Malware-gen coriace
Résolu
nasnak
Messages postés
14
Date d'inscription
Statut
Membre
Dernière intervention
-
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
g!rly Messages postés 18215 Date d'inscription Statut Contributeur Dernière intervention -
Slt tt le monde!! j'ai un serieux problem avec un VBS Malware-gen!! j'ai lu et suivi les étapes pour le suprimer mais sans aucun effet!!
-j'ai deamrrer en "MODE SANS ECHEC"
-j'ai ensuite scanner tt mon pc avec"AVAST"
-j'arrive à localiser le fichier autorun, je le supprime mais il revient tjrs!
J'ai mm essayer avc la methode du "msconfig et BOOTSAFE" mais tjrs rien!!
Besoin d'une sacrée aide!!
Thanks!
-j'ai deamrrer en "MODE SANS ECHEC"
-j'ai ensuite scanner tt mon pc avec"AVAST"
-j'arrive à localiser le fichier autorun, je le supprime mais il revient tjrs!
J'ai mm essayer avc la methode du "msconfig et BOOTSAFE" mais tjrs rien!!
Besoin d'une sacrée aide!!
Thanks!
A voir également:
- Malware-gen coriace
- Malwarebytes anti-malware - Télécharger - Antivirus & Antimalwares
- Win64 malware gen ✓ - Forum Virus
- Win64:Malware-gen ✓ - Forum Virus
- Gridinsoft anti-malware ✓ - Forum Virus
- Win32pup-gen ✓ - Forum Linux / Unix
16 réponses
re,
ouvre le bloc note et copie colle les commandes ci dessous :
@echo on
taskkill /im explorer.exe /f
taskkill /im wscript.exe
start reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXplorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
start reg import kill.reg
del c:\autorun.* /f /q /as
del %SYSTEMROOT%\system32\autorun.* /f /q /as
del d:\autorun.* /f /q /as
del e:\autorun.* /f /q /as
del f:\autorun.* /f /q /as
del g:\autorun.* /f /q /as
del h:\autorun.* /f /q /as
del i:\autorun.* /f /q /as
del j:\autorun.* /f /q /as
del k:\autorun.* /f /q /as
del l:\autorun.* /f /q /as
start explorer.exe
ferme le bloc et enregistre le sur le bureau sous le nom de kill_autorun_vbs.bat
va sur le bureau et double clik sur kill_autorun_vbs.bat et laisse le faire son boulot
Débranche ensuite le disque externe, et télécharge ensuite l'outil Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Utilisation :
Téléchargez et enregistrez Flash_Disinfector.exe sur votre bureau.
Double cliquez sur Flash_Disinfector.exe pour le lancer.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
Connectez votre clé USB et périphériques USB externes susceptibles d'avoir été infectés.
Puis cliquez sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"
Appuyez sur "Ok", pour faire réapparaitre le bureau.
Puis click sur Démarrer > Exécuter puis tape cmd et valide.
Dans la fenêtre de l'invite copie et colle ces lignes de commandes une après l'autre en validant à chaque fois avec [entrée] avant de copier/coller la suivante :
RD \\.\C:\autorun.inf /Q /S
RD \\.\E:\autorun.inf /Q /S
RD \\.\G:\autorun.inf /Q /S
Respect les espaces
repost le rapport de G!rly.bat apres les manips`
Desinstales ce programme : C:\Program Files\Macrogaming
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
ouvre le bloc note et copie colle les commandes ci dessous :
@echo on
taskkill /im explorer.exe /f
taskkill /im wscript.exe
start reg add HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\EXplorer\Advanced /v ShowSuperHidden /t REG_DWORD /d 1 /f
start reg import kill.reg
del c:\autorun.* /f /q /as
del %SYSTEMROOT%\system32\autorun.* /f /q /as
del d:\autorun.* /f /q /as
del e:\autorun.* /f /q /as
del f:\autorun.* /f /q /as
del g:\autorun.* /f /q /as
del h:\autorun.* /f /q /as
del i:\autorun.* /f /q /as
del j:\autorun.* /f /q /as
del k:\autorun.* /f /q /as
del l:\autorun.* /f /q /as
start explorer.exe
ferme le bloc et enregistre le sur le bureau sous le nom de kill_autorun_vbs.bat
va sur le bureau et double clik sur kill_autorun_vbs.bat et laisse le faire son boulot
Débranche ensuite le disque externe, et télécharge ensuite l'outil Flash_Disinfector de sUBs:
http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe
Utilisation :
Téléchargez et enregistrez Flash_Disinfector.exe sur votre bureau.
Double cliquez sur Flash_Disinfector.exe pour le lancer.
Quand le message : "Plug in yours flash drive & clic Ok to begin disinfection" apparaitra :
Connectez votre clé USB et périphériques USB externes susceptibles d'avoir été infectés.
Puis cliquez sur Ok
Les icônes sur le bureau vont disparaitre jusqu'à l'apparition du message: "Done!!"
Appuyez sur "Ok", pour faire réapparaitre le bureau.
Puis click sur Démarrer > Exécuter puis tape cmd et valide.
Dans la fenêtre de l'invite copie et colle ces lignes de commandes une après l'autre en validant à chaque fois avec [entrée] avant de copier/coller la suivante :
RD \\.\C:\autorun.inf /Q /S
RD \\.\E:\autorun.inf /Q /S
RD \\.\G:\autorun.inf /Q /S
Respect les espaces
repost le rapport de G!rly.bat apres les manips`
Desinstales ce programme : C:\Program Files\Macrogaming
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
re,
Bonsoir cotonou ;-)
donc oui fix wareout n´est pas necessaire...
j´ai ete une fois au togo pour une mission humanitaire, c´etait super !
moi j´habite a helsinki en finlande; fait plutot froid par ici ;-)
instales un par feu comme je t´ai indiqué.
puis regarde ceci :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instal l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
je te dis tout ca sur antivir car j´aimerais que tu fasses un scan complet de ta machine a l´aide de ce dernier avec les reglages stipulés ci dessus.
apres bien enttendu tu garde antivir ;-)
Post le rapport d´antivir dans ta procahine reponse.
@+
Bonsoir cotonou ;-)
donc oui fix wareout n´est pas necessaire...
j´ai ete une fois au togo pour une mission humanitaire, c´etait super !
moi j´habite a helsinki en finlande; fait plutot froid par ici ;-)
instales un par feu comme je t´ai indiqué.
puis regarde ceci :
antivir vs avast :
-> http://forum.malekal.com/ftopic3528.php
alors je te conseille de le desinstaller et d´installer antivir a la place
Telecharge et instal l'antivirus Antivir Personal Edition Classic :
->https://www.malekal.com/avira-free-security-antivirus-gratuit/
https://www.avira.com/en/prime
http://mickael.barroux.free.fr/securite/antivir.php
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...
une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level
je te dis tout ca sur antivir car j´aimerais que tu fasses un scan complet de ta machine a l´aide de ce dernier avec les reglages stipulés ci dessus.
apres bien enttendu tu garde antivir ;-)
Post le rapport d´antivir dans ta procahine reponse.
@+
salut,
Ouvre le bloc notes (Démarrer >> exécuter et tape notepad), et copie tout ce qui ci-dessous:
@ echo off
if exist \G!RLY.TXT del \G!RLY.TXT
FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO IF EXIST %%A: (
IF EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Non trouvé>>\G!RLY.TXT
IF EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Non trouvé>>\G!RLY.TXT
)
IF EXIST %WINDIR%\MS32DLL.dll.vbs (
ECHO %WINDIR%\MS32DLL.dll.vbs Présent>>\G!RLY.TXT) else (
ECHO %WINDIR%\MS32DLL.dll.vbs non trouvé >>\G!RLY.TXT)
REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
notepad \G!RLY.TXT
exit
Dans le menu du bloc notes, clic sur "Fichier" >> Enregistrer sous.
Choisis le bureau comme lieu d'enregistrement, puis dans:
Type -> choisis "tous les fichiers"
Nom du fichier -> tape G!RLY.bat
clic sur enregistrer.
Sur ton bureau tu auras maintenant un fichier nommé G!RLY.bat.
Connecte les périphériques externes susceptibles d'avoir été infectés au pc:
Clé USB, DD externe... etc
Puis une fois fait, double clic sur le fichier G!RLY.bat.
Une fenêtre noire va s'ouvrir et se refermer rapidement, c'est normal.
Le bloc note va s'ouvrir ensuite avec le listing des fichiers que le script aura détecté.
Copie et colle ici le contenu de ce rapport.
@+
Ouvre le bloc notes (Démarrer >> exécuter et tape notepad), et copie tout ce qui ci-dessous:
@ echo off
if exist \G!RLY.TXT del \G!RLY.TXT
FOR %%A in (C D E F G H I J K L M N O P Q R S T U V W X Y Z) DO IF EXIST %%A: (
IF EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\autorun.inf ECHO %%A:\autorun.inf Non trouvé>>\G!RLY.TXT
IF EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Présent>>\G!RLY.TXT
IF NOT EXIST %%A:\MS32DLL.dll.vbs ECHO %%A:\MS32DLL.dll.vbs Non trouvé>>\G!RLY.TXT
)
IF EXIST %WINDIR%\MS32DLL.dll.vbs (
ECHO %WINDIR%\MS32DLL.dll.vbs Présent>>\G!RLY.TXT) else (
ECHO %WINDIR%\MS32DLL.dll.vbs non trouvé >>\G!RLY.TXT)
REG QUERY "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
REG QUERY "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" >>\G!RLY.TXT
notepad \G!RLY.TXT
exit
Dans le menu du bloc notes, clic sur "Fichier" >> Enregistrer sous.
Choisis le bureau comme lieu d'enregistrement, puis dans:
Type -> choisis "tous les fichiers"
Nom du fichier -> tape G!RLY.bat
clic sur enregistrer.
Sur ton bureau tu auras maintenant un fichier nommé G!RLY.bat.
Connecte les périphériques externes susceptibles d'avoir été infectés au pc:
Clé USB, DD externe... etc
Puis une fois fait, double clic sur le fichier G!RLY.bat.
Une fenêtre noire va s'ouvrir et se refermer rapidement, c'est normal.
Le bloc note va s'ouvrir ensuite avec le listing des fichiers que le script aura détecté.
Copie et colle ici le contenu de ce rapport.
@+
C:\autorun.inf Présent
C:\MS32DLL.dll.vbs Non trouvé
D:\autorun.inf Non trouvé
D:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Non trouvé
E:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Non trouvé
G:\MS32DLL.dll.vbs Non trouvé
I:\autorun.inf Présent
I:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe"
eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
RecGuard REG_SZ C:\Windows\SMINST\RecGuard.exe
hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
TVPService REG_SZ "C:\Program Files\HP\TVPlay\TVPService.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
DAEMON Tools REG_SZ "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
a-squared REG_SZ "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
DialMessenger REG_SZ "C:\Program Files\DialMessenger\dialmessenger.exe" -background
kava REG_SZ C:\WINDOWS\system32\kavo.exe
C:\MS32DLL.dll.vbs Non trouvé
D:\autorun.inf Non trouvé
D:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Non trouvé
E:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Non trouvé
G:\MS32DLL.dll.vbs Non trouvé
I:\autorun.inf Présent
I:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
ATIPTA REG_SZ "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
HP Software Update REG_SZ C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
SynTPEnh REG_SZ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
QPService REG_SZ "C:\Program Files\HP\QuickPlay\QPService.exe"
eabconfg.cpl REG_SZ C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
Cpqset REG_SZ C:\Program Files\HPQ\Default Settings\cpqset.exe
RecGuard REG_SZ C:\Windows\SMINST\RecGuard.exe
hpWirelessAssistant REG_SZ C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
TVPService REG_SZ "C:\Program Files\HP\TVPlay\TVPService.exe"
TkBellExe REG_SZ "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
LVCOMSX REG_SZ C:\WINDOWS\system32\LVCOMSX.EXE
DAEMON Tools REG_SZ "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
Adobe Reader Speed Launcher REG_SZ "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
a-squared REG_SZ "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
swg REG_SZ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
msnmsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
DialMessenger REG_SZ "C:\Program Files\DialMessenger\dialmessenger.exe" -background
kava REG_SZ C:\WINDOWS\system32\kavo.exe
Re,
bon, passe ceci :
Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!
Mais post le rapport dans un nouveau message stp sur le forum
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
bon, passe ceci :
Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!
Mais post le rapport dans un nouveau message stp sur le forum
http://pageperso.aol.fr/balltrap34/demofairesontmessage.htm
C:\autorun.inf Non trouvé
C:\MS32DLL.dll.vbs Non trouvé
D:\autorun.inf Non trouvé
D:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Non trouvé
E:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
IgfxTray REG_SZ C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\System32\hkcmd.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
StorageGuard REG_SZ "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
dla REG_SZ C:\WINDOWS\system32\dla\tfswctrl.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz REG_SZ nwiz.exe /install
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
Share-to-Web Namespace Daemon REG_SZ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
eCarteBleue-PREM REG_SZ "C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA PREMIER\ECB-PREM.exe" /dontopenmycards
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
EoEngine REG_SZ
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
D-Link AirPremier AG DWL-AG132 Utility REG_SZ C:\Program Files\D-Link\AirPremier AG DWL-AG132 Utility\AirPMCFG.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
IDMan REG_SZ C:\Program Files\Internet Download Manager\IDMan.exe /onboot
C:\MS32DLL.dll.vbs Non trouvé
D:\autorun.inf Non trouvé
D:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Non trouvé
E:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
hpsysdrv REG_SZ c:\windows\system\hpsysdrv.exe
IgfxTray REG_SZ C:\WINDOWS\System32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\System32\hkcmd.exe
KBD REG_SZ C:\HP\KBD\KBD.EXE
StorageGuard REG_SZ "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
dla REG_SZ C:\WINDOWS\system32\dla\tfswctrl.exe
Recguard REG_SZ C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon REG_SZ RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
nwiz REG_SZ nwiz.exe /install
PS2 REG_SZ C:\WINDOWS\system32\ps2.exe
Share-to-Web Namespace Daemon REG_SZ C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
ORAHSSSessionManager REG_SZ C:\Program Files\Orange\SessionManager\SessionManager.exe
SystrayORAHSS REG_SZ "C:\Program Files\Orange\Systray\SystrayApp.exe"
eCarteBleue-PREM REG_SZ "C:\Program Files\e-Carte Bleue\CL\e-Carte Bleue VISA PREMIER\ECB-PREM.exe" /dontopenmycards
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
EoEngine REG_SZ
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre6\bin\jusched.exe"
D-Link AirPremier AG DWL-AG132 Utility REG_SZ C:\Program Files\D-Link\AirPremier AG DWL-AG132 Utility\AirPMCFG.exe
avast! REG_SZ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
IDMan REG_SZ C:\Program Files\Internet Download Manager\IDMan.exe /onboot
Voici le rapport G!RLY
----------------------------------------------------------------------
C:\autorun.inf Présent
C:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Présent
E:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Présent
G:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
VTTimer REG_SZ VTTimer.exe
DrvIcon REG_SZ E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
VTTrayp REG_SZ VTtrayp.exe
DownloadAccelerator REG_SZ "E:\\DAP\DAP.EXE" /STARTUP
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
avast! REG_SZ E:\Avast\ashDisp.exe
Norton Ghost 9.0 REG_SZ C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
amva REG_SZ C:\WINDOWS\system32\amvo.exe
SweetIM REG_SZ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
ares REG_SZ "C:\Program Files\Ares\Ares.exe" -h
----------------------------------------------------------------------
----------------------------------------------------------------------
C:\autorun.inf Présent
C:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Présent
E:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Présent
G:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
VTTimer REG_SZ VTTimer.exe
DrvIcon REG_SZ E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
VTTrayp REG_SZ VTtrayp.exe
DownloadAccelerator REG_SZ "E:\\DAP\DAP.EXE" /STARTUP
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
avast! REG_SZ E:\Avast\ashDisp.exe
Norton Ghost 9.0 REG_SZ C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
amva REG_SZ C:\WINDOWS\system32\amvo.exe
SweetIM REG_SZ C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
ares REG_SZ "C:\Program Files\Ares\Ares.exe" -h
----------------------------------------------------------------------
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Voici ce que ça donne: apparemment il ne detecte plus rien n'est-ce pas??
-------------------------------------------------------------------
C:\autorun.inf Non trouvé
C:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Non trouvé
E:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Non trouvé
G:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
VTTrayp REG_SZ VTtrayp.exe
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
avast! REG_SZ E:\Avast\ashDisp.exe
VTTimer REG_SZ VTTimer.exe
DrvIcon REG_SZ E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
FrameWorkService REG_SZ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
AdobeUpdater REG_SZ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
FrameWorkService REG_SZ
--------------------------------------------------------------------------------------------------
-------------------------------------------------------------------
C:\autorun.inf Non trouvé
C:\MS32DLL.dll.vbs Non trouvé
E:\autorun.inf Non trouvé
E:\MS32DLL.dll.vbs Non trouvé
G:\autorun.inf Non trouvé
G:\MS32DLL.dll.vbs Non trouvé
C:\WINDOWS\MS32DLL.dll.vbs non trouvé
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck REG_SZ C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
VTTrayp REG_SZ VTtrayp.exe
SunJavaUpdateSched REG_SZ C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
avast! REG_SZ E:\Avast\ashDisp.exe
VTTimer REG_SZ VTTimer.exe
DrvIcon REG_SZ E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
FrameWorkService REG_SZ
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
CTFMON.EXE REG_SZ C:\WINDOWS\system32\ctfmon.exe
AdobeUpdater REG_SZ C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
FrameWorkService REG_SZ
--------------------------------------------------------------------------------------------------
salut nasnak,
oui c est ok
pour voire le reste :
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
oui c est ok
pour voire le reste :
Télécharge HijackThis ici :
-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
Tutoriel d´instalation : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/Hijenr.gif
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
Post le rapport généré ici stp...
@+
Le voila:
--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:34:28, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\VTtrayp.exe
E:\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\RocketDock\RocketDock.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0_cracked.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0_cracked.exe
C:\Program Files\Motorola Phone Tools\mPhonetools.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
e:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [DrvIcon] E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O8 - Extra context menu item: &Clean Traces - E:\\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - E:\\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA277E0C-56B2-428D-86E3-E32F3689F5F7}: NameServer = 81.91.225.18
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\tuneup\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:34:28, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTTimer.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\VTtrayp.exe
E:\DAP\DAP.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Avast\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
E:\RocketDock\RocketDock.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0_cracked.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0_cracked.exe
C:\Program Files\Motorola Phone Tools\mPhonetools.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
e:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [DrvIcon] E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O8 - Extra context menu item: &Clean Traces - E:\\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - E:\\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA277E0C-56B2-428D-86E3-E32F3689F5F7}: NameServer = 81.91.225.18
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\tuneup\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
re,
a l´aide de hijack this coche et fix les lignes ci dessous
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: Dos Optimizer.pif = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
puis il y a ca qui me dit rien qui vaille
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0 _cracked.e xe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0 _cracked.e xe
installes ceci :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
puis j´immagine que que tu n´habites pas a Cotonou (Rep. du Benin)?!
il y a une entrée sur ton pc qui pointe vers la bas
si tu n´habites pas vers la bas :
fais ceci :
Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
@+
a l´aide de hijack this coche et fix les lignes ci dessous
O2 - BHO: Ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - (no file)
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - Startup: Dos Optimizer.pif = ?
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (file missing)
comment fixer :
Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)
-> http://pageperso.aol.fr/balltrap34/demohijack.htm
puis il y a ca qui me dit rien qui vaille
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0 _cracked.e xe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Corel Draw\CorelDRAW_Graphics_Suite_X4_v14.0_cracked\CorelDRAW_Graphics_Suite_X4_v14.0 _cracked.e xe
installes ceci :
par feu : kerio
http://www.malekal.com/kerio_firewall.php#mozTocId721480
https://www.vulgarisation-informatique.com/kerio.php
https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall
ou zone alarm plus facil a configurer mais moins performant
https://www.malekal.com/tutoriel-zonealarm-firewall/
puis j´immagine que que tu n´habites pas a Cotonou (Rep. du Benin)?!
il y a une entrée sur ton pc qui pointe vers la bas
si tu n´habites pas vers la bas :
fais ceci :
Télécharge FixWareout d'un de ces deux sites sur le bureau:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe
Lance le fix: clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis clique sur Finish.
Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.
*Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt) avec un nouveau rapport HijackThis! dans ta prochaine réponse.
@+
J'habite bien Cotonou G!RLY alors je suppose que le FixWareout n'est pas vraiment nécessaire?!
Bon voici le nouveau rapport de Hijackthis:
------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:24, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Avast\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\RocketDock\RocketDock.exe
C:\Documents and Settings\Nas-Sn@k\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\SAN AnDREAS\GTA San Andréas\gta_sa.exe
C:\Documents and Settings\Nas-Sn@k\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Documents and Settings\Nas-Sn@k\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Motorola Phone Tools\mPhonetools.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
E:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.172.11.17:9201
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [DrvIcon] E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [RocketDock] "E:\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O8 - Extra context menu item: &Clean Traces - E:\\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - E:\\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA277E0C-56B2-428D-86E3-E32F3689F5F7}: NameServer = 81.91.225.18
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\tuneup\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Bon voici le nouveau rapport de Hijackthis:
------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:23:24, on 12/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
E:\Avast\aswUpdSv.exe
E:\Avast\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\PROGRA~1\FICHIE~1\Stardock\SDMCP.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\ups.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
E:\Avast\ashMaiSv.exe
E:\Avast\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
E:\Avast\ashDisp.exe
C:\WINDOWS\system32\VTTimer.exe
E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
C:\WINDOWS\system32\ctfmon.exe
E:\RocketDock\RocketDock.exe
C:\Documents and Settings\Nas-Sn@k\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\MSN Messenger\msnmsgr.exe
E:\SAN AnDREAS\GTA San Andréas\gta_sa.exe
C:\Documents and Settings\Nas-Sn@k\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Documents and Settings\Nas-Sn@k\Menu Démarrer\Programmes\Démarrage\Dos Optimizer.pif
C:\Program Files\Motorola Phone Tools\mPhonetools.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
E:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=66016
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.172.11.17:9201
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: VMN Toolbar - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - C:\PROGRA~1\VMNTOO~1\VMNTOO~1.DLL
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] E:\Avast\ashDisp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [DrvIcon] E:\LOGICIELS\ALL MY SETUP\SYSTEM\BUREAUTIQUES\Vista Drive Icon\DrvIcon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [RocketDock] "E:\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "E:\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Dos Optimizer.pif = ?
O8 - Extra context menu item: &Clean Traces - E:\\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - E:\\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Download &all with DAP - E:\\DAP\dapextie2.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://E:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA277E0C-56B2-428D-86E3-E32F3689F5F7}: NameServer = 81.91.225.18
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - E:\Avast\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - E:\Avast\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - E:\Avast\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - E:\Avast\ashWebSv.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - E:\tuneup\WinStylerThemeSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
Sory pr le retard G!RLY,j'ai telecharger Antivir et Kerio mais je n'ai pu installer que le "Antivir". Le kerio me dit que l'installation est impossible a cause d'un problème interne (impossible d'afficher les comptes quand je vais dans " panneaux de configuration",pareil pour le média player11).
Voici le rapport Antivir:
-----------------------------------------------------------------------------------------
AntiVir PersonalEdition Classic
Report file date: jeudi 14 février 2008 22:14
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BTX
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 14:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 13:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 16:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 13:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 15:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 15:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 15:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 15:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 18:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 11:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 08:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 09:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 08:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 13:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 08:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 12:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 13:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 13:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 10:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: jeudi 14 février 2008 22:14
Starting search for hidden objects.
'51226' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Opera.exe' - '1' Module(s) have been scanned
Scan process 'mPhonetools.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'Dos Optimizer.pif' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DrvIcon.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SDMCP.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'UAService7.exe' - '1' Module(s) have been scanned
Scan process 'ups.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'PQV2iSvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'gearsec.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '19' files ).
Starting the file scan:
Begin scan in 'C:\' <Disc Local>
C:\d.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Nas-Sn@k\Local Settings\Temp\slun.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Nas-Sn@k\Mes documents\Mes fichiers reçus\EmoticonesLove.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4823c060.qua'!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP1\A0000003.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP11\A0007859.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP12\A0007872.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP13\A0007877.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP14\A0007883.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP15\A0007891.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP16\A0007931.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP17\A0007956.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008030.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008252.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008254.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012271.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012272.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012273.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012283.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012285.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012298.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012300.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012329.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012330.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012341.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012342.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012343.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012356.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012358.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012373.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012375.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0000091.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0000138.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0001108.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0001110.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0002109.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0003690.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0003691.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0004527.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0004528.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0005596.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0005599.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0006596.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0006599.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012438.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012440.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012452.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012453.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP22\A0012777.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0012779.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013479.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013481.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013523.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013524.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP26\A0018017.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP3\A0006734.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP4\A0006826.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP5\A0006830.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP6\A0006852.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP7\A0007259.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP8\A0007326.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP8\A0007838.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP9\A0007843.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
Begin scan in 'E:\' <Nasnak Disc>
E:\d.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Adobe Photoshop CS3\Adobe Keygens.zip
[0] Archive type: ZIP
--> Adobe Keygens/Adobe_CS2.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was deleted!
E:\Nokia\Nokia PC Suite 6\PCSuite.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4807ceab.qua'!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP1\A0000002.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP11\A0007861.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP12\A0007874.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP13\A0007879.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP14\A0007885.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP15\A0007893.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP16\A0007933.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP17\A0007958.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008032.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008256.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012274.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012287.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012302.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012333.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012344.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012363.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012377.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0000093.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0001112.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0003693.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0004530.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0005601.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0006601.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012425.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012442.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012455.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0012783.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013482.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP26\A0018018.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP26\A0018019.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47e4d034.qua'!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP3\A0006736.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP4\A0006828.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP5\A0006832.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP6\A0006854.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP7\A0007261.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP8\A0007328.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP9\A0007845.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
End of the scan: jeudi 14 février 2008 23:36
Used time: 1:22:54 min
The scan has been done completely.
6046 Scanning directories
356423 Files were scanned
99 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
99 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
356324 Files not concerned
2493 Archives were scanned
2 Warnings
2 Notes
51226 Objects were scanned with rootkit scan
0 Hidden objects were found
-----------------------------------------------------------------------------------------------------------
Voici le rapport Antivir:
-----------------------------------------------------------------------------------------
AntiVir PersonalEdition Classic
Report file date: jeudi 14 février 2008 22:14
Scanning for 835736 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: BTX
Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 14:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 13:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 16:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 13:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 15:27:15
ANTIVIR1.VDF : 7.0.0.0 1640448 Bytes 13/09/2007 15:26:55
ANTIVIR2.VDF : 7.0.0.1 2048 Bytes 13/09/2007 15:27:04
ANTIVIR3.VDF : 7.0.0.2 2048 Bytes 13/09/2007 15:27:13
AVEWIN32.DLL : 7.6.0.15 2806272 Bytes 17/09/2007 18:43:56
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 11:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 08:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 14:16:24
AVPACK32.DLL : 7.3.0.15 360488 Bytes 03/08/2007 09:46:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 08:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 13:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 08:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 12:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 13:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 13:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 10:37:21
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high
Start of the scan: jeudi 14 février 2008 22:14
Starting search for hidden objects.
'51226' objects were checked, '0' hidden objects were found.
The scan of running processes will be started
Scan process 'avnotify.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'Opera.exe' - '1' Module(s) have been scanned
Scan process 'mPhonetools.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'NclUSBSrv.exe' - '1' Module(s) have been scanned
Scan process 'ServiceLayer.exe' - '1' Module(s) have been scanned
Scan process 'Dos Optimizer.pif' - '1' Module(s) have been scanned
Scan process 'RocketDock.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'DrvIcon.exe' - '1' Module(s) have been scanned
Scan process 'VTTimer.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'SDMCP.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'UAService7.exe' - '1' Module(s) have been scanned
Scan process 'ups.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'PQV2iSvc.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'gearsec.exe' - '1' Module(s) have been scanned
Scan process 'cisvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
44 processes with 44 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[NOTE] No virus was found!
Master boot sector HD1
[NOTE] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'E:\'
[NOTE] No virus was found!
Starting to scan the registry.
The registry was scanned ( '19' files ).
Starting the file scan:
Begin scan in 'C:\' <Disc Local>
C:\d.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Nas-Sn@k\Local Settings\Temp\slun.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\Documents and Settings\Nas-Sn@k\Mes documents\Mes fichiers reçus\EmoticonesLove.exe
[DETECTION] Contains suspicious code HEUR/Crypted
[INFO] The file was moved to '4823c060.qua'!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP1\A0000003.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP11\A0007859.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP12\A0007872.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP13\A0007877.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP14\A0007883.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP15\A0007891.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP16\A0007931.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP17\A0007956.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008030.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008252.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008254.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012271.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012272.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012273.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012283.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012285.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012298.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012300.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012329.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012330.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012341.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012342.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012343.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012356.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012358.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012373.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012375.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0000091.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0000138.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0001108.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0001110.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0002109.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0003690.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0003691.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0004527.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0004528.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0005596.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0005599.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0006596.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0006599.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012438.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012440.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012452.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012453.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP22\A0012777.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0012779.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013479.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013481.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013523.exe
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013524.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP26\A0018017.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP3\A0006734.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP4\A0006826.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP5\A0006830.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP6\A0006852.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP7\A0007259.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP8\A0007326.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP8\A0007838.dll
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
C:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP9\A0007843.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
Begin scan in 'E:\' <Nasnak Disc>
E:\d.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\pagefile.sys
[WARNING] The file could not be opened!
E:\LOGICIELS\ALL MY SETUP\SYSTEM\CORELDRAW\Adobe Photoshop CS3\Adobe Keygens.zip
[0] Archive type: ZIP
--> Adobe Keygens/Adobe_CS2.exe
[DETECTION] Is the Trojan horse TR/Agent.RIR.135
[INFO] The file was deleted!
E:\Nokia\Nokia PC Suite 6\PCSuite.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '4807ceab.qua'!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP1\A0000002.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP11\A0007861.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP12\A0007874.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP13\A0007879.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP14\A0007885.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP15\A0007893.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP16\A0007933.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP17\A0007958.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008032.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0008256.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012274.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012287.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012302.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP18\A0012333.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012344.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012363.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP19\A0012377.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0000093.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0001112.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0003693.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0004530.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0005601.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP2\A0006601.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012425.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012442.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP20\A0012455.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0012783.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP23\A0013482.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP26\A0018018.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP26\A0018019.exe
[DETECTION] Contains suspicious code HEUR/Malware
[INFO] The file was moved to '47e4d034.qua'!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP3\A0006736.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP4\A0006828.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP5\A0006832.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP6\A0006854.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP7\A0007261.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP8\A0007328.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
E:\System Volume Information\_restore{DBE83A34-5475-4AC5-B9DB-5AFC1DAEE40A}\RP9\A0007845.com
[DETECTION] Is the Trojan horse TR/Crypt.NSPM.Gen
[INFO] The file was deleted!
End of the scan: jeudi 14 février 2008 23:36
Used time: 1:22:54 min
The scan has been done completely.
6046 Scanning directories
356423 Files were scanned
99 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
99 files were deleted
0 files were repaired
3 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
356324 Files not concerned
2493 Archives were scanned
2 Warnings
2 Notes
51226 Objects were scanned with rootkit scan
0 Hidden objects were found
-----------------------------------------------------------------------------------------------------------
salut nasnak,
Pas grave pour le retard, y a pas l´feu non plus...
Télécharge Zeb-Restore http://telechargement.zebulon.fr/zeb-restore.html enregistre ce fichier sur le bureau.
-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
- Coche la case devant :
Sites de confiance et sensibles
Préfixes et Protocoles Internet
Réinitialiser Fichier Hosts
- Ne coche aucune autre case
-Clique sur Restaurer
-Redémarre ton PC
dis moi si tu arrives a telecharger kerio apres ca.
@+
Pas grave pour le retard, y a pas l´feu non plus...
Télécharge Zeb-Restore http://telechargement.zebulon.fr/zeb-restore.html enregistre ce fichier sur le bureau.
-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
- Coche la case devant :
Sites de confiance et sensibles
Préfixes et Protocoles Internet
Réinitialiser Fichier Hosts
- Ne coche aucune autre case
-Clique sur Restaurer
-Redémarre ton PC
dis moi si tu arrives a telecharger kerio apres ca.
@+
oui j'arrive à le telecharger mais j'arrive pas à l'installer; ca me dit: Internal Erro 2738
c'est quoi le problème cette fois ci ?
c'est quoi le problème cette fois ci ?
Essaie de prendre celui ci :
https://www.malekal.com/tutoriel-zonealarm-firewall/
dis moi quoi
@+
https://www.malekal.com/tutoriel-zonealarm-firewall/
dis moi quoi
@+
Slt G!RLY! j'ai eu un problème plus ou moins sérieux avec mon pc alors j'ai du reinstaller mon xp!!
A présent le kerio marche et j'ai remis Antivir!
Dis, y'a une configuration particulièer à faire pour le Kerio?
Alors le temps en Finlande...? tu tiens le coup avec la fraîcheur?
Plus de Virus à présent sur mon pc mais quand j'introduis une clé usb il ya un fichier ayant le même nom que ma session qui se pointe aussitot et antivir ne semble pas réagir face à ça!!! Dois je m'inquiéter?
Voicile dernier rapport HJT:
----------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:48, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\OPTI-SAFE Xtreme\ntevent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\OPTI-SAFE Xtreme\onevent.exe
C:\Program Files\OPTI-SAFE Xtreme\ntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OPTI-SAFE Xtreme\upsagentd.exe
C:\Program Files\OPTI-SAFE Xtreme\powersrv.exe
C:\Program Files\OPTI-SAFE Xtreme\upsis.exe
E:\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\RocketDock\RocketDock.exe
C:\Program Files\Motorola Phone Tools\mPhonetools.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A749925F-2118-44C4-92DB-0162BD618D7D}: NameServer = 81.91.225.18
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: OPTI-SAFE Xtreme OnEvent (onevent) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\ntevent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OPTI-SAFE Xtreme UPS (powersrv) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\ntsrv.exe
O23 - Service: OPTI-SAFE Xtreme SNMP Agent (SNMPAGENTSRV) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\upsagentd.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: OPTI-SAFE Xtreme Web Server (upsis) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\upsis.exe
A présent le kerio marche et j'ai remis Antivir!
Dis, y'a une configuration particulièer à faire pour le Kerio?
Alors le temps en Finlande...? tu tiens le coup avec la fraîcheur?
Plus de Virus à présent sur mon pc mais quand j'introduis une clé usb il ya un fichier ayant le même nom que ma session qui se pointe aussitot et antivir ne semble pas réagir face à ça!!! Dois je m'inquiéter?
Voicile dernier rapport HJT:
----------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:32:48, on 24/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
E:\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\OPTI-SAFE Xtreme\ntevent.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\OPTI-SAFE Xtreme\onevent.exe
C:\Program Files\OPTI-SAFE Xtreme\ntsrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\OPTI-SAFE Xtreme\upsagentd.exe
C:\Program Files\OPTI-SAFE Xtreme\powersrv.exe
C:\Program Files\OPTI-SAFE Xtreme\upsis.exe
E:\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
E:\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\RocketDock\RocketDock.exe
C:\Program Files\Motorola Phone Tools\mPhonetools.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprbUpdate.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [RocketDock] "E:\RocketDock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A749925F-2118-44C4-92DB-0162BD618D7D}: NameServer = 81.91.225.18
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - E:\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: OPTI-SAFE Xtreme OnEvent (onevent) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\ntevent.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: OPTI-SAFE Xtreme UPS (powersrv) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\ntsrv.exe
O23 - Service: OPTI-SAFE Xtreme SNMP Agent (SNMPAGENTSRV) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\upsagentd.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: OPTI-SAFE Xtreme Web Server (upsis) - Unknown owner - C:\Program Files\OPTI-SAFE Xtreme\upsis.exe
Salut Nasnak,
je suis bien malheureuse d´apprendre que tu es du tout reinstaller ;-(
Oui par ici il fais assez froid (3'C pendant la journée), mais ca va comparé a l´année derniere par exemple (-15' C)...
Par chez toi il doit faire meilleure ! Chanceux vas :D
pour tes histoires de cle usb :
Tu vas faire ceci :
Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!
@+
je suis bien malheureuse d´apprendre que tu es du tout reinstaller ;-(
Oui par ici il fais assez froid (3'C pendant la journée), mais ca va comparé a l´année derniere par exemple (-15' C)...
Par chez toi il doit faire meilleure ! Chanceux vas :D
pour tes histoires de cle usb :
Tu vas faire ceci :
Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
Télécharge Rav antivirus: http://ww25.evosla.com/compteur.php?soft=rav_antivirus
• Clique droit sur le fichier .ZIP > Extraire sur > le Bureau
• Doucle clic sur >> RAV.exe << afin de lancer l'outil.
• Une fois RAV ANTIVIRUS lancé, laisse-le réagir, il scanne automatiquement tous les lecteurs (disques fixes et amovibles)
• Si infection > un rapport s'établira, sinon s'affichera (très rapide) ==>Votre Ordinateur est sain .
• Retire tes disques amovibles et redémarre ton ordinateur .
Poste le rapport , si infection!
@+