Se connecter / S'enregistrer
Votre question

Trojan et window installer

Tags :
  • Windows
  • Sécurité
Dernière réponse : dans Sécurité et virus
28 Octobre 2007 21:02:05

Bonjour,
Je rentre chez mes parents et leur ordinateur a plusieurs problèmes..., le premier est que je toutes les installations ou desinstalations passant par window installer sont impossibles et le second est celui ci, je recois des alertes de mon antivirus a chaque début de session : Win32:o bfuscated-BPS et il me dit que je suis infecté, quand je veux le supprimer cela ne fonctionne pas, je vous post le rapport de hijack this :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:15, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Documents and Settings\gajecki\Bureau\BlaBla\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Bird Burn] C:\DOCUME~1\gajecki\APPLIC~1\ISOSTO~1\FirstTwoCurb.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Omega Messenger.lnk = C:\Program Files\Omega Informatix\Omega Messenger\Omega Messenger.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://download.games.yahoo.com/games/voice/yacscom.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\guard.exe
O24 - Desktop Component 0: (no name) - http://yahooo.jexiste.fr/images/avatars/68355246743c913...
O24 - Desktop Component 1: (no name) - http://ouafik08.skyblog.com/pics/383621624_small.jpg
O24 - Desktop Component 2: (no name) - http://ouafik08.skyblog.com/pics/384765607.gif
O24 - Desktop Component 3: (no name) - http://ouafik08.skyblog.com/pics/384768377.gif
O24 - Desktop Component 4: (no name) - http://www.fdr-skatepark.com/FDRBANNER2.gif
O24 - Desktop Component 6: Security info v3 - C:\WINDOWS\screen.html

Configuration: Windows XP
Internet Explorer 6.09

Je suis ne peux plus utiliser msn :(  J'ai vraiment besoin de votre aide ... Mci d'avance

Autres pages sur : trojan window installer

a b 8 Sécurité
28 Octobre 2007 21:08:28

Bonjour,

Télécharge Lop S&D.zip.
Dézippe-le sur ton Bureau uniquement.
Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "R" puis valide en appuyant sur "Entrée".
Un rapport sera généré, poste son contenu ici.
28 Octobre 2007 21:16:07

Oki, merci de m'aider :)  Voici le rapport :
C:\Documents and settings\Administrateur\Application Data\Microsoft
C:\Documents and settings\Administrateur\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\SOAPCLOCKANTIRDR
C:\Documents and settings\All Users\Application Data\city about store file
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\WLInstaller
C:\Documents and settings\All Users\Application Data\Win mail bash city
C:\Documents and settings\All Users\Application Data\hpzinstall.log
C:\Documents and settings\All Users\Application Data\TEMP
C:\Documents and settings\All Users\Application Data\MSN6
C:\Documents and settings\All Users\Application Data\Babylon
C:\Documents and settings\All Users\Application Data\Yahoo! Companion
C:\Documents and settings\All Users\Application Data\Yahoo!
C:\Documents and settings\All Users\Application Data\NFS Underground
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\Autodesk
C:\Documents and settings\All Users\Application Data\UDL
C:\Documents and settings\All Users\Application Data\Cakewalk
C:\Documents and settings\All Users\Application Data\Ableton
C:\Documents and settings\All Users\Application Data\Pinnacle
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\All Users\Application Data\CyberLink

C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\gajecki\Application Data\isostopcash
C:\Documents and settings\gajecki\Application Data\Grisoft
C:\Documents and settings\gajecki\Application Data\Azureus
C:\Documents and settings\gajecki\Application Data\DMCache
C:\Documents and settings\gajecki\Application Data\MSN6
C:\Documents and settings\gajecki\Application Data\HP
C:\Documents and settings\gajecki\Application Data\Babylon
C:\Documents and settings\gajecki\Application Data\Real
C:\Documents and settings\gajecki\Application Data\Thunderbird
C:\Documents and settings\gajecki\Application Data\Talkback
C:\Documents and settings\gajecki\Application Data\Mozilla
C:\Documents and settings\gajecki\Application Data\Microsoft
C:\Documents and settings\gajecki\Application Data\EPSON
C:\Documents and settings\gajecki\Application Data\Macromedia
C:\Documents and settings\gajecki\Application Data\TaoUSign
C:\Documents and settings\gajecki\Application Data\AdobeUM
C:\Documents and settings\gajecki\Application Data\Help
C:\Documents and settings\gajecki\Application Data\Ahead
C:\Documents and settings\gajecki\Application Data\Autodesk
C:\Documents and settings\gajecki\Application Data\vlc
C:\Documents and settings\gajecki\Application Data\ArcSoft
C:\Documents and settings\gajecki\Application Data\Checkflow
C:\Documents and settings\gajecki\Application Data\Steinberg
C:\Documents and settings\gajecki\Application Data\TestFile.tmp
C:\Documents and settings\gajecki\Application Data\Lavasoft
C:\Documents and settings\gajecki\Application Data\Cakewalk
C:\Documents and settings\gajecki\Application Data\Ableton
C:\Documents and settings\gajecki\Application Data\Publish Providers
C:\Documents and settings\gajecki\Application Data\NetMedia Providers
C:\Documents and settings\gajecki\Application Data\Sonic Foundry
C:\Documents and settings\gajecki\Application Data\Sun
C:\Documents and settings\gajecki\Application Data\Sony
C:\Documents and settings\gajecki\Application Data\Microsoft Web Folders
C:\Documents and settings\gajecki\Application Data\DassaultSystemes
C:\Documents and settings\gajecki\Application Data\Adobe
C:\Documents and settings\gajecki\Application Data\InterTrust
C:\Documents and settings\gajecki\Application Data\CyberLink
C:\Documents and settings\gajecki\Application Data\desktop.ini
C:\Documents and settings\gajecki\Application Data\Identities

C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\LocalService\Application Data\McAfee.com Personal Firewall

C:\Documents and settings\NetworkService\Application Data\Microsoft



----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\ACB471F6918BEE46.job
C:\WINDOWS\tasks\Scheduled scanning task.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\2005.mny
C:\Program Files\2007.mny
C:\Program Files\AC3Filter
C:\Program Files\ACAD2000
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\AIM95
C:\Program Files\Alcohol Soft
C:\Program Files\Alwil Software
C:\Program Files\Analog Devices
C:\Program Files\AnswerWorks 4.0
C:\Program Files\Anti-Blaxx
C:\Program Files\ArcSoft
C:\Program Files\ASUS
C:\Program Files\ATI Technologies
C:\Program Files\Autodesk
C:\Program Files\Autodesk Deployment Wizard
C:\Program Files\Azureus
C:\Program Files\Babylon(2)
C:\Program Files\BNP.MNY
C:\Program Files\CCleaner
C:\Program Files\Common Files
C:\Program Files\ComPlus Applications
C:\Program Files\CyberLink
C:\Program Files\dict.avi
C:\Program Files\directx
C:\Program Files\Doom 3
C:\Program Files\EA GAMES
C:\Program Files\eMule
C:\Program Files\epson
C:\Program Files\Fichiers communs
C:\Program Files\Formation interactive Microsoft
C:\Program Files\F-Secure Anti-Virus
C:\Program Files\Grisoft
C:\Program Files\HP
C:\Program Files\IncrediMail
C:\Program Files\INSTALL
C:\Program Files\INSTALL.LOG
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\isostopcash
C:\Program Files\Java
C:\Program Files\JCA2000
C:\Program Files\jv16 PowerTools 2005
C:\Program Files\LISEZMOI.TXT
C:\Program Files\LIVEUPDATE
C:\Program Files\logo.bmp
C:\Program Files\Messager Wanadoo
C:\Program Files\Messenger
C:\Program Files\MessengerPlus! 3
C:\Program Files\Micro Application
C:\Program Files\Microsoft ActiveSync
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft R‚f‚rence
C:\Program Files\Morgan
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Thunderbird
C:\Program Files\MSI
C:\Program Files\MSMONEY.EXE
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\NetMeeting
C:\Program Files\oct.mny
C:\Program Files\Omega Informatix
C:\Program Files\ONES Trial (F)
C:\Program Files\Outlook Express
C:\Program Files\PageCharmer Trial
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\right.wav
C:\Program Files\Securitoo
C:\Program Files\Security Stronghold
C:\Program Files\Sega
C:\Program Files\Services en ligne
C:\Program Files\Sierra On-Line
C:\Program Files\skipped.H0
C:\Program Files\skipped.wav
C:\Program Files\SlySoft
C:\Program Files\Softwin
C:\Program Files\SolidWorks
C:\Program Files\Sonic
C:\Program Files\Sonic Foundry
C:\Program Files\Sonic Foundry Setup
C:\Program Files\Sony
C:\Program Files\Sony Setup
C:\Program Files\Soulseek
C:\Program Files\Sports Interactive
C:\Program Files\SPRY
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Starcraft
C:\Program Files\strings
C:\Program Files\system
C:\Program Files\Trillian
C:\Program Files\VeriSign
C:\Program Files\VideoLAN
C:\Program Files\Viewpoint
C:\Program Files\Vimicro
C:\Program Files\VirtualDJ
C:\Program Files\VOB
C:\Program Files\Wanadoo
C:\Program Files\Webroot
C:\Program Files\Winamp
C:\Program Files\Winamp3
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinMX
C:\Program Files\WinRAR
C:\Program Files\wrong.wav
C:\Program Files\xerox

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Autodesk Shared
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\DirectX
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\L&H
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\Sierra On-Line
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\SWF Studio
C:\program files\fichiers communs\System

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]

"Bird Burn"="C:\\DOCUME~1\\gajecki\\APPLIC~1\\ISOSTO~1\\FirstTwoCurb.exe"

-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

C:\Documents and settings\gajecki\Application Data\ISOSTO~1
C:\Program Files\ISOSTO~1
C:\WINDOWS\Prefetch\FIRSTTWOCURB.EXE-209185FA.pf
C:\WINDOWS\tasks\ACB471F6918BEE46.job

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : MODIFIE

127.0.0.1 es.winantivirus.com ## added by CiD
127.0.0.1 fr.winantivirus.com ## added by CiD
127.0.0.1 fr.winfixer.com ## added by CiD
127.0.0.1 go.drivecleaner.com ## added by CiD
127.0.0.1 go.errorsafe.com ## added by CiD
127.0.0.1 go.winantispyware.com ## added by CiD
127.0.0.1 go.winantivirus.com ## added by CiD
127.0.0.1 hk.winantivirus.com ## added by CiD
127.0.0.1 instlog.errorsafe.com ## added by CiD
127.0.0.1 instlog.winantivirus.com ## added by CiD
127.0.0.1 jsp.drivecleaner.com ## added by CiD
127.0.0.1 kb.errorsafe.com ## added by CiD
127.0.0.1 kb.winantivirus.com ## added by CiD
127.0.0.1 nl.errorsafe.com ## added by CiD
127.0.0.1 se.errorsafe.com ## added by CiD
127.0.0.1 secure.drivecleaner.com ## added by CiD
127.0.0.1 secure.errorsafe.com ## added by CiD
127.0.0.1 secure.winantispam.com ## added by CiD
127.0.0.1 secure.winantispy.com ## added by CiD
127.0.0.1 secure.winantivirus.com ## added by CiD
127.0.0.1 support.winantivirus.com ## added by CiD
127.0.0.1 ulog.winantivirus.com ## added by CiD
127.0.0.1 utils.errorsafe.com ## added by CiD
127.0.0.1 utils.winantivirus.com ## added by CiD
127.0.0.1 winantispyware.com ## added by CiD
127.0.0.1 winantivirus.com ## added by CiD
127.0.0.1 winfixer.com ## added by CiD
127.0.0.1 www.drivecleaner.com ## added by CiD
127.0.0.1 www.errorprotector.com ## added by CiD
127.0.0.1 www.errorsafe.com ## added by CiD
127.0.0.1 www.systemdoctor.com ## added by CiD
127.0.0.1 www.win-anti-virus-pro.com ## added by CiD
127.0.0.1 www.win-virus-pro.com ## added by CiD
127.0.0.1 www.winantispam.com ## added by CiD
127.0.0.1 www.winantispy.com ## added by CiD
127.0.0.1 www.winantispyware.com ## added by CiD
127.0.0.1 www.winantivirus.com ## added by CiD
127.0.0.1 www.winantiviruspro.com ## added by CiD
127.0.0.1 www.windrivecleaner.com ## added by CiD
127.0.0.1 www.windrivesafe.com ## added by CiD
127.0.0.1 www.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD
127.0.0.1 download.cdn.errorsafe.com ## added by CiD
127.0.0.1 instlog.winfixer.com ## added by CiD
127.0.0.1 trial.updates.winsoftware.com ## added by CiD
127.0.0.1 utils.winfixer.com ## added by CiD
127.0.0.1 winfixer2006.com ## added by CiD
127.0.0.1 winsoftware.com ## added by CiD
127.0.0.1 www.utils.winfixer.com ## added by CiD
127.0.0.1 www.winfixer2006.com ## added by CiD
127.0.0.1 www.winsoftware.com ## added by CiD

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 21:10:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:65,5c,37,f8,d2,8b,5a,c1,dd,c6,0a,d7,5e,12,60,98,84,69,77,17,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:65,5c,37,f8,d2,8b,5a,c1,dd,c6,0a,d7,5e,12,60,98,84,69,77,17,4b,..
scanning hidden files ...
scan completed successfully
hidden files: 4496

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\bjpyfwsuw_navps.dat
C:\WINDOWS\system32\cxxejgujd_navps.dat
C:\WINDOWS\system32\bjpyfwsuw_nav.dat
C:\WINDOWS\system32\bjpyfwsuw.dat
C:\WINDOWS\system32\cxxejgujd_nav.dat
C:\WINDOWS\system32\cxxejgujd.dat
! EGDACCESS Possible !


Ps : Je me demande si rebooter l'ordinateur ne serait pas plus simple ? Mais étant débutant, je n'ose pas trop prendre d'iniative surtout que ce n'est pas mon pc.
Contenus similaires
a b 8 Sécurité
28 Octobre 2007 21:22:44

On supprime maintenant.

Ouvre le dossier Lop S&D puis double-clique sur Scan.bat. Tape sur "S" puis valide en appuyant sur "Entrée".
[#ff0000]! Ne ferme pas la fenêtre lors de la suppression ! [/#f]
Un rapport sera généré, poste son contenu ici.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.
28 Octobre 2007 21:34:07

Mon bureau est réapparu normalement, je n'ai pas fermé la fenêtre. Voilà le rapport :


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ SUPPRESSION ///////////////////////////////

Supprimé - C:\WINDOWS\Prefetch\FIRSTTWOCURB.EXE-209185FA.pf
Supprimé - C:\Program Files\ISOSTO~1
Supprimé - C:\Documents and settings\gajecki\Application Data\ISOSTO~1
Supprimé - C:\WINDOWS\tasks\ACB471F6918BEE46.job
Restauré - Fichier Hosts

\\\\\\\\\\\\\\\\\\\\\\\\\\\ DEUXIEME PASSAGE ///////////////////////////

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Copié ! - [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Copié ! - [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
Supprimé - HKCU\Software\Microsoft\Windows\CurrentVersion\Run | Bird Burn

//////////////////////////////////////-\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

-------------[ Listing des Dossiers dans Application Data ]-------------

C:\Documents and settings\Administrateur\Application Data\Microsoft
C:\Documents and settings\Administrateur\Application Data\desktop.ini

C:\Documents and settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and settings\All Users\Application Data\SOAPCLOCKANTIRDR
C:\Documents and settings\All Users\Application Data\city about store file
C:\Documents and settings\All Users\Application Data\Grisoft
C:\Documents and settings\All Users\Application Data\WLInstaller
C:\Documents and settings\All Users\Application Data\Win mail bash city
C:\Documents and settings\All Users\Application Data\hpzinstall.log
C:\Documents and settings\All Users\Application Data\TEMP
C:\Documents and settings\All Users\Application Data\MSN6
C:\Documents and settings\All Users\Application Data\Babylon
C:\Documents and settings\All Users\Application Data\Yahoo! Companion
C:\Documents and settings\All Users\Application Data\Yahoo!
C:\Documents and settings\All Users\Application Data\NFS Underground
C:\Documents and settings\All Users\Application Data\Microsoft
C:\Documents and settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and settings\All Users\Application Data\Autodesk
C:\Documents and settings\All Users\Application Data\UDL
C:\Documents and settings\All Users\Application Data\Cakewalk
C:\Documents and settings\All Users\Application Data\Ableton
C:\Documents and settings\All Users\Application Data\Pinnacle
C:\Documents and settings\All Users\Application Data\QuickTime
C:\Documents and settings\All Users\Application Data\desktop.ini
C:\Documents and settings\All Users\Application Data\CyberLink

C:\Documents and settings\Default User\Application Data\desktop.ini
C:\Documents and settings\Default User\Application Data\Microsoft

C:\Documents and settings\gajecki\Application Data\Grisoft
C:\Documents and settings\gajecki\Application Data\Azureus
C:\Documents and settings\gajecki\Application Data\DMCache
C:\Documents and settings\gajecki\Application Data\MSN6
C:\Documents and settings\gajecki\Application Data\HP
C:\Documents and settings\gajecki\Application Data\Babylon
C:\Documents and settings\gajecki\Application Data\Real
C:\Documents and settings\gajecki\Application Data\Thunderbird
C:\Documents and settings\gajecki\Application Data\Talkback
C:\Documents and settings\gajecki\Application Data\Mozilla
C:\Documents and settings\gajecki\Application Data\Microsoft
C:\Documents and settings\gajecki\Application Data\EPSON
C:\Documents and settings\gajecki\Application Data\Macromedia
C:\Documents and settings\gajecki\Application Data\TaoUSign
C:\Documents and settings\gajecki\Application Data\AdobeUM
C:\Documents and settings\gajecki\Application Data\Help
C:\Documents and settings\gajecki\Application Data\Ahead
C:\Documents and settings\gajecki\Application Data\Autodesk
C:\Documents and settings\gajecki\Application Data\vlc
C:\Documents and settings\gajecki\Application Data\ArcSoft
C:\Documents and settings\gajecki\Application Data\Checkflow
C:\Documents and settings\gajecki\Application Data\Steinberg
C:\Documents and settings\gajecki\Application Data\TestFile.tmp
C:\Documents and settings\gajecki\Application Data\Lavasoft
C:\Documents and settings\gajecki\Application Data\Cakewalk
C:\Documents and settings\gajecki\Application Data\Ableton
C:\Documents and settings\gajecki\Application Data\Publish Providers
C:\Documents and settings\gajecki\Application Data\NetMedia Providers
C:\Documents and settings\gajecki\Application Data\Sonic Foundry
C:\Documents and settings\gajecki\Application Data\Sun
C:\Documents and settings\gajecki\Application Data\Sony
C:\Documents and settings\gajecki\Application Data\Microsoft Web Folders
C:\Documents and settings\gajecki\Application Data\DassaultSystemes
C:\Documents and settings\gajecki\Application Data\Adobe
C:\Documents and settings\gajecki\Application Data\InterTrust
C:\Documents and settings\gajecki\Application Data\CyberLink
C:\Documents and settings\gajecki\Application Data\desktop.ini
C:\Documents and settings\gajecki\Application Data\Identities

C:\Documents and settings\LocalService\Application Data\Microsoft
C:\Documents and settings\LocalService\Application Data\McAfee.com Personal Firewall

C:\Documents and settings\NetworkService\Application Data\Microsoft



----------------[ Tâches planifiées dans C:\WINDOWS\tasks ]---------------

C:\WINDOWS\tasks\Scheduled scanning task.job
C:\WINDOWS\tasks\SA.DAT
C:\WINDOWS\tasks\desktop.ini

---------------[ Listing des dossiers dans Program Files ]--------------

C:\Program Files\2005.mny
C:\Program Files\2007.mny
C:\Program Files\AC3Filter
C:\Program Files\ACAD2000
C:\Program Files\Adobe
C:\Program Files\Ahead
C:\Program Files\AIM95
C:\Program Files\Alcohol Soft
C:\Program Files\Alwil Software
C:\Program Files\Analog Devices
C:\Program Files\AnswerWorks 4.0
C:\Program Files\Anti-Blaxx
C:\Program Files\ArcSoft
C:\Program Files\ASUS
C:\Program Files\ATI Technologies
C:\Program Files\Autodesk
C:\Program Files\Autodesk Deployment Wizard
C:\Program Files\Azureus
C:\Program Files\Babylon(2)
C:\Program Files\BNP.MNY
C:\Program Files\CCleaner
C:\Program Files\Common Files
C:\Program Files\ComPlus Applications
C:\Program Files\CyberLink
C:\Program Files\dict.avi
C:\Program Files\directx
C:\Program Files\Doom 3
C:\Program Files\EA GAMES
C:\Program Files\eMule
C:\Program Files\epson
C:\Program Files\Fichiers communs
C:\Program Files\Formation interactive Microsoft
C:\Program Files\F-Secure Anti-Virus
C:\Program Files\Grisoft
C:\Program Files\HP
C:\Program Files\IncrediMail
C:\Program Files\INSTALL
C:\Program Files\INSTALL.LOG
C:\Program Files\Intel
C:\Program Files\Internet Explorer
C:\Program Files\Java
C:\Program Files\JCA2000
C:\Program Files\jv16 PowerTools 2005
C:\Program Files\LISEZMOI.TXT
C:\Program Files\LIVEUPDATE
C:\Program Files\logo.bmp
C:\Program Files\Messager Wanadoo
C:\Program Files\Messenger
C:\Program Files\MessengerPlus! 3
C:\Program Files\Micro Application
C:\Program Files\Microsoft ActiveSync
C:\Program Files\microsoft frontpage
C:\Program Files\Microsoft Office
C:\Program Files\Microsoft R‚f‚rence
C:\Program Files\Morgan
C:\Program Files\Movie Maker
C:\Program Files\Mozilla Thunderbird
C:\Program Files\MSI
C:\Program Files\MSMONEY.EXE
C:\Program Files\MSN
C:\Program Files\MSN Gaming Zone
C:\Program Files\MSN Messenger
C:\Program Files\NetMeeting
C:\Program Files\oct.mny
C:\Program Files\Omega Informatix
C:\Program Files\ONES Trial (F)
C:\Program Files\Outlook Express
C:\Program Files\PageCharmer Trial
C:\Program Files\QuickTime
C:\Program Files\Real
C:\Program Files\right.wav
C:\Program Files\Securitoo
C:\Program Files\Security Stronghold
C:\Program Files\Sega
C:\Program Files\Services en ligne
C:\Program Files\Sierra On-Line
C:\Program Files\skipped.H0
C:\Program Files\skipped.wav
C:\Program Files\SlySoft
C:\Program Files\Softwin
C:\Program Files\SolidWorks
C:\Program Files\Sonic
C:\Program Files\Sonic Foundry
C:\Program Files\Sonic Foundry Setup
C:\Program Files\Sony
C:\Program Files\Sony Setup
C:\Program Files\Soulseek
C:\Program Files\Sports Interactive
C:\Program Files\SPRY
C:\Program Files\Spybot - Search & Destroy
C:\Program Files\Starcraft
C:\Program Files\strings
C:\Program Files\system
C:\Program Files\Trillian
C:\Program Files\VeriSign
C:\Program Files\VideoLAN
C:\Program Files\Viewpoint
C:\Program Files\Vimicro
C:\Program Files\VirtualDJ
C:\Program Files\VOB
C:\Program Files\Wanadoo
C:\Program Files\Webroot
C:\Program Files\Winamp
C:\Program Files\Winamp3
C:\Program Files\Windows Media Player
C:\Program Files\Windows NT
C:\Program Files\WinMX
C:\Program Files\WinRAR
C:\Program Files\wrong.wav
C:\Program Files\xerox

------[ Listing des dossiers dans Program Files\Fichiers Communs ]------

C:\program files\fichiers communs\Adobe
C:\program files\fichiers communs\Ahead
C:\program files\fichiers communs\Autodesk Shared
C:\program files\fichiers communs\DESIGNER
C:\program files\fichiers communs\DirectX
C:\program files\fichiers communs\InstallShield
C:\program files\fichiers communs\Java
C:\program files\fichiers communs\L&H
C:\program files\fichiers communs\Microsoft Shared
C:\program files\fichiers communs\MSSoap
C:\program files\fichiers communs\ODBC
C:\program files\fichiers communs\Real
C:\program files\fichiers communs\Services
C:\program files\fichiers communs\Sierra On-Line
C:\program files\fichiers communs\SpeechEngines
C:\program files\fichiers communs\SWF Studio
C:\program files\fichiers communs\System

----------------------[ Recherche dans le Registre ]----------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]


-----------------[ Recherche de Fichiers - Dossiers Lop ]-----------------

Aucun dossier Lop trouvé !

--------------------[ Vérification du fichier Hosts ]---------------------

Fichier Hosts : Propre

--------------[ Recherche de fichiers cachés avec Catchme ]---------------

catchme 0.3.1066 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-28 21:30:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:65,5c,37,f8,d2,8b,5a,c1,dd,c6,0a,d7,5e,12,60,98,84,69,77,17,4b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:65,5c,37,f8,d2,8b,5a,c1,dd,c6,0a,d7,5e,12,60,98,84,69,77,17,4b,..
scanning hidden files ...
scan completed successfully
hidden files: 4496

--------------------[ Recherche d'autres infections ]---------------------

C:\WINDOWS\pack.epk
C:\WINDOWS\system32\bjpyfwsuw_navps.dat
C:\WINDOWS\system32\cxxejgujd_navps.dat
C:\WINDOWS\system32\bjpyfwsuw_nav.dat
C:\WINDOWS\system32\bjpyfwsuw.dat
C:\WINDOWS\system32\cxxejgujd_nav.dat
C:\WINDOWS\system32\cxxejgujd.dat
! EGDACCESS Possible !
a b 8 Sécurité
28 Octobre 2007 21:40:02

Re,

Télécharge Navilog1.exe (IL-MAFIOSO)
Enregistre-le sur ton Bureau.
Lance l'installation en double cliquant sur navilog.exe.
Une fois l'installation terminée, l'utilitaire s'exécutera automatiquement.
(Si ce n'est pas le cas, double clique sur le raccourci présent sur le Bureau)

Laisse-toi guider par l'utilitaire. Choisis l'option 1 puis valide.
[#ff0000]! N'utilise pas l'option 2, 3 et 4 sans notre accord ![/#f]
Patiente jusqu'à l'apparition de ce message :
"*** Analyse Termine le ..... ***"
Appuie sur une touche comme demandé. Le Bloc-notes va s'ouvrir. Poste-nous son contenu de cette manière :

-> Edition / Sélectionner tout
-> Edition / Copier
-> Clique-Droit / Coller dans ta réponse


NOTE : Le rapport se trouve également ici : C:\fixnavi.txt
28 Octobre 2007 21:45:00

Search Navipromo version 3.3.2 commencé le 28/10/2007 à 21:42:53,85

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 22.10.2007 à 19h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 6.0.2900.2180


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\WINDOWS ***



*** Recherche dossiers dans C:\Program Files ***



*** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\gajecki\Application Data ***


*** Recherche dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\WINDOWS\system32
- C:\DOCUME~1\GAJECKI\LOCALS~1\APPLIC~1



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\WINDOWS\system32 *

* Recherche dans C:\DOCUME~1\GAJECKI\LOCALS~1\APPLIC~1 *



*** Recherche fichiers ***


C:\WINDOWS\pack.epk trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !
HKEY_CURRENT_USER\Software\mc trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\WINDOWS\system32\bjpyfwsuw.dat trouvé !
C:\WINDOWS\system32\cxxejgujd.dat trouvé !
C:\WINDOWS\system32\bjpyfwsuw_nav.dat trouvé !
C:\WINDOWS\system32\cxxejgujd_nav.dat trouvé !


3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le 28/10/2007 à 21:43:41,28 ***
a b 8 Sécurité
28 Octobre 2007 21:49:55

Re,

Double clique sur le raccourci de Navilog1 présent sur ton Bureau.
Suis les instructions. Choisis ensuite l'option 2 puis valide.
Laisse toi guider et réponds aux questions éventuelles.

L'utilitaire va t'informer qu'il va redémarrer l'ordinateur.
[#ff0000]**Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts**[/#f]
Appuie maintenant sur une touche, comme demandé.
(si ton PC ne redémarre pas automatiquement, fais-le manuellement)

Patiente jusqu'à l'apparition de ce message :
"*** Nettoyage Termine le ..... ***"

Le Bloc-notes va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver.
Referme le Bloc-notes. Ton bureau va maintenant réapparaître.

NOTE : Si ton Bureau ne réapparait pas, appuie simultanément sur Ctrl+Alt+Suppr pour ouvrir le Gestionnaire des tâches.
Rends-toi sur l'onglet "Processus". Clique en haut à gauche sur Fichier et choisis "Exécuter..."
Tape explorer puis valide.

Poste le rapport sauvegardé auparavant (C:\cleannavi.txt)
Ainsi qu'un nouveau rapport Hijackthis.
28 Octobre 2007 22:04:56

Voilà les deux rapports (cleannavi.txt en premier) :

Mode suppression automatique



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\WINDOWS\System32 *


* Suppression dans C:\DOCUME~1\GAJECKI\LOCALS~1\APPLIC~1 *



*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\gajecki\Application Data ***


*** Suppression dossiers dans C:\DOCUME~1\ALLUSE~1\MENUDM~1\PROGRA~1 ***



*** Suppression fichiers ***

C:\WINDOWS\pack.epk supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\gajecki\Local Settings\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche, création sauvegardes et suppression Heuristique :

C:\WINDOWS\System32\bjpyfwsuw.dat trouvé !
Copie C:\WINDOWS\system32\bjpyfwsuw.dat réalisé avec succès !
C:\WINDOWS\system32\bjpyfwsuw.dat supprimé !

C:\WINDOWS\System32\cxxejgujd.dat trouvé !
Copie C:\WINDOWS\system32\cxxejgujd.dat réalisé avec succès !
C:\WINDOWS\system32\cxxejgujd.dat supprimé !

C:\WINDOWS\System32\bjpyfwsuw_nav.dat trouvé !
Copie C:\WINDOWS\system32\bjpyfwsuw_nav.dat réalisé avec succès !
C:\WINDOWS\system32\bjpyfwsuw_nav.dat supprimé !

C:\WINDOWS\System32\cxxejgujd_nav.dat trouvé !
Copie C:\WINDOWS\system32\cxxejgujd_nav.dat réalisé avec succès !
C:\WINDOWS\system32\cxxejgujd_nav.dat supprimé !

C:\WINDOWS\system32\bjpyfwsuw_navps.dat trouvé !
Copie C:\WINDOWS\system32\bjpyfwsuw_navps.dat réalisé avec succès !
C:\WINDOWS\system32\bjpyfwsuw_navps.dat supprimé !

C:\WINDOWS\system32\cxxejgujd_navps.dat trouvé !
Copie C:\WINDOWS\system32\cxxejgujd_navps.dat réalisé avec succès !
C:\WINDOWS\system32\cxxejgujd_navps.dat supprimé !


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:03:55, on 28/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\VM_STI.EXE
C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\gajecki\Bureau\BlaBla\abcde.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.fr/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://fr.search.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://fr.search.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange
R3 - URLSearchHook: i-Nav IDN SearchHook - {CE000994-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: i-Nav IDN Resolver - {CE000992-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Audio Web Cam 31
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WOOKIT] C:\Program Files\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKLM\..\Policies\Explorer\Run: [user32.dll] C:\Program Files\Video ActiveX Access\iesmn.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Omega Messenger.lnk = C:\Program Files\Omega Informatix\Omega Messenger\Omega Messenger.exe
O9 - Extra button: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra 'Tools' menuitem: Europa Casino - {4C826F10-D34B-4ba8-B609-1FB8C6482A05} - C:\Casino\Europa Casino\casino.exe
O9 - Extra button: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra 'Tools' menuitem: Aide i-Nav - {CE000992-A58C-4441-8938-744CD72AB27F} - http://idn.verisign-grs.com/plug-in/support/index.jsp (file missing)
O9 - Extra button: (no name) - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra 'Tools' menuitem: Options i-Nav - {CE000996-A58C-4441-8938-744CD72AB27F} - C:\Program Files\VeriSign\i-Nav\i-nav_4_2_1.dll
O9 - Extra button: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra 'Tools' menuitem: Messager Wanadoo - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSAG~1\Messager Wanadoo.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/clients/y/poti_x...
O16 - DPF: {16BED5D9-AA6B-4A96-A134-C1958893490F} - http://advnt01.com/dialer/intES_ver40v.CAB
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} - http://download.games.yahoo.com/games/voice/yacscom.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownl...
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://jeuxmultijoueurs.orange.fr/Gameshell/GameHost/1....
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Documents and Settings\gajecki\Mes documents\eDonkey2000 Downloads\AVG Anti-Spyware 7.5\guard.exe
O24 - Desktop Component 0: (no name) - http://yahooo.jexiste.fr/images/avatars/68355246743c913...
O24 - Desktop Component 1: (no name) - http://ouafik08.skyblog.com/pics/383621624_small.jpg
O24 - Desktop Component 2: (no name) - http://ouafik08.skyblog.com/pics/384765607.gif
O24 - Desktop Component 3: (no name) - http://ouafik08.skyblog.com/pics/384768377.gif
O24 - Desktop Component 4: (no name) - http://www.fdr-skatepark.com/FDRBANNER2.gif
O24 - Desktop Component 6: Security info v3 - C:\WINDOWS\screen.html

29 Octobre 2007 00:40:29

Re, Le scan a duré environ 2 heures mais apparement il a viré pas mal de fichiers nocifs, je te met le rapport :


AntiVir PersonalEdition Classic
Report file date: dimanche 28 octobre 2007 22:29

Scanning for 905615 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: GAJECKI-DSXYB6M

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 14:26:55
ANTIVIR2.VDF : 7.0.0.140 940544 Bytes 26/10/2007 21:28:02
ANTIVIR3.VDF : 7.0.0.143 23040 Bytes 28/10/2007 21:28:02
AVEWIN32.DLL : 7.6.0.30 3056128 Bytes 28/10/2007 21:28:03
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 08:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: dimanche 28 octobre 2007 22:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'Watch.exe' - '1' Module(s) have been scanned
Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned
Scan process 'PollingModule.exe' - '1' Module(s) have been scanned
Scan process 'Inactivity.exe' - '1' Module(s) have been scanned
Scan process 'Toaster.exe' - '1' Module(s) have been scanned
Scan process 'ComComp.exe' - '1' Module(s) have been scanned
Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'TaskBarIcon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'Vm_sti.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wdfmgr.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '0' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
34 processes with 34 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'F:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '25' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\All Users\Application Data\SOAPCLOCKANTIRDR\meetooze.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\SOAPCLOCKANTIRDR\one plan.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\Documents and Settings\All Users\Application Data\SOAPCLOCKANTIRDR\Pop Data.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\Documents and Settings\gajecki\Bureau\LopSD[1]\Lop S&D\BackupLop\Application Data - ISOSTO~1\FirstTwoCurb.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\Documents and Settings\gajecki\Mes documents\MessengerSkinner\MessengerSkinner.exe
[DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Skinymes.Agent.A Backdoor server programs
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1228\A0217535.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1228\A0217536.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1228\A0217537.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1259\A0220175.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.EN.497
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1259\A0220176.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1259\A0220177.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1259\A0220178.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1259\A0220179.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.EN.493
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1259\A0220180.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.EN.485
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1261\A0220190.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1262\A0220207.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1262\A0220224.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1264\A0220237.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1265\A0220252.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1266\A0220261.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1267\A0220267.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1269\A0220284.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1271\A0220315.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1271\A0220317.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1271\A0220318.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1271\A0220319.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1271\A0220320.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1271\A0220321.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1272\A0220333.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1273\A0220337.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1274\A0220355.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1275\A0220361.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1276\A0220363.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1277\A0220372.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1278\A0220444.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1279\A0220451.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1280\A0220452.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1281\A0220574.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1282\A0220575.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1282\A0220576.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1282\A0220577.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1282\A0220578.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1282\A0220579.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1282\A0220580.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.EN.2479
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1282\A0220581.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.EN.2468
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1284\A0220652.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1285\A0220669.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1287\A0220719.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1288\A0220727.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1290\A0220734.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1293\A0220778.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1294\A0220779.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1294\A0220815.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1295\A0220863.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1295\A0220871.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1296\A0220878.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1296\A0220885.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1297\A0220891.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1298\A0220902.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1299\A0220980.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1301\A0220986.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1302\A0220999.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1304\A0221011.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1306\A0222143.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1307\A0222146.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1307\A0222281.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1308\A0222290.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1309\A0222318.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1309\A0222568.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1309\A0222748.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1310\A0222798.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1311\A0222804.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1312\A0222821.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1313\A0222832.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1313\A0223832.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1313\A0224832.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1314\A0224848.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1314\A0224854.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1316\A0224869.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1316\A0224879.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1317\A0224888.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1317\A0225888.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1318\A0225911.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1320\A0225918.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1322\A0225929.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1322\A0226927.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1324\A0227044.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1324\A0227094.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0227213.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228240.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228241.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228242.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228243.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228244.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228245.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228246.exe
[DETECTION] Is the Trojan horse TR/Obfuscated.EN.2655
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228247.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228248.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1325\A0228250.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1326\A0228365.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1326\A0228366.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1326\A0228367.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{B3561D00-4DF9-43EC-8EB5-D9B38E249DE7}\RP1326\A0228368.exe
[DETECTION] Is the Trojan horse TR/Dldr.Swizzor.Gen
[INFO] The file was deleted!
Begin scan in 'F:\'


End of the scan: lundi 29 octobre 2007 00:37
Used time: 2:07:46 min

The scan has been done completely.

8279 Scanning directories
366905 Files were scanned
103 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
103 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
366802 Files not concerned
2788 Archives were scanned
1 Warnings
63 Notes

a b 8 Sécurité
29 Octobre 2007 10:22:45

Reposte un rapport Hijackthis.

Télécharge Smitfraudfix (de S!ri).
Enregistre-le sur ton bureau.
Lance SmitfraudFix.exe (le .exe peut ne pas apparaitre).
Choisis l'Option 1 (Recherche)
Poste le premier rapport ici.

**Si le lien ne fonctionne pas, clique ici**
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS