  • Séléctionne la langue souhaitée , puis choisis l'option 1 (Recherche)
  • Patiente jusqu'à la fin du scan
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    3 Février 2008 20:34:58

    j'ai fait le hijackthis apres avoir mis tout mis en quarantaine donc peut que cela napparaitra pas sur le rapport ??? c 'est 1 question que je me pose mercii a toi
    a b 8 Sécurité
    3 Février 2008 20:37:11

    Tu as raté mon post ;) 
    3 Février 2008 20:43:07

    oui désolé,voia ce que tu m'a demandé
    et encore merci
    -----------------------------[ Lop S&D 2.2.5 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : hp ] [ "C:\Program Files\Lop SD" ]
    [ 03/02/2008 | 20:39:12,89 ] [ PC : YOUR-0CDC4F5844 ]
    [ MAJ : 03-02-2008 | 20:21 ]

    -------------[ Listing des dossiers dans Application Data ]------------

    [28/10/2006|17:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [28/10/2006|17:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [29/06/2006|12:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [29/10/2006|07:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [28/10/2006|17:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [29/10/2006|07:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [03/02/2008|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [03/02/2008|13:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [15/12/2006|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
    [29/01/2008|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
    [07/04/2007|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [29/01/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [03/02/2008|16:44] C:\DOCUME~1\ALLUSE~1\APPLIC~1\body copy second city
    [25/09/2007|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [29/06/2006|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [03/02/2008|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DIGStream
    [04/04/2007|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [22/05/2007|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
    [12/03/2007|12:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [28/10/2006|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [29/06/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [29/10/2006|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [16/05/2007|00:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
    [21/10/2007|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [28/10/2006|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [04/04/2007|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [10/02/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
    [29/10/2006|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [03/02/2008|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [29/10/2006|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [03/02/2008|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [19/12/2006|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [30/12/2006|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [27/12/2006|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

    [28/10/2006|17:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [28/10/2006|17:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [29/06/2006|12:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [29/10/2006|07:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [28/10/2006|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [29/10/2006|07:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [03/02/2008|14:24] C:\DOCUME~1\hp\APPLIC~1\.
    [03/02/2008|14:24] C:\DOCUME~1\hp\APPLIC~1\..
    [25/12/2006|07:18] C:\DOCUME~1\hp\APPLIC~1\ACD Systems
    [06/04/2007|23:47] C:\DOCUME~1\hp\APPLIC~1\Adobe
    [06/04/2007|23:57] C:\DOCUME~1\hp\APPLIC~1\AdobeUM
    [28/10/2007|17:03] C:\DOCUME~1\hp\APPLIC~1\CyberLink
    [09/11/2007|15:10] C:\DOCUME~1\hp\APPLIC~1\Datalayer
    [29/06/2006|12:00] C:\DOCUME~1\hp\APPLIC~1\desktop.ini
    [16/05/2007|00:58] C:\DOCUME~1\hp\APPLIC~1\Droppix
    [15/12/2007|17:53] C:\DOCUME~1\hp\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
    [20/10/2007|12:58] C:\DOCUME~1\hp\APPLIC~1\Google
    [27/12/2006|21:37] C:\DOCUME~1\hp\APPLIC~1\HP
    [29/10/2006|07:58] C:\DOCUME~1\hp\APPLIC~1\Identities
    [01/06/2007|02:08] C:\DOCUME~1\hp\APPLIC~1\Lavasoft
    [20/12/2006|17:40] C:\DOCUME~1\hp\APPLIC~1\Macromedia
    [09/11/2007|16:06] C:\DOCUME~1\hp\APPLIC~1\Media Player Classic
    [24/05/2007|04:15] C:\DOCUME~1\hp\APPLIC~1\Microsoft
    [30/01/2007|12:36] C:\DOCUME~1\hp\APPLIC~1\MSNInstaller
    [15/05/2007|01:03] C:\DOCUME~1\hp\APPLIC~1\NMM-MetaData.db
    [11/09/2007|20:34] C:\DOCUME~1\hp\APPLIC~1\Nokia
    [26/12/2007|02:33] C:\DOCUME~1\hp\APPLIC~1\Nokia Multimedia Player
    [04/04/2007|23:31] C:\DOCUME~1\hp\APPLIC~1\PC Suite
    [15/01/2007|00:11] C:\DOCUME~1\hp\APPLIC~1\Reallusion
    [02/06/2007|13:30] C:\DOCUME~1\hp\APPLIC~1\Screenshot Sender
    [13/01/2007|05:56] C:\DOCUME~1\hp\APPLIC~1\Sun
    [28/01/2008|19:37] C:\DOCUME~1\hp\APPLIC~1\wklnhst.dat

    [17/03/2007|14:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [17/03/2007|14:57] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [03/02/2008|16:48] C:\DOCUME~1\LOCALS~1\APPLIC~1\Cdrom Window
    [01/01/2007|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [28/10/2006|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [28/10/2006|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [28/10/2006|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [03/02/2008 19:50][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [--248--]
    [03/02/2008 16:35][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
    [16/03/2006 05:00][-rah-----] C:\WINDOWS\tasks\desktop.ini [--65--]

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [03/02/2008|20:39] C:\Program Files\Lop SD
    [03/02/2008|20:38] C:\Program Files\..
    [03/02/2008|20:38] C:\Program Files\.
    [03/02/2008|20:07] C:\Program Files\Hijackthis Version Fran‡aise
    [03/02/2008|16:43] C:\Program Files\Avira
    [03/02/2008|14:34] C:\Program Files\Google
    [03/02/2008|14:28] C:\Program Files\Windows Media Player
    [03/02/2008|14:26] C:\Program Files\Windows Media Connect 2
    [03/02/2008|13:58] C:\Program Files\Webtarot
    [03/02/2008|13:58] C:\Program Files\MSN Messenger
    [03/02/2008|13:55] C:\Program Files\Common Files
    [03/02/2008|13:38] C:\Program Files\InstallShield Installation Information
    [03/02/2008|13:15] C:\Program Files\Wanadoo
    [03/02/2008|03:15] C:\Program Files\Spybot - Search & Destroy
    [03/02/2008|02:58] C:\Program Files\Creative
    [20/12/2007|18:39] C:\Program Files\Securitoo
    [12/12/2007|05:16] C:\Program Files\Internet Explorer
    [03/12/2007|04:08] C:\Program Files\Micro-Sys Software
    [03/12/2007|03:05] C:\Program Files\Intel
    [17/10/2007|05:11] C:\Program Files\Lavalys
    [03/10/2007|04:42] C:\Program Files\Java
    [25/09/2007|21:45] C:\Program Files\HP
    [06/07/2007|02:01] C:\Program Files\Outlook Express
    [12/06/2007|20:21] C:\Program Files\PhotoFiltre Studio
    [01/06/2007|02:08] C:\Program Files\Lavasoft
    [29/05/2007|15:52] C:\Program Files\ehthumbs.db
    [29/05/2007|15:27] C:\Program Files\EnglishOtto
    [23/05/2007|03:48] C:\Program Files\CCleaner
    [23/05/2007|02:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [22/05/2007|23:55] C:\Program Files\illiminable
    [15/05/2007|00:21] C:\Program Files\OO Software
    [19/04/2007|03:42] C:\Program Files\Microsoft Money 2005
    [19/04/2007|03:26] C:\Program Files\Online Services
    [04/04/2007|23:31] C:\Program Files\DIFX
    [04/04/2007|23:30] C:\Program Files\Nokia
    [12/03/2007|12:20] C:\Program Files\NetWaiting
    [08/03/2007|23:49] C:\Program Files\Oberon Media
    [18/02/2007|23:47] C:\Program Files\DIGStream
    [18/02/2007|23:47] C:\Program Files\ESPNMotion
    [13/02/2007|13:07] C:\Program Files\Siber Systems
    [10/02/2007|15:16] C:\Program Files\RGB
    [30/01/2007|12:35] C:\Program Files\MSN
    [30/12/2006|18:16] C:\Program Files\MSXML 4.0
    [30/12/2006|18:04] C:\Program Files\Messenger
    [30/12/2006|13:06] C:\Program Files\QuickTime
    [15/12/2006|07:44] C:\Program Files\Adobe
    [15/12/2006|07:43] C:\Program Files\CyberLink
    [15/12/2006|07:42] C:\Program Files\WinRAR
    [15/12/2006|07:42] C:\Program Files\ACD Systems
    [15/12/2006|07:39] C:\Program Files\Microsoft ActiveSync
    [15/12/2006|07:38] C:\Program Files\Microsoft Office
    [15/12/2006|07:38] C:\Program Files\Microsoft Visual Studio
    [15/12/2006|07:38] C:\Program Files\Microsoft.NET
    [15/12/2006|07:15] C:\Program Files\WIDCOMM
    [15/12/2006|07:15] C:\Program Files\HP Pavilion Webcam Demo
    [29/10/2006|07:58] C:\Program Files\WindowsUpdate
    [29/10/2006|07:58] C:\Program Files\xerox
    [29/10/2006|07:58] C:\Program Files\Windows Plus
    [29/10/2006|07:58] C:\Program Files\Windows NT
    [29/10/2006|07:58] C:\Program Files\Uninstall Information
    [29/10/2006|07:58] C:\Program Files\Sonic
    [29/10/2006|07:58] C:\Program Files\NetMeeting
    [29/10/2006|07:58] C:\Program Files\MSN Gaming Zone
    [29/10/2006|07:58] C:\Program Files\Movie Maker
    [29/10/2006|07:58] C:\Program Files\microsoft frontpage
    [29/10/2006|07:58] C:\Program Files\ComPlus Applications
    [28/10/2006|18:07] C:\Program Files\Hewlett-Packard
    [28/10/2006|17:41] C:\Program Files\DivX
    [28/10/2006|17:41] C:\Program Files\muvee Technologies
    [28/10/2006|17:40] C:\Program Files\CONEXANT
    [28/10/2006|17:32] C:\Program Files\Synaptics
    [28/10/2006|17:31] C:\Program Files\Microsoft Works
    [28/10/2006|17:22] C:\Program Files\HPQ

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [03/02/2008|13:55] C:\Program Files\Common Files\..
    [03/02/2008|13:55] C:\Program Files\Common Files\.
    [06/07/2007|04:52] C:\Program Files\Common Files\System
    [23/05/2007|02:56] C:\Program Files\Common Files\Droppix
    [22/05/2007|18:48] C:\Program Files\Common Files\Microsoft Shared
    [16/05/2007|00:57] C:\Program Files\Common Files\LightScribe
    [04/04/2007|23:30] C:\Program Files\Common Files\Nokia
    [04/04/2007|23:30] C:\Program Files\Common Files\PCSuite
    [12/03/2007|12:20] C:\Program Files\Common Files\Sonic Shared
    [19/12/2006|10:39] C:\Program Files\Common Files\Symantec Shared
    [15/12/2006|07:44] C:\Program Files\Common Files\Adobe
    [15/12/2006|07:42] C:\Program Files\Common Files\ACD Systems
    [15/12/2006|07:40] C:\Program Files\Common Files\L&H
    [15/12/2006|07:38] C:\Program Files\Common Files\DESIGNER
    [29/10/2006|07:58] C:\Program Files\Common Files\SureThing Shared
    [29/10/2006|07:58] C:\Program Files\Common Files\SpeechEngines
    [29/10/2006|07:58] C:\Program Files\Common Files\Services
    [29/10/2006|07:58] C:\Program Files\Common Files\ODBC
    [29/10/2006|07:58] C:\Program Files\Common Files\MSSoap
    [29/10/2006|07:58] C:\Program Files\Common Files\Java
    [29/10/2006|07:58] C:\Program Files\Common Files\HP
    [28/10/2006|17:20] C:\Program Files\Common Files\InstallShield

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    C:\DOCUME~1\ALLUSE~1\APPLIC~1\body copy second city
    C:\DOCUME~1\LOCALS~1\APPLIC~1\Cdrom Window

    ----------------------[ Verification du Registre ]----------------------

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts MODIFIE

    127.0.0.1 localhost
    127.0.0.1 bin.errorprotector.com ## added by CiD
    127.0.0.1 br.errorsafe.com ## added by CiD
    127.0.0.1 br.winantivirus.com ## added by CiD
    127.0.0.1 br.winfixer.com ## added by CiD
    127.0.0.1 cdn.drivecleaner.com ## added by CiD
    127.0.0.1 cdn.errorsafe.com ## added by CiD
    127.0.0.1 cdn.winsoftware.com ## added by CiD
    127.0.0.1 de.errorsafe.com ## added by CiD
    127.0.0.1 de.winantivirus.com ## added by CiD
    127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
    127.0.0.1 download.cdn.errorsafe.com ## added by CiD
    127.0.0.1 download.cdn.winsoftware.com ## added by CiD
    127.0.0.1 download.errorsafe.com ## added by CiD
    127.0.0.1 download.systemdoctor.com ## added by CiD
    127.0.0.1 download.winantispyware.com ## added by CiD
    127.0.0.1 download.windrivecleaner.com ## added by CiD
    127.0.0.1 download.winfixer.com ## added by CiD
    127.0.0.1 drivecleaner.com ## added by CiD
    127.0.0.1 dynamique.drivecleaner.com ## added by CiD
    127.0.0.1 errorprotector.com ## added by CiD
    127.0.0.1 errorsafe.com ## added by CiD
    127.0.0.1 es.winantivirus.com ## added by CiD
    127.0.0.1 fr.winantivirus.com ## added by CiD
    127.0.0.1 fr.winfixer.com ## added by CiD
    127.0.0.1 go.drivecleaner.com ## added by CiD
    127.0.0.1 go.errorsafe.com ## added by CiD
    127.0.0.1 go.winantispyware.com ## added by CiD
    127.0.0.1 go.winantivirus.com ## added by CiD
    127.0.0.1 hk.winantivirus.com ## added by CiD
    127.0.0.1 instlog.errorsafe.com ## added by CiD
    127.0.0.1 instlog.winantivirus.com ## added by CiD
    127.0.0.1 instlog.winfixer.com ## added by CiD
    127.0.0.1 jsp.drivecleaner.com ## added by CiD
    127.0.0.1 kb.errorsafe.com ## added by CiD
    127.0.0.1 kb.winantivirus.com ## added by CiD
    127.0.0.1 nl.errorsafe.com ## added by CiD
    127.0.0.1 se.errorsafe.com ## added by CiD
    127.0.0.1 secure.drivecleaner.com ## added by CiD
    127.0.0.1 secure.errorsafe.com ## added by CiD
    127.0.0.1 secure.winantispam.com ## added by CiD
    127.0.0.1 secure.winantispy.com ## added by CiD
    127.0.0.1 secure.winantivirus.com ## added by CiD
    127.0.0.1 support.winantivirus.com ## added by CiD
    127.0.0.1 trial.updates.winsoftware.com ## added by CiD
    127.0.0.1 ulog.winantivirus.com ## added by CiD
    127.0.0.1 utils.errorsafe.com ## added by CiD
    127.0.0.1 utils.winantivirus.com ## added by CiD
    127.0.0.1 utils.winfixer.com ## added by CiD
    127.0.0.1 winantispyware.com ## added by CiD
    127.0.0.1 winantivirus.com ## added by CiD
    127.0.0.1 winfixer.com ## added by CiD
    127.0.0.1 winfixer2006.com ## added by CiD
    127.0.0.1 winsoftware.com ## added by CiD
    127.0.0.1 www.drivecleaner.com ## added by CiD
    127.0.0.1 www.errorprotector.com ## added by CiD
    127.0.0.1 www.errorsafe.com ## added by CiD
    127.0.0.1 www.systemdoctor.com ## added by CiD
    127.0.0.1 www.utils.winfixer.com ## added by CiD
    127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
    127.0.0.1 www.win-virus-pro.com ## added by CiD
    127.0.0.1 www.winantispam.com ## added by CiD
    127.0.0.1 www.winantispy.com ## added by CiD
    127.0.0.1 www.winantispyware.com ## added by CiD
    127.0.0.1 www.winantivirus.com ## added by CiD
    127.0.0.1 www.winantiviruspro.com ## added by CiD
    127.0.0.1 www.windrivecleaner.com ## added by CiD
    127.0.0.1 www.windrivesafe.com ## added by CiD
    127.0.0.1 www.winfixer.com ## added by CiD
    127.0.0.1 www.winfixer2006.com ## added by CiD
    127.0.0.1 www.winsoftware.com ## added by CiD

    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-03 20:39:55
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:1][Doss:0] C:\DOCUME~1\hp\LOCALS~1\Temp
    /!\ [Fich:11][Doss:0] C:\DOCUME~1\hp\Cookies
    /!\ [Fich:174][Doss:4] C:\DOCUME~1\hp\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 20:40:06,68 ]----------------------
    a b 8 Sécurité
    3 Février 2008 20:53:29

    Re,

    Relance Lop S&D

  • Choisis cette fois ci l'Option 2 (Suppression)
  • Ne ferme pas la fenêtre lors de la suppression !
  • Poste le rapport généré (C:\lopR.txt)

    (Si le Bureau ne réapparît pas presse Ctrl + Alt + Suppr , Onglet Fichier , Nouvelle tâche , tape explorer.exe et valide)
    3 Février 2008 20:58:59

    re,
    -----------------------------[ Lop S&D 2.2.5 ]---------------------------

    [ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
    [ USER : hp ] [ "C:\Program Files\Lop SD" ]
    [ 03/02/2008 | 20:55:47,03 ] [ PC : YOUR-0CDC4F5844 ]
    [ MAJ : 03-02-2008 | 20:21 ]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION /////////////////////////////

    Supprimé! - C:\DOCUME~1\ALLUSE~1\APPLIC~1\body copy second city
    Supprimé! - C:\DOCUME~1\LOCALS~1\APPLIC~1\Cdrom Window
    Restauré! - Fichier Hosts

    //////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    -------------[ Listing des dossiers dans Application Data ]------------

    [28/10/2006|17:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\.
    [28/10/2006|17:05] C:\DOCUME~1\ADMINI~1\APPLIC~1\..
    [29/06/2006|12:00] C:\DOCUME~1\ADMINI~1\APPLIC~1\desktop.ini
    [29/10/2006|07:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Identities
    [28/10/2006|17:32] C:\DOCUME~1\ADMINI~1\APPLIC~1\Macromedia
    [29/10/2006|07:58] C:\DOCUME~1\ADMINI~1\APPLIC~1\Microsoft

    [03/02/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\.
    [03/02/2008|20:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\..
    [15/12/2006|07:42] C:\DOCUME~1\ALLUSE~1\APPLIC~1\ACD Systems
    [29/01/2008|15:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\addr_file.html
    [07/04/2007|00:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe
    [29/01/2008|15:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
    [25/09/2007|21:45] C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
    [29/06/2006|12:00] C:\DOCUME~1\ALLUSE~1\APPLIC~1\desktop.ini
    [03/02/2008|20:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\DIGStream
    [04/04/2007|23:22] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
    [22/05/2007|23:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Droppix
    [12/03/2007|12:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
    [28/10/2006|17:33] C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
    [29/06/2006|19:49] C:\DOCUME~1\ALLUSE~1\APPLIC~1\hpzinstall.log
    [29/10/2006|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    [16/05/2007|00:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\LightScribe
    [21/10/2007|04:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft
    [28/10/2006|17:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
    [04/04/2007|23:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
    [10/02/2007|13:48] C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
    [29/10/2006|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\SBSI
    [03/02/2008|13:55] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Skype
    [29/10/2006|07:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
    [03/02/2008|03:15] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
    [19/12/2006|10:39] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
    [30/12/2006|17:54] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
    [27/12/2006|16:28] C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar

    [28/10/2006|17:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\.
    [28/10/2006|17:05] C:\DOCUME~1\DEFAUL~1\APPLIC~1\..
    [29/06/2006|12:00] C:\DOCUME~1\DEFAUL~1\APPLIC~1\desktop.ini
    [29/10/2006|07:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Identities
    [28/10/2006|17:32] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Macromedia
    [29/10/2006|07:58] C:\DOCUME~1\DEFAUL~1\APPLIC~1\Microsoft

    [03/02/2008|14:24] C:\DOCUME~1\hp\APPLIC~1\.
    [03/02/2008|14:24] C:\DOCUME~1\hp\APPLIC~1\..
    [25/12/2006|07:18] C:\DOCUME~1\hp\APPLIC~1\ACD Systems
    [06/04/2007|23:47] C:\DOCUME~1\hp\APPLIC~1\Adobe
    [06/04/2007|23:57] C:\DOCUME~1\hp\APPLIC~1\AdobeUM
    [28/10/2007|17:03] C:\DOCUME~1\hp\APPLIC~1\CyberLink
    [09/11/2007|15:10] C:\DOCUME~1\hp\APPLIC~1\Datalayer
    [29/06/2006|12:00] C:\DOCUME~1\hp\APPLIC~1\desktop.ini
    [16/05/2007|00:58] C:\DOCUME~1\hp\APPLIC~1\Droppix
    [15/12/2007|17:53] C:\DOCUME~1\hp\APPLIC~1\G-Force Prefs (WindowsMediaPlayer).txt
    [20/10/2007|12:58] C:\DOCUME~1\hp\APPLIC~1\Google
    [27/12/2006|21:37] C:\DOCUME~1\hp\APPLIC~1\HP
    [29/10/2006|07:58] C:\DOCUME~1\hp\APPLIC~1\Identities
    [01/06/2007|02:08] C:\DOCUME~1\hp\APPLIC~1\Lavasoft
    [20/12/2006|17:40] C:\DOCUME~1\hp\APPLIC~1\Macromedia
    [09/11/2007|16:06] C:\DOCUME~1\hp\APPLIC~1\Media Player Classic
    [24/05/2007|04:15] C:\DOCUME~1\hp\APPLIC~1\Microsoft
    [30/01/2007|12:36] C:\DOCUME~1\hp\APPLIC~1\MSNInstaller
    [15/05/2007|01:03] C:\DOCUME~1\hp\APPLIC~1\NMM-MetaData.db
    [11/09/2007|20:34] C:\DOCUME~1\hp\APPLIC~1\Nokia
    [26/12/2007|02:33] C:\DOCUME~1\hp\APPLIC~1\Nokia Multimedia Player
    [04/04/2007|23:31] C:\DOCUME~1\hp\APPLIC~1\PC Suite
    [15/01/2007|00:11] C:\DOCUME~1\hp\APPLIC~1\Reallusion
    [02/06/2007|13:30] C:\DOCUME~1\hp\APPLIC~1\Screenshot Sender
    [13/01/2007|05:56] C:\DOCUME~1\hp\APPLIC~1\Sun
    [28/01/2008|19:37] C:\DOCUME~1\hp\APPLIC~1\wklnhst.dat

    [03/02/2008|20:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\.
    [03/02/2008|20:55] C:\DOCUME~1\LOCALS~1\APPLIC~1\..
    [01/01/2007|14:09] C:\DOCUME~1\LOCALS~1\APPLIC~1\Microsoft

    [28/10/2006|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\.
    [28/10/2006|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\..
    [28/10/2006|17:03] C:\DOCUME~1\NETWOR~1\APPLIC~1\Microsoft

    ----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

    [03/02/2008 20:50][--a------] C:\WINDOWS\tasks\V‚rifier les mises … jour de Windows Live Toolbar.job [--248--]
    [03/02/2008 16:35][--ah-----] C:\WINDOWS\tasks\SA.DAT [--6--]
    [16/03/2006 05:00][-rah-----] C:\WINDOWS\tasks\desktop.ini [--65--]

    ---------------[ Listing des dossiers dans C:\Program Files ]--------------

    [03/02/2008|20:55] C:\Program Files\Lop SD
    [03/02/2008|20:38] C:\Program Files\..
    [03/02/2008|20:38] C:\Program Files\.
    [03/02/2008|20:07] C:\Program Files\Hijackthis Version Fran‡aise
    [03/02/2008|16:43] C:\Program Files\Avira
    [03/02/2008|14:34] C:\Program Files\Google
    [03/02/2008|14:28] C:\Program Files\Windows Media Player
    [03/02/2008|14:26] C:\Program Files\Windows Media Connect 2
    [03/02/2008|13:58] C:\Program Files\Webtarot
    [03/02/2008|13:58] C:\Program Files\MSN Messenger
    [03/02/2008|13:55] C:\Program Files\Common Files
    [03/02/2008|13:38] C:\Program Files\InstallShield Installation Information
    [03/02/2008|13:15] C:\Program Files\Wanadoo
    [03/02/2008|03:15] C:\Program Files\Spybot - Search & Destroy
    [03/02/2008|02:58] C:\Program Files\Creative
    [20/12/2007|18:39] C:\Program Files\Securitoo
    [12/12/2007|05:16] C:\Program Files\Internet Explorer
    [03/12/2007|04:08] C:\Program Files\Micro-Sys Software
    [03/12/2007|03:05] C:\Program Files\Intel
    [17/10/2007|05:11] C:\Program Files\Lavalys
    [03/10/2007|04:42] C:\Program Files\Java
    [25/09/2007|21:45] C:\Program Files\HP
    [06/07/2007|02:01] C:\Program Files\Outlook Express
    [12/06/2007|20:21] C:\Program Files\PhotoFiltre Studio
    [01/06/2007|02:08] C:\Program Files\Lavasoft
    [29/05/2007|15:52] C:\Program Files\ehthumbs.db
    [29/05/2007|15:27] C:\Program Files\EnglishOtto
    [23/05/2007|03:48] C:\Program Files\CCleaner
    [23/05/2007|02:56] C:\Program Files\Microsoft CAPICOM 2.1.0.2
    [22/05/2007|23:55] C:\Program Files\illiminable
    [15/05/2007|00:21] C:\Program Files\OO Software
    [19/04/2007|03:42] C:\Program Files\Microsoft Money 2005
    [19/04/2007|03:26] C:\Program Files\Online Services
    [04/04/2007|23:31] C:\Program Files\DIFX
    [04/04/2007|23:30] C:\Program Files\Nokia
    [12/03/2007|12:20] C:\Program Files\NetWaiting
    [08/03/2007|23:49] C:\Program Files\Oberon Media
    [18/02/2007|23:47] C:\Program Files\DIGStream
    [18/02/2007|23:47] C:\Program Files\ESPNMotion
    [13/02/2007|13:07] C:\Program Files\Siber Systems
    [10/02/2007|15:16] C:\Program Files\RGB
    [30/01/2007|12:35] C:\Program Files\MSN
    [30/12/2006|18:16] C:\Program Files\MSXML 4.0
    [30/12/2006|18:04] C:\Program Files\Messenger
    [30/12/2006|13:06] C:\Program Files\QuickTime
    [15/12/2006|07:44] C:\Program Files\Adobe
    [15/12/2006|07:43] C:\Program Files\CyberLink
    [15/12/2006|07:42] C:\Program Files\WinRAR
    [15/12/2006|07:42] C:\Program Files\ACD Systems
    [15/12/2006|07:39] C:\Program Files\Microsoft ActiveSync
    [15/12/2006|07:38] C:\Program Files\Microsoft Office
    [15/12/2006|07:38] C:\Program Files\Microsoft Visual Studio
    [15/12/2006|07:38] C:\Program Files\Microsoft.NET
    [15/12/2006|07:15] C:\Program Files\WIDCOMM
    [15/12/2006|07:15] C:\Program Files\HP Pavilion Webcam Demo
    [29/10/2006|07:58] C:\Program Files\WindowsUpdate
    [29/10/2006|07:58] C:\Program Files\xerox
    [29/10/2006|07:58] C:\Program Files\Windows Plus
    [29/10/2006|07:58] C:\Program Files\Windows NT
    [29/10/2006|07:58] C:\Program Files\Uninstall Information
    [29/10/2006|07:58] C:\Program Files\Sonic
    [29/10/2006|07:58] C:\Program Files\NetMeeting
    [29/10/2006|07:58] C:\Program Files\MSN Gaming Zone
    [29/10/2006|07:58] C:\Program Files\Movie Maker
    [29/10/2006|07:58] C:\Program Files\microsoft frontpage
    [29/10/2006|07:58] C:\Program Files\ComPlus Applications
    [28/10/2006|18:07] C:\Program Files\Hewlett-Packard
    [28/10/2006|17:41] C:\Program Files\DivX
    [28/10/2006|17:41] C:\Program Files\muvee Technologies
    [28/10/2006|17:40] C:\Program Files\CONEXANT
    [28/10/2006|17:32] C:\Program Files\Synaptics
    [28/10/2006|17:31] C:\Program Files\Microsoft Works
    [28/10/2006|17:22] C:\Program Files\HPQ

    ------[ Listing des dossiers dans C:\Program Files\Common Files ]------

    [03/02/2008|13:55] C:\Program Files\Common Files\..
    [03/02/2008|13:55] C:\Program Files\Common Files\.
    [06/07/2007|04:52] C:\Program Files\Common Files\System
    [23/05/2007|02:56] C:\Program Files\Common Files\Droppix
    [22/05/2007|18:48] C:\Program Files\Common Files\Microsoft Shared
    [16/05/2007|00:57] C:\Program Files\Common Files\LightScribe
    [04/04/2007|23:30] C:\Program Files\Common Files\Nokia
    [04/04/2007|23:30] C:\Program Files\Common Files\PCSuite
    [12/03/2007|12:20] C:\Program Files\Common Files\Sonic Shared
    [19/12/2006|10:39] C:\Program Files\Common Files\Symantec Shared
    [15/12/2006|07:44] C:\Program Files\Common Files\Adobe
    [15/12/2006|07:42] C:\Program Files\Common Files\ACD Systems
    [15/12/2006|07:40] C:\Program Files\Common Files\L&H
    [15/12/2006|07:38] C:\Program Files\Common Files\DESIGNER
    [29/10/2006|07:58] C:\Program Files\Common Files\SureThing Shared
    [29/10/2006|07:58] C:\Program Files\Common Files\SpeechEngines
    [29/10/2006|07:58] C:\Program Files\Common Files\Services
    [29/10/2006|07:58] C:\Program Files\Common Files\ODBC
    [29/10/2006|07:58] C:\Program Files\Common Files\MSSoap
    [29/10/2006|07:58] C:\Program Files\Common Files\Java
    [29/10/2006|07:58] C:\Program Files\Common Files\HP
    [28/10/2006|17:20] C:\Program Files\Common Files\InstallShield

    ----------------------[ Recherche avec S_Lop ]---------------------

    Aucun fichier / dossier Lop trouvé !

    -----------------[ Recherche de Fichiers / Dossiers Lop ]-----------------

    Aucun fichier / dossier Lop trouvé !

    ----------------------[ Verification du Registre ]----------------------

    ..... OK !

    --------------------[ Verification du fichier Hosts ]---------------------

    Fichier Hosts PROPRE


    ----------------[ Recherche de fichiers avec Catchme ]-----------------

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-02-03 20:56:15
    Windows 5.1.2600 Service Pack 2 NTFS
    scanning hidden files ...
    scan completed successfully
    hidden files: 0

    --------------------[ Recherche d'autres infections ]---------------------

    Aucune autre infection trouvée !

    /!\ [Fich:1][Doss:1] C:\DOCUME~1\hp\LOCALS~1\Temp
    /!\ [Fich:11][Doss:0] C:\DOCUME~1\hp\Cookies
    /!\ [Fich:174][Doss:4] C:\DOCUME~1\hp\TEMPOR~1\content.IE5

    --------------------[ Fin du rapport a 20:56:24,37 ]----------------------

    mercii de ton aie
    a b 8 Sécurité
    3 Février 2008 21:05:25

    Reposte un rapport Hijackthis.
    3 Février 2008 21:09:08

    re,merciii
    Logfile of HijackThis v1.99.1
    Scan saved at 21:07:33, on 03/02/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\mqsvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\mqtgsvc.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Lavalys\EVEREST Home Edition\everest.bin
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\cmd.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
    O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection_2_0_...
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

    a b 8 Sécurité
    3 Février 2008 22:17:49

    Même problème ?
    3 Février 2008 23:37:25

    re , maintenant ca va mais tout est en quanrantaine ,donc quand cela ne sera plus en quarantaine je verrais bien .
    Mais je te remercie pour ta patience et ton dévoument car tu dois surement répondre a beaucoup de personne comme moi . C'etait ma 1 ere experience sur 1 forum et tres bonne .bonne continuation bye peut etre a une prochaine enfin j 'espere pas ihihii .aller ji go encore merci ...;...
    a b 8 Sécurité
    4 Février 2008 18:35:48

    Re,

    De rien ;) 

  • Télécharge ToolsCleaner sur ton Bureau.
  • Clique sur Recherche et laisse le scan se terminer.
  • Clique sur Suppression pour finaliser.
  • Clique sur Quitter, pour que le rapport puisse se créer.
  • Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\)

    Désactive puis réactive la restauration du système : Voir aide

    Ajoute maintenant [Résolu] au titre. Pour cela :
    * Clique, dans ton premier message, sur le bouton "Editer"
    * Rajoute la mention [Résolu] au titre
    * Clique ensuite sur "Valider votre message"

    Lis le dossier dossier sur la prévention et la protection pour ne plus avoir ce genre de problème en cliquant sur l'image ci-dessous :

    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS