S.O.S !!! KeyLogger !!!
frich
-
Adem -
Adem -
Bonjour,
Je ne suis pas sure de poster au bon endroit, je ne sais pas créer une nouvelle discussion si quelqu'un peut me rediriger le poste mais en tout cas si je peux me permettre, je viens d' attraper le même virus: TR/SPY.KeyLogger.bcm en sachant que j'utilise "Antivir" comme antivirus et il n'arrive pas à le supprimer.
Je suis sur vista, si quelqu'un peut m'aider ça serait gentil à vous. Je suis nouveau sur ce forum, je cueille l'occasion pour vous souhaiter quand même une bonne année.
PS: De ce que j'ai pu lire sur le net, je sais que ce virus est très méchant ça attaque les mots de passe "S.O.S"
Salutations
Je ne suis pas sure de poster au bon endroit, je ne sais pas créer une nouvelle discussion si quelqu'un peut me rediriger le poste mais en tout cas si je peux me permettre, je viens d' attraper le même virus: TR/SPY.KeyLogger.bcm en sachant que j'utilise "Antivir" comme antivirus et il n'arrive pas à le supprimer.
Je suis sur vista, si quelqu'un peut m'aider ça serait gentil à vous. Je suis nouveau sur ce forum, je cueille l'occasion pour vous souhaiter quand même une bonne année.
PS: De ce que j'ai pu lire sur le net, je sais que ce virus est très méchant ça attaque les mots de passe "S.O.S"
Salutations
A voir également:
- S.O.S !!! KeyLogger !!!
- Keylogger gratuit - Télécharger - Contrôle parental
- Detecter un keylogger - Forum Virus
- Zemana anti keylogger - Télécharger - Antivirus & Antimalwares
- Logiciel revealer keylogger ??? - Forum Logiciels
- Recherche keylogger gratuit - Forum Virus
5 réponses
bonjour
1)pour vista si infection.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
2)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
1)pour vista si infection.
Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection: IMPORTANT A NE SURTOUT PAS OUBLIER):
- Va dans démarrer puis panneau de configuration
- Double Clique sur l'icône "Comptes d'utilisateurs"
- Clique ensuite sur désactiver et valide.
http://www.laboratoire-microsoft.org/tips-23933-desactiver-uac-vista.html
2)telecharge cela:util pour voir ce que peut etre l infection et agir ensuite.
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
installe le normallement comme tout autre programme dans c/programme/...............
clique sur do a scan and save a logfile, tu obtiens un rapport que tu colles.
rien a priori sur ton rapport.
1)on va regarder avec cet outil.
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)comment se nomme le fichier percu comme infecte.
1)on va regarder avec cet outil.
passe cet antimalware, fait comme indique
Telecharges malwaresbytes antimalwares(MBAM) : egalement tres util sur pb de pub mais pas tous malheureusement
Malwarebytes Anti-Malware: http://www.malwarebytes.org/mbam/program/mbam-setup.exe
Tutoriel Malwarebytes Anti-Malware: https://forum.pcastuces.com/malwarebytes_antimalwares___tutoriel-f31s3.htm
fais comme indique,mise a jour , scan complet en mode sans echec et les rapports.
COLLE LE RAPPORT APRES SUPPRESSION MERCI.
garde le et lance un scan tout les mois comme indique.
si tu as ad aware tu peux desinstalle car il ne reconnait plus grand chose.
2)comment se nomme le fichier percu comme infecte.
Bonsoir,
Voilà le rapport que vous m'avez demandé.
Concernant le virus "Antivir" il me l'affiche quand je vais dans panneau de configuration, désinstallation d'un fichier qui s'appelle "Adobe Flash CS3 Professional".
Le virus est dans ce fichier : C:\Users\Zazza\AppData\Local\Temp\MMBPlayer\winss.exe
et il m'affiche aussi : TR/SPY.KeyLogger.bcm (Troyan)
Merci encore pour votre aide
Cordialement
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1624
Windows 6.0.6000
2009-01-06 19:28:55
mbam-log-2009-01-06 (19-28-55).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 277311
Temps écoulé: 4 hour(s), 17 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Voilà le rapport que vous m'avez demandé.
Concernant le virus "Antivir" il me l'affiche quand je vais dans panneau de configuration, désinstallation d'un fichier qui s'appelle "Adobe Flash CS3 Professional".
Le virus est dans ce fichier : C:\Users\Zazza\AppData\Local\Temp\MMBPlayer\winss.exe
et il m'affiche aussi : TR/SPY.KeyLogger.bcm (Troyan)
Merci encore pour votre aide
Cordialement
Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1624
Windows 6.0.6000
2009-01-06 19:28:55
mbam-log-2009-01-06 (19-28-55).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|)
Eléments examinés: 277311
Temps écoulé: 4 hour(s), 17 minute(s), 47 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Ensuite,
*Rends toi sur ce site :
https://www.virustotal.com/gui/
*Clique sur "Parcourir" et cherche ce fichier : C:\Users\Zazza\AppData\Local\Temp\MMBPlayer\winss.exe
*Un rapport va s'élaborer ligne à ligne.
*Attends la fin. Il doit comprendre la taille du fichier envoyé.
*Sauvegarde le rapport avec le bloc-note.
*Copie le dans ta réponse.
*Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintena
*Rends toi sur ce site :
https://www.virustotal.com/gui/
*Clique sur "Parcourir" et cherche ce fichier : C:\Users\Zazza\AppData\Local\Temp\MMBPlayer\winss.exe
*Un rapport va s'élaborer ligne à ligne.
*Attends la fin. Il doit comprendre la taille du fichier envoyé.
*Sauvegarde le rapport avec le bloc-note.
*Copie le dans ta réponse.
*Si VirusTotal indique que le fichier a déjà été analysé, clique sur le bouton "Reanalyse" le fichier maintena
Bonsoir,
Ca me semble bizarre virustotal n'arrive pas à déterter le fichier "winss.exe".
J'ai même affiché les dossiers cachés dans les options.
J'ai fait un scan avec antivir, il détecte bien quelque chose voilà le rapport.
Cordialement
Avira AntiVir Personal
Report file date: 2009-01-07 09:20
Scanning for 1153470 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ZAZZA-PC
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-25 10:20:21
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 11:08:28
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 2008-12-24 16:03:24
ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 2009-01-02 10:26:14
ANTIVIR3.VDF : 7.1.1.74 158208 Bytes 2009-01-06 08:19:47
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-11-13 11:08:54
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 2008-12-12 09:33:01
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-13 11:08:49
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-13 11:08:48
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-13 11:08:47
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2008-12-12 09:32:56
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 2008-12-12 09:32:51
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-19 09:30:56
AEGEN.DLL : 8.1.1.8 323956 Bytes 2008-12-12 09:32:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-11-13 11:08:38
AECORE.DLL : 8.1.5.2 172405 Bytes 2008-11-30 16:23:17
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-11-13 11:08:36
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-13 11:08:35
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: F:\antivir\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2009-01-07 09:20
Starting search for hidden objects.
'98962' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'RacAgent.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'LogitechUpdate.exe' - '1' Module(s) have been scanned
Scan process 'LULnchr.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'DWLGTI.EXE' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'itype.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'psi.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
65 processes with 65 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\$Recycle.Bin\S-1-5-21-4150475883-491242599-128744888-1000\$RFLN537.rar
[0] Archive type: RAR
--> Photoshop CS4 Keygen\Photoshop CS4 Keygen\keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.drj back-door program
[NOTE] The file was moved to '49aa72b4.qua'!
C:\$Recycle.Bin\S-1-5-21-4150475883-491242599-128744888-1000\$RH5M46C.zip
[0] Archive type: ZIP
--> Adobe.Photoshop.CS4.Extended.v11.0.0.0.Crack.Only-NoPE/adobe.photoshop.cs4-nope.exe
[DETECTION] Contains recognition pattern of the DR/Inject.ivx.5 dropper
[NOTE] The file was moved to '49ac72ba.qua'!
Begin scan in 'D:\' <DIVERS-BUREAUX>
D:\LOGICIEL\ADOBE\Adobe-Flash-CS4\payloads\AdobeFlash10-STI-es\AdobeFlash10-STI-es1.cab
[0] Archive type: CAB (Microsoft)
--> _486_46a2b61d838038c13d3abcaef0ad7db1
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '49d388c8.qua'!
D:\LOGICIEL\ADOBE\Adobe-Flash-CS4\payloads\AdobeFlash10-STI-fr\AdobeFlash10-STI-fr1.cab
[0] Archive type: CAB (Microsoft)
--> _486_6a325317dbcfcf5002a2fb53e6b0960f
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '49d3a240.qua'!
D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r00
[0] Archive type: RAR
--> KPTCONV.2
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r01
[0] Archive type: RAR
--> KPTCONV.3
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r02
[0] Archive type: RAR
--> SETUP.INS
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 3\Kai's Power Tools 3.r00
[0] Archive type: RAR
--> DATA.3
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 3\Kai's Power Tools 3.r01
[0] Archive type: RAR
--> DATA.4
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 5\Kai's Power Tools 5.r28
[0] Archive type: RAR
--> _sys1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 5\Kai's Power Tools 5.r29
[0] Archive type: RAR
--> lang.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r00
[0] Archive type: RAR
--> KPT\DATA.1
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r05
[0] Archive type: RAR
--> KPT\ACTIONS\BACKGRND.ATN
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r06
[0] Archive type: RAR
--> KPT\ACTIONS\KPTACTNS.ATN
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r07
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\01.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r08
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\03.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r09
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\05.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r10
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\06.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r11
[0] Archive type: RAR
--> KPT\LIBRARY\BACKGRND\07.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r12
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\09.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r13
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\10.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r14
[0] Archive type: RAR
--> KPT\LIBRARY\TEXT\12.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r15
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\15.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r16
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\16.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r17
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\18.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r18
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\20.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r19
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\22.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\NENDO 3D PAINT 1.0\nendo 3d paint v1.r01
[0] Archive type: RAR
--> siege98.nfo
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\PANOPTICUM LENS PRO\panph.r00
[0] Archive type: RAR
--> DISK1.ID
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\RAYFLECT PHOTOTRACER FOR PS\rayflect phototracer.r00
[0] Archive type: RAR
--> Objects\Characters\Other\Minus.PTC
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\SPG WEBTOOLS PRO 4.007 FOR PS\spg webtools pro 4.r00
[0] Archive type: RAR
--> SIEGE99.NFO
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r00
[0] Archive type: RAR
--> Textissimo Library Addons\Effects\green red distressed.eff
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r01
[0] Archive type: RAR
--> Textissimo Library Addons\Effects\yell neon w shadow.eff
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r02
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\deep sea2.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r03
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\foliage2.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r04
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\microbworld7.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r05
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\prehistoric stone.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r06
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\Displace\Twirl.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TYPEADELIC FOR PHOTOSHOP ISO - 15MB\typeadelic.r09
[0] Archive type: RAR
--> Typeadelic\Typeadelic.cue
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\VERTIGO QUICKSPACE V1.3.1 FOR PS\vertigo quickspace 131.r00
[0] Archive type: RAR
--> Quickspace\Models\HouseHold\Realistic\Half-moon Table.3dmf
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\VERTIGO QUICKSPACE V1.3.1 FOR PS\vertigo quickspace 131.r01
[0] Archive type: RAR
--> Quickspace\QuickSpace 1.3.1\_user1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap2.zip
[0] Archive type: ZIP
--> crtlacp.r00
[1] Archive type: RAR
--> Runtime\Geometries\props\blLSnowShoe.obj
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap3.zip
[0] Archive type: ZIP
--> crtlacp.r01
[1] Archive type: RAR
--> Runtime\Geometries\props\blWaterSki.obj
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap4.zip
[0] Archive type: ZIP
--> crtlacp.r02
[1] Archive type: RAR
--> Runtime\Geometries\props\blMicrophone.rsr
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <BUREAUX>
Begin scan in 'F:\' <PROGRAMS>
End of the scan: 2009-01-07 14:53
Used time: 5:32:25 Hour(s)
The scan has been done completely.
33685 Scanning directories
1005547 Files were scanned
2 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1005541 Files not concerned
7701 Archives were scanned
42 Warnings
4 Notes
98962 Objects were scanned with rootkit scan
0 Hidden objects were found
Ca me semble bizarre virustotal n'arrive pas à déterter le fichier "winss.exe".
J'ai même affiché les dossiers cachés dans les options.
J'ai fait un scan avec antivir, il détecte bien quelque chose voilà le rapport.
Cordialement
Avira AntiVir Personal
Report file date: 2009-01-07 09:20
Scanning for 1153470 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows Vista
Windows version: (plain) [6.0.6000]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ZAZZA-PC
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 2008-11-18 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 2008-11-25 10:20:21
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 11:08:28
ANTIVIR1.VDF : 7.1.1.33 1705984 Bytes 2008-12-24 16:03:24
ANTIVIR2.VDF : 7.1.1.60 318976 Bytes 2009-01-02 10:26:14
ANTIVIR3.VDF : 7.1.1.74 158208 Bytes 2009-01-06 08:19:47
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-11-13 11:08:54
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 2008-12-12 09:33:01
AESCN.DLL : 8.1.1.5 123251 Bytes 2008-11-13 11:08:49
AERDL.DLL : 8.1.1.3 438645 Bytes 2008-11-13 11:08:48
AEPACK.DLL : 8.1.3.4 393591 Bytes 2008-11-13 11:08:47
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2008-12-12 09:32:56
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 2008-12-12 09:32:51
AEHELP.DLL : 8.1.2.0 119159 Bytes 2008-11-19 09:30:56
AEGEN.DLL : 8.1.1.8 323956 Bytes 2008-12-12 09:32:35
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-11-13 11:08:38
AECORE.DLL : 8.1.5.2 172405 Bytes 2008-11-30 16:23:17
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-11-13 11:08:36
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-11-13 11:08:35
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: F:\antivir\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:, F:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: 2009-01-07 09:20
Starting search for hidden objects.
'98962' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'RacAgent.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'LogitechUpdate.exe' - '1' Module(s) have been scanned
Scan process 'LULnchr.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'COCIManager.exe' - '1' Module(s) have been scanned
Scan process 'Mise-a-jour-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'Notification-LiveSearch.exe' - '1' Module(s) have been scanned
Scan process 'DWLGTI.EXE' - '1' Module(s) have been scanned
Scan process 'btdna.exe' - '1' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '1' Module(s) have been scanned
Scan process 'dpupdchk.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'Communications_Helper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'Quickcam.exe' - '1' Module(s) have been scanned
Scan process 'itype.exe' - '1' Module(s) have been scanned
Scan process 'CTHELPER.EXE' - '1' Module(s) have been scanned
Scan process 'psi.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LVPrcSrv.exe' - '1' Module(s) have been scanned
Scan process 'LVComSer.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'taskeng.exe' - '1' Module(s) have been scanned
Scan process 'dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SLsvc.exe' - '1' Module(s) have been scanned
Scan process 'audiodg.exe' - '0' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvvsvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
65 processes with 65 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '53' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\$Recycle.Bin\S-1-5-21-4150475883-491242599-128744888-1000\$RFLN537.rar
[0] Archive type: RAR
--> Photoshop CS4 Keygen\Photoshop CS4 Keygen\keygen.exe
[DETECTION] Contains a recognition pattern of the (harmful) BDS/VB.drj back-door program
[NOTE] The file was moved to '49aa72b4.qua'!
C:\$Recycle.Bin\S-1-5-21-4150475883-491242599-128744888-1000\$RH5M46C.zip
[0] Archive type: ZIP
--> Adobe.Photoshop.CS4.Extended.v11.0.0.0.Crack.Only-NoPE/adobe.photoshop.cs4-nope.exe
[DETECTION] Contains recognition pattern of the DR/Inject.ivx.5 dropper
[NOTE] The file was moved to '49ac72ba.qua'!
Begin scan in 'D:\' <DIVERS-BUREAUX>
D:\LOGICIEL\ADOBE\Adobe-Flash-CS4\payloads\AdobeFlash10-STI-es\AdobeFlash10-STI-es1.cab
[0] Archive type: CAB (Microsoft)
--> _486_46a2b61d838038c13d3abcaef0ad7db1
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '49d388c8.qua'!
D:\LOGICIEL\ADOBE\Adobe-Flash-CS4\payloads\AdobeFlash10-STI-fr\AdobeFlash10-STI-fr1.cab
[0] Archive type: CAB (Microsoft)
--> _486_6a325317dbcfcf5002a2fb53e6b0960f
[DETECTION] Contains HEUR/HTML.Malware suspicious code
[NOTE] The file was moved to '49d3a240.qua'!
D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r00
[0] Archive type: RAR
--> KPTCONV.2
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r01
[0] Archive type: RAR
--> KPTCONV.3
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S CONVOLVER\KptCnvlr.r02
[0] Archive type: RAR
--> SETUP.INS
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 3\Kai's Power Tools 3.r00
[0] Archive type: RAR
--> DATA.3
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 3\Kai's Power Tools 3.r01
[0] Archive type: RAR
--> DATA.4
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 5\Kai's Power Tools 5.r28
[0] Archive type: RAR
--> _sys1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAI'S POWER TOOLS 5\Kai's Power Tools 5.r29
[0] Archive type: RAR
--> lang.dat
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r00
[0] Archive type: RAR
--> KPT\DATA.1
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r05
[0] Archive type: RAR
--> KPT\ACTIONS\BACKGRND.ATN
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r06
[0] Archive type: RAR
--> KPT\ACTIONS\KPTACTNS.ATN
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r07
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\01.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r08
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\03.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r09
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\05.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r10
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\06.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r11
[0] Archive type: RAR
--> KPT\LIBRARY\BACKGRND\07.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r12
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\09.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r13
[0] Archive type: RAR
--> KPT\LIBRARY\BUTTONS\10.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r14
[0] Archive type: RAR
--> KPT\LIBRARY\TEXT\12.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r15
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\15.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r16
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\16.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r17
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\18.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r18
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\20.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\KAIS POWER TOOLS ACTIONS\KPT_Actions.r19
[0] Archive type: RAR
--> KPT\LIBRARY\FRAMES\22.JPG
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\NENDO 3D PAINT 1.0\nendo 3d paint v1.r01
[0] Archive type: RAR
--> siege98.nfo
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\PANOPTICUM LENS PRO\panph.r00
[0] Archive type: RAR
--> DISK1.ID
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\RAYFLECT PHOTOTRACER FOR PS\rayflect phototracer.r00
[0] Archive type: RAR
--> Objects\Characters\Other\Minus.PTC
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\SPG WEBTOOLS PRO 4.007 FOR PS\spg webtools pro 4.r00
[0] Archive type: RAR
--> SIEGE99.NFO
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r00
[0] Archive type: RAR
--> Textissimo Library Addons\Effects\green red distressed.eff
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r01
[0] Archive type: RAR
--> Textissimo Library Addons\Effects\yell neon w shadow.eff
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r02
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\deep sea2.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r03
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\foliage2.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r04
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\microbworld7.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r05
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\prehistoric stone.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TEXTISSIMO PRESETS\textissimo 2 presets.r06
[0] Archive type: RAR
--> Textissimo Library Addons\Tiles\Displace\Twirl.tif
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\TYPEADELIC FOR PHOTOSHOP ISO - 15MB\typeadelic.r09
[0] Archive type: RAR
--> Typeadelic\Typeadelic.cue
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\VERTIGO QUICKSPACE V1.3.1 FOR PS\vertigo quickspace 131.r00
[0] Archive type: RAR
--> Quickspace\Models\HouseHold\Realistic\Half-moon Table.3dmf
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\VERTIGO QUICKSPACE V1.3.1 FOR PS\vertigo quickspace 131.r01
[0] Archive type: RAR
--> Quickspace\QuickSpace 1.3.1\_user1.cab
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap2.zip
[0] Archive type: ZIP
--> crtlacp.r00
[1] Archive type: RAR
--> Runtime\Geometries\props\blLSnowShoe.obj
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap3.zip
[0] Archive type: ZIP
--> crtlacp.r01
[1] Archive type: RAR
--> Runtime\Geometries\props\blWaterSki.obj
[WARNING] No further files can be extracted from this archive. The archive will be closed
D:\Photoshop---------------------------------------------\EFFETS\ZYGOTE.ACCECCORIES.FOR.POSER3-CARTEL\crtlzap4.zip
[0] Archive type: ZIP
--> crtlacp.r02
[1] Archive type: RAR
--> Runtime\Geometries\props\blMicrophone.rsr
[WARNING] No further files can be extracted from this archive. The archive will be closed
Begin scan in 'E:\' <BUREAUX>
Begin scan in 'F:\' <PROGRAMS>
End of the scan: 2009-01-07 14:53
Used time: 5:32:25 Hour(s)
The scan has been done completely.
33685 Scanning directories
1005547 Files were scanned
2 viruses and/or unwanted programs were found
2 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
1005541 Files not concerned
7701 Archives were scanned
42 Warnings
4 Notes
98962 Objects were scanned with rootkit scan
0 Hidden objects were found
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
J'en avais un aussi, il s'etait installé comme "Adobe cs3 Professional" c'etait impossible a désinstaller, quand j'essayais de le faire une fenetre d'installation faux d'adobe sors et c'est ecris controle ok bla bla bla.
Mais si vous avez le meme probleme, quand vous essayez de le désinstaller vous verrez que y a un setup qui apparait dans gestionnaire de taches>Processus> faites >propriété et trouvez la ou il se cache puis supprimer.
je l'ai supprime depuis Mode sans echec mais j'avais trouvé le fichier en mode normal.
j'espere que ça vous aidera car j'ai essayé pleins d'autres trucs avant de pouvoir le faire...
Mais si vous avez le meme probleme, quand vous essayez de le désinstaller vous verrez que y a un setup qui apparait dans gestionnaire de taches>Processus> faites >propriété et trouvez la ou il se cache puis supprimer.
je l'ai supprime depuis Mode sans echec mais j'avais trouvé le fichier en mode normal.
j'espere que ça vous aidera car j'ai essayé pleins d'autres trucs avant de pouvoir le faire...
voilà le rapport
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:35, on 2009-01-06
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16764)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\CTHELPER.EXE
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
F:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\logishrd\LComMgr\Communications_Helper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Zazza\Program Files\DNA\btdna.exe
C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
C:\Users\Zazza\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
C:\Users\Zazza\AppData\Roaming\Microsoft\Live Search\Mise-a-jour-LiveSearch.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\SYSTEM32\taskeng.exe
F:\PSIS\PSI (RC4)\psi.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
F:\Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
C:\program files\logitech\quickcam\lu\LogitechUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - F:\NetTransport 2\NTIEHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - F:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [TrayServer] F:\Magix-aquisition-analogique\TrayServer.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\Photoshop-Elements-6\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [avgnt] "F:\Antivir\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "F:\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Zazza\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Startup: Outil de notification Live Search.lnk = Zazza\AppData\Roaming\Microsoft\Live Search\Notification-LiveSearch.exe
O4 - Global Startup: D-Link AirPlus G+ Wireless Adapter Utility.lnk = C:\Program Files\D-Link\D-Link AirPlus G+ Wireless Adapter Utility\DWLGTI.EXE
O8 - Extra context menu item: &Télécharger avec NetTransport - F:\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Chercher avec Copernic Agent - res://F:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Download Video on This Page - F:\YouTube Video Downloader\IEPage.html
O8 - Extra context menu item: Download Video This Links To - F:\YouTube Video Downloader\IELink.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://F:\OFFICE~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Tout t&élécharger avec NetTransport - F:\NetTransport 2\NTAddList.html
O9 - Extra button: Download Video - {11F19C45-9675-488A-A8E0-8E8234DC245D} - F:\YouTube Video Downloader\IEPage.html
O9 - Extra 'Tools' menuitem: Download Video on This Page - {11F19C45-9675-488A-A8E0-8E8234DC245D} - F:\YouTube Video Downloader\IEPage.html
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Démarrer Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - F:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\OFFICE~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{209FB938-2AFC-4CFC-9917-60637CDA280D}: NameServer = 212.27.54.252,213.228.0.212
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\Photoshop-Elements-6\PhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - F:\Antivir\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - F:\Antivir\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: NBService - Nero AG - F:\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe