S.O.S !!! KeyLogger !!!

frich -  
 Adem -
Bonjour,

Je ne suis pas sure de poster au bon endroit, je ne sais pas créer une nouvelle discussion si quelqu'un peut me rediriger le poste mais en tout cas si je peux me permettre, je viens d' attraper le même virus: TR/SPY.KeyLogger.bcm en sachant que j'utilise "Antivir" comme antivirus et il n'arrive pas à le supprimer.
Je suis sur vista, si quelqu'un peut m'aider ça serait gentil à vous. Je suis nouveau sur ce forum, je cueille l'occasion pour vous souhaiter quand même une bonne année.

PS: De ce que j'ai pu lire sur le net, je sais que ce virus est très méchant ça attaque les mots de passe "S.O.S"

Salutations
Configuration: Windows Vista
Firefox 3.0.5

5 réponses

  1. totobetourne Messages postés 5677 Statut Membre 65
     
    bonjour

    1)pour vista si infection.

    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html

    2)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.

    http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

    installe le normallement comme tout autre programme dans c/programme/...............
    clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.

    0
    1. frich
       
      Bonjour et merci pour votre réponse

      voilà le rapport


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 13:35, on 2009-01-06
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16764)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\SYSTEM32\taskeng.exe
      C:\Windows\Explorer.EXE
      C:\Windows\System32\CTHELPER.EXE
      C:\Program Files\Microsoft IntelliType Pro\itype.exe
      C:\Program Files\Logitech\QuickCam\Quickcam.exe
      F:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
      C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Users\Zazza\Program Files\DNA\btdna.exe
      C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
      C:\Users\Zazza\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      C:\Users\Zazza\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
      C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      C:\Windows\SYSTEM32\taskeng.exe
      F:\PSIS\PSI (RC4)\psi.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
      F:\Firefox\firefox.exe
      C:\Windows\system32\wuauclt.exe
      c:\program files\logitech\quickcam\lu\lulnchr.exe
      C:\program files\logitech\quickcam\lu\LogitechUpdate.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - F:\NetTransport 2\NTIEHelper.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - F:\Program Files\Copernic Agent\CopernicAgentExt.dll
      O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
      O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
      O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
      O4 - HKLM\..\Run: [TrayServer] F:\Magix-aquisition-analogique\TrayServer.exe
      O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Photoshop-Elements-6\apdproxy.exe"
      O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
      O4 - HKLM\..\Run: [avgnt] "F:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [QuickTime Task] "F:\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Zazza\Program Files\DNA\btdna.exe"
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Startup: Outil de notification Live Search.lnk = Zazza\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
      O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
      O8 - Extra context menu item: &Télécharger avec NetTransport - F:\NetTransport 2\NTAddLink.html
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
      O8 - Extra context menu item: Chercher avec Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
      O8 - Extra context menu item: Download Video on This Page - F:\YouTube Video Downloader\IEPage.html
      O8 - Extra context menu item: Download Video This Links To - F:\YouTube Video Downloader\IELink.html
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\OFFICE~1\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Tout t&élécharger avec NetTransport - F:\NetTransport 2\NTAddList.html
      O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - F:\YouTube Video Downloader\IEPage.html
      O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - F:\YouTube Video Downloader\IEPage.html
      O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
      O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE~1\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{209FB938-2AFC-4CFC-9917-60637CDA280D}: NameServer = 212.27.54.252,213.228.0.212
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\Photoshop-Elements-6\PhotoshopElementsFileAgent.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
      O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
      O23 - Service: NBService - Nero AG - F:\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      0
  2. totobetourne Messages postés 5677 Statut Membre 65
     
    rien a priori sur ton rapport.

    1)on va regarder avec cet outil.
    passe cet antimalware, fait comme indique
    Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement

    Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe

    Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
    fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
    COLLE LE RAPPORT APRES SUPPRESSION MERCI.

    garde le et lance un scan tout les mois comme indique.

    si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.

    2)comment se nomme le fichier percu comme infecte.

    0
    1. frich
       
      Bonsoir,
      Voilà le rapport que vous m'avez demandé.

      Concernant le virus "Antivir" il me l'affiche quand je vais dans panneau de configuration, désinstallation d'un fichier qui s'appelle "Adobe Flash CS3 Professional".

      Le virus est dans ce fichier : C:\Users\Zazza\AppData\Local\Temp\MMBPlayer\winss.exe

      et il m'affiche aussi : TR/SPY.KeyLogger.bcm (Troyan)

      Merci encore pour votre aide
      Cordialement



      Malwarebytes' Anti-Malware 1.32
      Version de la base de données: 1624
      Windows 6.0.6000

      2009-01-06 19:28:55
      mbam-log-2009-01-06 (19-28-55).txt

      Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
      Eléments examinés: 277311
      Temps écoulé: 4 hour(s), 17 minute(s), 47 second(s)

      Processus mémoire infecté(s): 0
      Module(s) mémoire infecté(s): 0
      Clé(s) du Registre infectée(s): 0
      Valeur(s) du Registre infectée(s): 0
      Elément(s) de données du Registre infecté(s): 0
      Dossier(s) infecté(s): 0
      Fichier(s) infecté(s): 0

      Processus mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Module(s) mémoire infecté(s):
      (Aucun élément nuisible détecté)

      Clé(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Valeur(s) du Registre infectée(s):
      (Aucun élément nuisible détecté)

      Elément(s) de données du Registre infecté(s):
      (Aucun élément nuisible détecté)

      Dossier(s) infecté(s):
      (Aucun élément nuisible détecté)

      Fichier(s) infecté(s):
      (Aucun élément nuisible détecté)
      0
  3. totobetourne Messages postés 5677 Statut Membre 65
     
    Ensuite,
    *Rends toi sur ce site :

    https://www.virustotal.com/gui/

    *Clique sur "Parcourir" et cherche ce fichier : C:\Users\Zazza\AppData\Local\Temp\MMBPlayer\winss.exe
    *Un rapport va s'élaborer ligne à ligne.
    *Attends la fin. Il doit comprendre la taille du fichier envoyé.
    *Sauvegarde le rapport avec le bloc-note.
    *Copie le dans ta réponse.
    *Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintena

    0
    1. frich
       
      Bonsoir,

      Ca me semble bizarre virustotal n'arrive pas à déterter le fichier "winss.exe".

      J'ai même affiché les dossiers cachés dans les options.

      J'ai fait un scan avec antivir, il détecte bien quelque chose voilà le rapport.

      Cordialement






      Avira AntiVir Personal
      Report file date: 2009-01-07 09:20

      Scanning for 1153470 virus strains and unwanted programs.

      Licensed to: Avira AntiVir PersonalEdition Classic
      Serial number: 0000149996-ADJIE-0001
      Platform: Windows Vista
      Windows version: (plain) [6.0.6000]
      Boot mode: Normally booted
      Username: SYSTEM
      Computer name: ZAZZA-PC

      Version information:
      BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
      AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-25 10:20:21
      AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 08:56:40
      LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 13:44:19
      LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 08:58:52
      ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 11:08:28
      ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 2008-12-24 16:03:24
      ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 2009-01-02 10:26:14
      ANTIVIR3.VDF : 7.1.1.74 158208 Bytes 2009-01-06 08:19:47
      Engineversion : 8.2.0.45
      AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-11-13 11:08:54
      AESCRIPT.DLL : 8.1.1.19 336252 Bytes 2008-12-12 09:33:01
      AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-13 11:08:49
      AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-13 11:08:48
      AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-13 11:08:47
      AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2008-12-12 09:32:56
      AEHEUR.DLL : 8.1.0.75 1524087 Bytes 2008-12-12 09:32:51
      AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-19 09:30:56
      AEGEN.DLL : 8.1.1.8 323956 Bytes 2008-12-12 09:32:35
      AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-11-13 11:08:38
      AECORE.DLL : 8.1.5.2 172405 Bytes 2008-11-30 16:23:17
      AEBB.DLL : 8.1.0.3 53618 Bytes 2008-11-13 11:08:36
      AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 09:40:05
      AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 10:28:01
      AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-13 11:08:35
      AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 12:26:40
      AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 09:29:23
      AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 13:27:49
      SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 18:28:02
      SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 13:49:40
      NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 13:05:10
      RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 14:48:07
      RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 14:34:37

      Configuration settings for the scan:
      Jobname..........................: Complete system scan
      Configuration file...............: F:\antivir\avira\antivir personaledition classic\sysscan.avp
      Logging..........................: low
      Primary action...................: interactive
      Secondary action.................: ignore
      Scan master boot sector..........: on
      Scan boot sector.................: on
      Boot sectors.....................: C:, D:, E:, F:,
      Process scan.....................: on
      Scan registry....................: on
      Search for rootkits..............: on
      Scan all files...................: Intelligent file selection
      Scan archives....................: on
      Recursion depth..................: 20
      Smart extensions.................: on
      Macro heuristic..................: on
      File heuristic...................: high

      Start of the scan: 2009-01-07 09:20

      Starting search for hidden objects.
      '98962' objects were checked, '0' hidden objects were found.

      The scan of running processes will be started
      Scan process 'RacAgent.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'avscan.exe' - '1' Module(s) have been scanned
      Scan process 'avcenter.exe' - '1' Module(s) have been scanned
      Scan process 'LogitechUpdate.exe' - '1' Module(s) have been scanned
      Scan process 'LULnchr.exe' - '1' Module(s) have been scanned
      Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
      Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
      Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
      Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
      Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
      Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
      Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
      Scan process 'DWLGTI.EXE' - '1' Module(s) have been scanned
      Scan process 'btdna.exe' - '1' Module(s) have been scanned
      Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
      Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned
      Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
      Scan process 'ehtray.exe' - '1' Module(s) have been scanned
      Scan process 'jusched.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
      Scan process 'avgnt.exe' - '1' Module(s) have been scanned
      Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
      Scan process 'itype.exe' - '1' Module(s) have been scanned
      Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
      Scan process 'psi.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
      Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
      Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
      Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
      Scan process 'avguard.exe' - '1' Module(s) have been scanned
      Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
      Scan process 'explorer.exe' - '1' Module(s) have been scanned
      Scan process 'taskeng.exe' - '1' Module(s) have been scanned
      Scan process 'dwm.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'sched.exe' - '1' Module(s) have been scanned
      Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'rundll32.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
      Scan process 'audiodg.exe' - '0' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
      Scan process 'svchost.exe' - '1' Module(s) have been scanned
      Scan process 'winlogon.exe' - '1' Module(s) have been scanned
      Scan process 'lsm.exe' - '1' Module(s) have been scanned
      Scan process 'lsass.exe' - '1' Module(s) have been scanned
      Scan process 'services.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'wininit.exe' - '1' Module(s) have been scanned
      Scan process 'csrss.exe' - '1' Module(s) have been scanned
      Scan process 'smss.exe' - '1' Module(s) have been scanned
      65 processes with 65 modules were scanned

      Starting master boot sector scan:
      Master boot sector HD0
      [INFO] No virus was found!
      Master boot sector HD1
      [INFO] No virus was found!
      Master boot sector HD2
      [INFO] No virus was found!
      Master boot sector HD3
      [INFO] No virus was found!

      Start scanning boot sectors:
      Boot sector 'C:\'
      [INFO] No virus was found!
      Boot sector 'D:\'
      [INFO] No virus was found!
      Boot sector 'E:\'
      [INFO] No virus was found!
      Boot sector 'F:\'
      [INFO] No virus was found!

      Starting to scan the registry.
      The registry was scanned ( '53' files ).


      Starting the file scan:

      Begin scan in 'C:\'
      C:\hiberfil.sys
      [WARNING] The file could not be opened!
      C:\pagefile.sys
      [WARNING] The file could not be opened!
      C:\$Recycle.Bin\S-1-5-21-4150475883-491242599-128744888-1000\$RFLN537.rar
      [0] Archive type: RAR
      --> Photoshop CS4 Keygen\Photoshop CS4 Keygen\keygen.exe
      [DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.drj back-door program
      [NOTE] The file was moved to '49aa72b4.qua'!
      C:\$Recycle.Bin\S-1-5-21-4150475883-491242599-128744888-1000\$RH5M46C.zip
      [0] Archive type: ZIP
      --> Adobe.Photoshop.CS4.Extended.v11.0.0.0.Crack.Only-NoPE/adobe.photoshop.cs4-nope.exe
      [DETECTION] Contains recognition pattern of the DR/Inject.ivx.5 dropper
      [NOTE] The file was moved to '49ac72ba.qua'!
      Begin scan in 'D:\' <DIVERS-BUREAUX>
      D:\LOGICIEL\ADOBE\Adobe-Flash-CS4\payloads\AdobeFlash10-STI-es\AdobeFlash10-STI-es1.cab
      [0] Archive type: CAB (Microsoft)
      --> _486_46a2b61d838038c13d3abcaef0ad7db1
      [DETECTION] Contains HEUR/HTML.Malware suspicious code
      [NOTE] The file was moved to '49d388c8.qua'!
      D:\LOGICIEL\ADOBE\Adobe-Flash-CS4\payloads\AdobeFlash10-STI-fr\AdobeFlash10-STI-fr1.cab
      [0] Archive type: CAB (Microsoft)
      --> _486_6a325317dbcfcf5002a2fb53e6b0960f
      [DETECTION] Contains HEUR/HTML.Malware suspicious code
      [NOTE] The file was moved to '49d3a240.qua'!
      D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r00
      [0] Archive type: RAR
      --> KPTCONV.2
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r01
      [0] Archive type: RAR
      --> KPTCONV.3
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r02
      [0] Archive type: RAR
      --> SETUP.INS
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 3\Kai's Power Tools 3.r00
      [0] Archive type: RAR
      --> DATA.3
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 3\Kai's Power Tools 3.r01
      [0] Archive type: RAR
      --> DATA.4
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 5\Kai's Power Tools 5.r28
      [0] Archive type: RAR
      --> _sys1.cab
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 5\Kai's Power Tools 5.r29
      [0] Archive type: RAR
      --> lang.dat
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r00
      [0] Archive type: RAR
      --> KPT\DATA.1
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r05
      [0] Archive type: RAR
      --> KPT\ACTIONS\BACKGRND.ATN
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r06
      [0] Archive type: RAR
      --> KPT\ACTIONS\KPTACTNS.ATN
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r07
      [0] Archive type: RAR
      --> KPT\LIBRARY\BUTTONS\01.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r08
      [0] Archive type: RAR
      --> KPT\LIBRARY\BUTTONS\03.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r09
      [0] Archive type: RAR
      --> KPT\LIBRARY\BUTTONS\05.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r10
      [0] Archive type: RAR
      --> KPT\LIBRARY\FRAMES\06.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r11
      [0] Archive type: RAR
      --> KPT\LIBRARY\BACKGRND\07.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r12
      [0] Archive type: RAR
      --> KPT\LIBRARY\BUTTONS\09.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r13
      [0] Archive type: RAR
      --> KPT\LIBRARY\BUTTONS\10.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r14
      [0] Archive type: RAR
      --> KPT\LIBRARY\TEXT\12.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r15
      [0] Archive type: RAR
      --> KPT\LIBRARY\FRAMES\15.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r16
      [0] Archive type: RAR
      --> KPT\LIBRARY\FRAMES\16.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r17
      [0] Archive type: RAR
      --> KPT\LIBRARY\FRAMES\18.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r18
      [0] Archive type: RAR
      --> KPT\LIBRARY\FRAMES\20.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r19
      [0] Archive type: RAR
      --> KPT\LIBRARY\FRAMES\22.JPG
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\NENDO 3D PAINT 1.0\nendo 3d paint v1.r01
      [0] Archive type: RAR
      --> siege98.nfo
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\PANOPTICUM LENS PRO\panph.r00
      [0] Archive type: RAR
      --> DISK1.ID
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\RAYFLECT PHOTOTRACER FOR PS\rayflect phototracer.r00
      [0] Archive type: RAR
      --> Objects\Characters\Other\Minus.PTC
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\SPG WEBTOOLS PRO 4.007 FOR PS\spg webtools pro 4.r00
      [0] Archive type: RAR
      --> SIEGE99.NFO
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r00
      [0] Archive type: RAR
      --> Textissimo Library Addons\Effects\green red distressed.eff
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r01
      [0] Archive type: RAR
      --> Textissimo Library Addons\Effects\yell neon w shadow.eff
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r02
      [0] Archive type: RAR
      --> Textissimo Library Addons\Tiles\deep sea2.tif
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r03
      [0] Archive type: RAR
      --> Textissimo Library Addons\Tiles\foliage2.tif
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r04
      [0] Archive type: RAR
      --> Textissimo Library Addons\Tiles\microbworld7.tif
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r05
      [0] Archive type: RAR
      --> Textissimo Library Addons\Tiles\prehistoric stone.tif
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r06
      [0] Archive type: RAR
      --> Textissimo Library Addons\Tiles\Displace\Twirl.tif
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\TYPEADELIC FOR PHOTOSHOP ISO - 15MB\typeadelic.r09
      [0] Archive type: RAR
      --> Typeadelic\Typeadelic.cue
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\VERTIGO QUICKSPACE V1.3.1 FOR PS\vertigo quickspace 131.r00
      [0] Archive type: RAR
      --> Quickspace\Models\HouseHold\Realistic\Half-moon Table.3dmf
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\VERTIGO QUICKSPACE V1.3.1 FOR PS\vertigo quickspace 131.r01
      [0] Archive type: RAR
      --> Quickspace\QuickSpace 1.3.1\_user1.cab
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap2.zip
      [0] Archive type: ZIP
      --> crtlacp.r00
      [1] Archive type: RAR
      --> Runtime\Geometries\props\blLSnowShoe.obj
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap3.zip
      [0] Archive type: ZIP
      --> crtlacp.r01
      [1] Archive type: RAR
      --> Runtime\Geometries\props\blWaterSki.obj
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap4.zip
      [0] Archive type: ZIP
      --> crtlacp.r02
      [1] Archive type: RAR
      --> Runtime\Geometries\props\blMicrophone.rsr
      [WARNING] No further files can be extracted from this archive. The archive will be closed
      Begin scan in 'E:\' <BUREAUX>
      Begin scan in 'F:\' <PROGRAMS>


      End of the scan: 2009-01-07 14:53
      Used time: 5:32:25 Hour(s)

      The scan has been done completely.

      33685 Scanning directories
      1005547 Files were scanned
      2 viruses and/or unwanted programs were found
      2 Files were classified as suspicious:
      0 files were deleted
      0 files were repaired
      4 files were moved to quarantine
      0 files were renamed
      2 Files cannot be scanned
      1005541 Files not concerned
      7701 Archives were scanned
      42 Warnings
      4 Notes
      98962 Objects were scanned with rootkit scan
      0 Hidden objects were found
      0
  4. totobetourne Messages postés 5677 Statut Membre 65
     
    faut arreter les keygen et cracks.tout ce qu il t a trouve il te l a mis en quarantaine.
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Adem
     
    J'en avais un aussi, il s'etait installé comme "Adobe cs3 Professional" c'etait impossible a désinstaller, quand j'essayais de le faire une fenetre d'installation faux d'adobe sors et c'est ecris controle ok bla bla bla.
    Mais si vous avez le meme probleme, quand vous essayez de le désinstaller vous verrez que y a un setup qui apparait dans gestionnaire de taches>Processus> faites >propriété et trouvez la ou il se cache puis supprimer.
    je l'ai supprime depuis Mode sans echec mais j'avais trouvé le fichier en mode normal.
    j'espere que ça vous aidera car j'ai essayé pleins d'autres trucs avant de pouvoir le faire...
    0