Navipromo BZC ? - Page 2

Précédent
  • 1
  • 2
  1. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    reposte moi un nouvel HJT stp...
    0
  2. juju77
     
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:56:20, on 19/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

    Settings,ProxyServer = 213.205.99.187:8080
    R0 - HKCU\Software\Microsoft\Internet

    Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} -

    C:\Program Files\IEPro\iepro.dll
    O2 - BHO: Skype add-on (mastermind) -

    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program

    Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch -

    {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program

    Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}

    - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper -

    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers

    communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class -

    {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program

    Files\FlashGet\getflash.dll
    O3 - Toolbar: Veoh Browser Plug-in -

    {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh

    Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

    C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

    C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP

    Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

    Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe

    DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe

    PS2USBKbdDrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program

    Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone

    Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh

    Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE]

    C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE]

    C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

    C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

    C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers

    communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program

    Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

    Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program

    Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet -

    C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet -

    C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel -

    res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences -

    {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program

    Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences -

    {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program

    Files\IEPro\iepro.dll
    O9 - Extra button: (no name) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) -

    {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07}

    - C:\Program Files\Skype\Toolbars\Internet

    Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) -

    {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner

    v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} -

    C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet -

    {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

    Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet -

    {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program

    Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -

    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine

    Advantage Validation Tool) -

    http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX

    Control) -

    http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} -

    http://www.streamplug.com/StreamPlug/SP.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE

    Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} -

    http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro

    .com/housecall/xscan53.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online

    Scanner 3.0) - https://www.f-secure.com/en/home/support
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online

    Scanner 3.3) - https://www.f-secure.com/en/home/support
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}

    - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program

    Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL

    Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program

    Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program

    Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program

    Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) -

    Macrovision Corporation - C:\Program Files\Fichiers

    communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

    Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP -

    C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs,

    LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  3. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Mouarfff, ;-DD tu a copi/collé le rapport ligne par ligne ??

    refais le stp, c'est pas facile a lire comme ça, il est " écorché " lol....

    Relance Hijackthis en double cliquant sur son raccourci sur le Bureau.
    Choisis l'option "Do a system scan and save a log file"
    Clique sur "Save log" pour enregistrer le rapport qui s'ouvrira avec le bloc-note
    Clique sur "Edition" ->> "Sélectionner tout", puis sur "Edition" ->> Copier" pour copier tout le contenu du rapport
    Comment fixer les lignes et générer un rapport <---- voir ici
    0
  4. juju77
     
    oups...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 23:56:20, on 19/04/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16640)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
    C:\installe DRIVERS\Trust\Trust Keyboard 15036\PS2USBKbdDrv.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\julien rom\Bureau\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 213.205.99.187:8080
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: IE7Pro BHO - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IEPro\iepro.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [WireLessKeyboard] C:\installe DRIVERS\Trust\Trust Keyboard 15036\StartAutorun.exe PS2USBKbdDrv.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IEPro\iepro.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/activex/TmHcmsX.CAB
    O16 - DPF: {2019DC25-D1C0-11D6-97B3-0008A124F542} - http://www.streamplug.com/StreamPlug/SP.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    ok, je préfère ;-DD

    Relance HijackThis, choisis "do a scan only"
    coche la case devant les lignes ci-dessous ( qui sont inutiles au lancement du pc ) et clic en bas sur "fix checked".

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
    O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - https://www.f-secure.com/en/home/support


    tuto en images

    Ferme HJT !

    ALCMTR.EXE <---ce fichier est probablement placé dans C:\Windows ou C:\Windows\System32, utilise la fonction rechercher via "démarrer/rechercher/des fichiers ou des dossiers" pour le débusquer !!!
    Il se peut meme qu'il y en ai plusieurs ! Supprime les tous !!
    Il s'agit d un spyware installé avec les Realtek AC97 Audio intégrés dans certaines cartes mère pour récolter des infos sur leurs clients !
    ============================================

    Bon, ça m'a l'air ok, tu feras ceci demain !

    Avast! est loin de ce que l'on a fait de mieux en matière de protection.

    Je te conseillerais plutot AVIRA ANTIVIR ( GRATUIT EGALEMENT ) à la place de Avast !
    Pourquoi ?
    un autre avis ?
    Toujours pas convaincu ? ici, l'avis des Masters en désinfection !

    Donc télécharge AVIRA Antivir si tu veux l'esssayer.
    Avira antivir PersonalEdition Classic

    Ensuite hors connexion supprime AVAST
    Pour suppimer Avast correctement :

    Installe ANTIVIR...
    TUTO D' installation par Malekal
    Tuto D'instalation et de mise en Oeuvre
    encore un au cas ou...
    Reconnecte toi, fais les mises à jours Antivir... tu seras mieux protégé !

    Après l'installation, mets le à jour - si ton firewall fait une alerte.. accepte la connexion.
    Assure toi qu'Antivir est bien à jour, vérifie la date d'update.

    Redémarre en mode sans échec !
    Pour cela, redémarre l'ordinateur, avant le logo Windows, tapote sur la touche F8, un menu va apparaître, choisis Mode sans échec et appuye sur la touche entrée du clavier.

    - Ouvre Antivir par le menu Démarrer / Programmes
    - Cliquez sur l'onglet Scanner.
    - Sélectionne Manual Selection
    - Sélectionne le disque C
    - Lance le scan - Mets en quarantaine tous les éléments détectés.
    - Une fois le scan terminé Enregistre le rapport.

    Redémarre en mode normal.

    Poste le rapport ici.

    @+
    0
  7. juju77
     
    J'ai bien fixé avec HijackThis les lignes que tu m'a indiqué;
    puis j'ai recherché ALCMTR.EXE, j'en trouve 3 :

    Alcmtr.exe =>dans=> C:\WINDOWS
    Alcmtr.exe =>dans=> C:\Program Files\Realtek\InstallShield
    ALCMTR.EXE-235F9538.pf =>dans=> C:\WINDOWS\Prefetch

    je supprimes bien les 3 fichiers ?

    je vais supprimer avast pour ANTIVIR, faire un scan et le poster.

    Merci

    ps : je ne peux touojurs pas supprimer un gros dossiers sur mon disque dur externe; message : "disque protégé en écriture, plein ou actuellement occupé par une application"
    0
  8. jorginho67 Messages postés 15447 Statut Contributeur sécurité 1 169
     
    Alcmtr.exe =>dans=> C:\WINDOWS
    Alcmtr.exe =>dans=> C:\Program Files\Realtek\InstallShield
    ALCMTR.EXE-235F9538.pf =>dans=> C:\WINDOWS\Prefetch


    Oui, vire les tous.

    Tu n'avais pas branché ton DD ext ?

    Branche le pendant le scan avira...

    @+
    0
  9. juju77
     
    j'ai donc supprimé les 3 fichiers puis installé antivir et j'ai lancé un scan (en mode sans echec);
    antivir me détecte plusieurs infections, une seule sur mon système et toutes les autres dans un dossier nommé "tempp" sur mon disque externe I:\

    je précise qu'a toutes les procédures que vous m'avez indiquez mon disque dur externe est resté branché.

    le problème c'est que antivir ou tout autre utilitaire n'a pas les accès pour procéder a la suppression des fichiers infectés même en mode sans echec même en admin, j'ai l'impression que le nombre de fichiers infectés augmente dans le dossier "tempp" , de plus je n'ai pas besoin de ce dossier, je penses que le plus simple serait de le supprimer entièrement mais je n'y arrive pas sous windows. pensez vous qu'une manipulation en ms dos pourrait me permettre de supprimer ce dossier de mon disque externe ?

    Si je ne trouve pas d'autre solution, je copierais mes données (sauf tempp) sur un autre disque externe et j'essaierais de le formater, j'espère qu'il ne me posera pas de problème pour formater.

    j'attends vos avis merci.

    je dépose ci dessous mon derniers scan antivir (en mode sans echec) :

    Avira AntiVir Personal
    Report file date: dimanche 20 avril 2008 02:09

    Scanning for 1218459 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: julien rom
    Computer name: ORDI-JUJU

    Version information:
    BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 20/04/2008 00:04:31
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 20/04/2008 00:04:31
    LUKE.DLL : 8.1.2.9 151809 Bytes 20/04/2008 00:04:31
    LUKERES.DLL : 8.1.2.1 12033 Bytes 20/04/2008 00:04:31
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 00:04:32
    ANTIVIR2.VDF : 7.0.3.156 795136 Bytes 11/04/2008 00:04:32
    ANTIVIR3.VDF : 7.0.3.188 342016 Bytes 18/04/2008 00:04:32
    Engineversion : 8.1.0.32
    AEVDF.DLL : 8.1.0.5 102772 Bytes 20/04/2008 00:04:32
    AESCRIPT.DLL : 8.1.0.26 233850 Bytes 20/04/2008 00:04:32
    AESCN.DLL : 8.1.0.14 119156 Bytes 20/04/2008 00:04:32
    AERDL.DLL : 8.1.0.19 418164 Bytes 20/04/2008 00:04:32
    AEPACK.DLL : 8.1.1.2 364917 Bytes 20/04/2008 00:04:32
    AEOFFICE.DLL : 8.1.0.18 192890 Bytes 20/04/2008 00:04:32
    AEHEUR.DLL : 8.1.0.18 1167735 Bytes 20/04/2008 00:04:32
    AEHELP.DLL : 8.1.0.14 115063 Bytes 20/04/2008 00:04:32
    AEGEN.DLL : 8.1.0.17 299380 Bytes 20/04/2008 00:04:32
    AEEMU.DLL : 8.1.0.5 430450 Bytes 20/04/2008 00:04:32
    AECORE.DLL : 8.1.0.27 168310 Bytes 20/04/2008 00:04:32
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 20/04/2008 00:04:31
    AVPREF.DLL : 8.0.0.1 25857 Bytes 20/04/2008 00:04:31
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 20/04/2008 00:04:31
    AVARKT.DLL : 1.0.0.23 307457 Bytes 20/04/2008 00:04:31
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 20/04/2008 00:04:31
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 20/04/2008 00:04:31
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 20/04/2008 00:04:31
    NETNT.DLL : 8.0.0.1 7937 Bytes 20/04/2008 00:04:31
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 20/04/2008 00:04:30
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 20/04/2008 00:04:30

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: on
    Scan boot sector.................: on
    Boot sectors.....................: C:, I:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: dimanche 20 avril 2008 02:09

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    11 processes with 11 modules were scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!
    Master boot sector HD1
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'I:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '39' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Documents and Settings\julien rom\Mes documents\Downloads\PowerISO v4.0 + [AGAiN keygen]\keygen.exe
    [DETECTION] Is the Trojan horse TR/Drop.Virtumo.dlm
    [NOTE] The file was moved to '48838add.qua'!
    C:\WINDOWS\system32\drivers\sptd.sys
    [WARNING] The file could not be opened!
    Begin scan in 'I:\' <CIBOX400G>
    les fichiers en I:\cedric\ sont des sauvegardes de fichiers de programmation connus je les aient donc ignorés
    I:\cedric\5000100\arc\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\5000100\Attic\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\dev\Teleacte\Projects\ExternalsLibraries\Release\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\dev\Teleacte\Projects\FramePlayer.root\FramePlayer\Genapi.Word.FramePlayer\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\FrameWork.GenApi\shell\iNovaShell-SCSF\Lib\Teleacte\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\Projects.SOA\i-Nova.SOA\GenApi.iNova.SmartAppStarter\bin\Debug\Files\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\Projects.SOA\i-Nova.SOA\GenApi.iNova.SmartAppStarter\Files\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070111\I-NOT.DOT
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070129\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\cedric\Projects.SOA\i-Nova.SOA\i-Nova.WebSite\Bin\20070129\From Externals\i-Not.dot
    [DETECTION] Contains suspicious code HEUR/Macro.Word2000
    [NOTE] The fund was classified as suspicious.
    [WARNING] The file was not repaired as requested!
    I:\tempp\recup_dir.110\f82088584.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.113\f85575032.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.131\f334011072.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.146\f343994960.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.149\f356827312.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.159\f420760888.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.162\f432121608.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.165\f434168040.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.172\f441574080.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.180\f451814168.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.183\f454096800.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.185\f459178992.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.189\f461891888.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.194\f476060136.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.195\f476436168.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.198\f481575352.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.199\f483666560.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.200\f485918096.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.203\f488171680.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.206\f490753168.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.212\f496130640.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.214\f498503976.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.215\f499776128.exe
    [DETECTION] Is the Trojan horse TR/Dropper.Gen
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.218\f500514600.txt
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.22\f11524200.doc
    [DETECTION] Contains detection pattern of the exploits EXP/CVE-2006-4534
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.231\f522958656.h
    [DETECTION] Contains suspicious code HEUR/HTML.Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.232\f525139800.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.27\f14721176.exe
    [DETECTION] Contains suspicious code HEUR/Crypted
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.281\f612840120.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.281\f612843392.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\tempp\recup_dir.286\f623138416.exe
    [DETECTION] Contains suspicious code HEUR/Malware
    [NOTE] The fund was classified as suspicious.
    [WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
    [WARNING]
    I:\utilitaires\logiciel anti spyware\RegFreeze Fr v5.3 + Patch\RegFreeze Fr v5.3 + Patch\Patch Fr\fr-patch.exe
    [DETECTION] Is the Trojan horse TR/PSWeric2.RNF
    [NOTE] The file was moved to '4837a368.qua'!

    End of the scan: dimanche 20 avril 2008 03:57
    Used time: 1:48:14 min

    The scan has been done completely.

    17630 Scanning directories
    1169534 Files were scanned
    9 viruses and/or unwanted programs were found
    35 Files were classified as suspicious:
    0 files were deleted
    0 files were repaired
    2 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    1169525 Files not concerned
    5640 Archives were scanned
    44 Warnings
    36 Notes
    0
Précédent
  • 1
  • 2