Bonjour, au moment de brancher et telecharger des photos de ma carte m'emoire d'appareil photo, il y a eu un message qui me disait qu'un Cheval de troie a été detecté sur cette source (mon appareil photo). Ce message est apparu sur un ordinateur bien protégé par un anti virus. Depuis je crains le pire pour mon ordinateur personnel, d'ou j'imagine que le virus vient. Cependant, je n'ai rien remarqué d'anormal ces derniers temps sur mon ordi. Est ce que je peux remettre mon appareil photo pour formater la carte ou bien ca ne resoudra pas mon probleme ? C'est un port usb. Je n'ai jamais transporte de fichier autres que des photos prises avec l'appareil sur la carte. Comment faire pour savoir si cela vient de moi ? Merci d'avance pour vos réponses.

Virus detecté au branchement de mon app.photo

Réponse 1 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 20:17

Bonjour,

on commence comme ça (appareil photo non connecté) :

Clique sur ce lien
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
pour télécharger le fichier d'installation d'HijackThis.

Enregistre HJTInstall.exe sur ton bureau.

Double-clique sur HJTInstall.exe pour lancer le programme

Par défaut, il s'installera là :
C:\Program Files\Trend Micro\HijackThis

Accepte la license en cliquant sur le bouton "I Accept"

Ferme Hijackthis en cliquant sur la croix-rouge.

Télécharge DSS (Deckard's System Scanner de Deckard) sur ton Bureau à partir de ce lien :

http://www.techsupportforum.com/sectools/Deckard/dss.exe

Choisis "Enregistrer" et "Bureau" comme emplacement.

Ferme toutes les applications en cours (très important, sinon l'ordi peut planter).

Double-clique sur DSS.exe pour lancer l'outil.

S'il ne trouve pas HijackThis, clique sur Oui.

Clique sur OK à chaque fois que cela sera demandé.

L'analyse finie, un fichier texte s'affichera. Poste son contenu dans ta réponse.

Le rapport se trouve ici : C:\Deckard\System Scanner\main.txt.

clakettegirl
11 juin 2008 à 21:02

bonsoir, merci de la reponse rapide. Apres avoir effcetue les operation ci dessus, voici les rapports que j'obtiens : Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: Mobile Intel(R) Pentium(R) 4 CPU 3.06GHz
Percentage of Memory in Use: 57%
Physical Memory (total/avail): 494.8 MiB / 209.73 MiB
Pagefile Memory (total/avail): 1157.42 MiB / 1000.51 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1927.07 MiB

C: is Fixed (NTFS) - 27.95 GiB total, 12.78 GiB free.
D: is Fixed (NTFS) - 27.94 GiB total, 17.98 GiB free.
E: is CDROM (CDFS)
F: is Fixed (FAT32) - 153.35 GiB total, 33.31 GiB free.

\\.\PHYSICALDRIVE0 - TOSHIBA MK6021GAS - 55.89 GiB - 2 partitions
\PARTITION0 (bootable) - Asennettava tiedostojärjestelmä - 27.95 GiB - C:
\PARTITION1 - Laajennettu ja laajennettu Int 13 - 27.95 GiB - D:

\\.\PHYSICALDRIVE1 - HDS72251 6VLAT20 USB Device - 153.38 GiB - 1 partition
\PARTITION0 (bootable) - Unknown - 153.38 GiB - F:

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

AntivirusOverride is set.

FW: Kerio Personal Firewall v4.1.2 T (Kerio)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe"="C:\\Program Files\\Kerio\\Personal Firewall 4\\kpf4gui.exe:*:Enabled:Kerio Personal Firewall 4 - GUI"
"C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe"="C:\\Program Files\\VoipStunt.com\\VoipStunt\\VoipStunt.exe:*:Enabled:VoipStunt"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"="C:\\Program Files\\Winamp Remote\\bin\\Orb.exe:*:Enabled:Orb"
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe:*:Enabled:OrbTray"
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"="C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe:*:Enabled:Orb Stream Client"
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe:*:Enabled:AOL Loader"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Pietu\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=MYLADY
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Pietu
LOGONSERVER=\\MYLADY
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\SYSTEM32;C:\WINDOWS;C:\WINDOWS\SYSTEM32\WBEM;C:\Program Files\OpenVPN\bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 2 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0209
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Pietu\LOCALS~1\Temp
TMP=C:\DOCUME~1\Pietu\LOCALS~1\Temp
USERDOMAIN=MYLADY
USERNAME=Pietu
USERPROFILE=C:\Documents and Settings\Pietu
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

Pietu [I](admin)/I

-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.1 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81000000003}
Alps Pointing-device Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
ArcSoft Camera Suite --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD708DF0-9F04-4CB3-821A-85804A833B4D}\setup.exe" -l0x9 -uninst
BSPlayer --> "C:\Program Files\BSPlayer\uninstall.exe"
CD/DVD-aseman Acoustic Silencer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}\Setup.exe" -l0xb
Compatibility Pack for the 2007 Office system --> MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
D-Link AirPlus XtremeG+ Wireless LAN Adapter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A2F67EA3-0721-4E0D-A7B9-AE8F321303AF}\Setup.exe" -l0x9
DC++ (remove only) --> "C:\Program Files\DC++\uninstall.exe"
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Driver Detective --> C:\Program Files\InstallShield Installation Information\{621C02EA-AAFF-4026-A903-165D59529A16}\setup.exe -runfromtemp -l0x0409
DVD-RAM-ohjain --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}\setup.exe" DVD-RAM Driver
ffdshow (remove only) --> "C:\Program Files\ffdshow\uninstall.exe"
Google Earth --> MsiExec.exe /I{97C0EA4A-1A0B-4C53-ACEB-49984DA79C90}
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Huffyuv AVI lossless video codec (Remove Only) --> rundll.exe setupx.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\HUFFYUV.INF
Intel(R) Extreme Graphics Driver --> RUNDLL32.EXE C:\WINDOWS\System32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_3582
Intel(R) PRO Network Adapters and Drivers --> Prounstl.exe
InterVideo WinDVD 4 --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
InterVideo WinDVD Creator 2 --> "C:\Program Files\InstallShield Installation Information\{2FCE4FC5-6930-40E7-A4F1-F862207424EF}\setup.exe" REMOVEALL
Iomega Automatic Backup --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{42ABF3F2-2C5E-43FA-BBFF-58E4295F23CA}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}
Logitech QuickCam --> MsiExec.exe /I{26AA53D5-1307-48F9-A80F-A4D25F5849D4}
Match-Up! --> MsiExec.exe /I{439800C9-FD42-4EA3-94D2-063DF0926873}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Data Access Components KB870669 --> C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Laskin + --> MsiExec.exe /I{AF53B4D9-B6FF-44E5-A3E9-1A14F7033B6E}
Microsoft Office Project MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-00B4-040B-0000-0000000FF1CE}
Microsoft Office Project Standard 2007 --> MsiExec.exe /X{91120000-003A-0000-0000-0000000FF1CE}
Microsoft Office Project Standard 2007 Trial --> "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PRJSTDR /dll OSETUP.DLL
Microsoft Office Proof (English) 2007 --> MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (Finnish) 2007 --> MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007 --> MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Swedish) 2007 --> MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE}
Microsoft Office Proofing (Finnish) 2007 --> MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Finnish) 2007 --> MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{9112040B-6000-11D3-8CFE-0150048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero --> MsiExec.exe /X{A4D7B764-4140-11D4-88EB-0050DA3579C0}
OpenVPN 2.1_beta7-gui-1.0.3 --> C:\Program Files\OpenVPN\Uninstall.exe
Photo Story 3 Windowsia varten --> MsiExec.exe /I{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB896727) --> "C:\WINDOWS\$NtUninstallKB896727$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920342) --> "C:\WINDOWS\$NtUninstallKB920342$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB925720) --> "C:\WINDOWS\$NtUninstallKB925720$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB932823-v3) --> "C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB936357) --> "C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
QuickTime --> C:\WINDOWS\unvise32qt.exe C:\WINDOWS\System32\QuickTime\Uninstall.log
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Security Update for Office 2007 (KB934062) --> msiexec /package {91120000-003A-0000-0000-0000000FF1CE} /uninstall {305D509B-F194-4638-9F0F-D9E4C05F9D33}
Security Update for the 2007 Microsoft Office System (KB936960) --> msiexec /package {91120000-003A-0000-0000-0000000FF1CE} /uninstall {5E5BD655-7AA9-47F9-BB6D-A1D8CE29AC86}
Skype 2.5 --> "C:\Program Files\Skype\Phone\unins000.exe"
Sun Java Runtime Environment and JMF --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FFA98080-B0C6-11D5-91CB-005004F84FA1}\Setup.exe" -l0xb
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys ohjelmistolle Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB883939) --> "C:\WINDOWS\$NtUninstallKB883939$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899588) --> "C:\WINDOWS\$NtUninstallKB899588$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905915) --> "C:\WINDOWS\$NtUninstallKB905915$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912812) --> "C:\WINDOWS\$NtUninstallKB912812$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913446) --> "C:\WINDOWS\$NtUninstallKB913446$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925454) --> "C:\WINDOWS\$NtUninstallKB925454$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB941693) --> "C:\WINDOWS\$NtUninstallKB941693$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB943055) --> "C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB945553) --> "C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB946026) --> "C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB948590) --> "C:\WINDOWS\$NtUninstallKB948590$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB948881) --> "C:\WINDOWS\$NtUninstallKB948881$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB950749) --> "C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
TOSHIBA-konsoli --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3CF0858D-1AC5-4308-9DE7-AD15288A8BDC}\Setup.exe" -l0xb
TOSHIBA-käsikirjat --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{188BA1CC-F3A1-49B0-A34D-8C861C64E1AE}\Setup.exe" -l0xb
TOSHIBA-näppäinyhdistelmäapuohjelma näytöille --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\TFNF5Wxp.inf,DefaultUninstall,5
TOSHIBA-ohjaustoiminnot --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A6690C0E-B96E-4F0F-A8EB-D5B332454AC6}\Setup.exe" -l0xb UNINSTALL
TOSHIBA-virransäästäjä --> C:\WINDOWS\IsUn040b.exe -f"C:\Program Files\TOSHIBA\Power Saver\Uninst.isu" -c"C:\WINDOWS\System32\TPSDel.dll"
TOSHIBA ConfigFree --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}\setup.exe" -l0xb UNINSTALL
TOSHIBA SD Memory Card Format --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48CF9A66-5F03-4025-ABD0-B3A3FA095A59}\Setup.exe" -l0xb
TOSHIBA Software Modem --> Tosmreg -U
TOSHIBA TouchPad On/Off -apuohjelma V2.05.00 --> C:\WINDOWS\IsUn040b.exe -f"C:\Program Files\TOSHIBA\TouchED\Uninst.isu" -c"C:\Program Files\TOSHIBA\TouchED\tpedinst.dll"
TOSHIBA Utilities --> tutildel.exe
TOSHIBAN PC-diagnostiikkatyökalu --> C:\WINDOWS\IsUn040b.exe -f"C:\Program Files\TOSHIBA\PCDiag\Uninst.isu"
Touch and Launch --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3470FBE6-B743-420F-B5CE-0D27FA749C16}\Setup.exe" -l0xb
Unity Web Player --> C:\Program Files\Unity\WebPlayer\Uninstall.exe
Update for Office 2007 (KB932080) --> msiexec /package {91120000-003A-0000-0000-0000000FF1CE} /uninstall {EDC9CA29-6BC1-471C-828C-7A36109005D7}
Update for Office 2007 (KB946691) --> msiexec /package {91120000-003A-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278}
USB-to-PDA setting program --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F98388B4-BEDC-4799-90D3-C3C3624D2217}\setup.exe" -l0x9 -uninst
WaveMax Sound Editor 3.26 --> "C:\Program Files\WaveMax Sound Editor\unins000.exe"
VIA Ohjelmistoalustan laitehallinta --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Windows Communication Foundation --> MsiExec.exe /X{491DD792-AD81-429C-9EB4-86DD3D22E333}
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Presentation Foundation Language Pack (FIN) --> MsiExec.exe /X{935FADCB-C25B-4F62-B9B4-F22C40431642}
Windows Workflow Foundation --> MsiExec.exe /I{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}
Windows Workflow Foundation FI Language Pack --> MsiExec.exe /I{8E5D0B52-BB72-46C6-8AB8-2B041D959594}
XML Paper Specification Shared Components Language Pack 1.0 --> "C:\WINDOWS\$NtUninstallXPSEPSCLP$\spuninst\spuninst.exe"
XML Paper Specification Shared Components Pack 1.0 -->

-- Application Event Log -------------------------------------------------------

Event Record #/Type2748 / Error
Event Submitted/Written: 06/09/2008 10:14:45 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Lukkiutunut sovellus firefox.exe, versio 1.8.20080.40413, lukkiutumismoduuli hungapp, versio 0.0.0.0, lukkiutumisosoite 0x00000000.

Event Record #/Type2713 / Error
Event Submitted/Written: 05/20/2008 09:11:13 PM
Event ID/Source: 1000 / Application Error
Event Description:
Virhesovellus wwp.exe, versio 1.0.0.0, moduuli msvcrt.dll, versio 7.0.2600.2180, osoite 0x000370dc.
Käsitellään mediakohtaista tapahtumaa: [wwp.exe!ws!]

-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.

-- System Event Log ------------------------------------------------------------

Event Record #/Type52519 / Warning
Event Submitted/Written: 06/10/2008 09:25:31 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Tietokone määritti IP-osoitteen automaattisesti verkkokortille, jonka verkko-osoite
on 0080C82E553A. Käytössä on IP-osoite 169.254.55.158.

Event Record #/Type52517 / Warning
Event Submitted/Written: 06/10/2008 09:02:25 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Tietokone määritti IP-osoitteen automaattisesti verkkokortille, jonka verkko-osoite
on 0080C82E553A. Käytössä on IP-osoite 169.254.55.158.

Event Record #/Type52442 / Warning
Event Submitted/Written: 06/09/2008 11:47:54 PM
Event ID/Source: 1073 / USER32
Event Description:
Virrankatkaisu MYLADY - yritys epäonnistui

Event Record #/Type52439 / Warning
Event Submitted/Written: 06/09/2008 10:38:21 PM
Event ID/Source: 4 / E100B
Event Description:
Sovitin Intel(R) PRO/100 VE Network Connection: Sovitinlinkki ei toimi

Event Record #/Type52438 / Warning
Event Submitted/Written: 06/09/2008 10:36:35 PM
Event ID/Source: 1007 / Dhcp
Event Description:
Tietokone määritti IP-osoitteen automaattisesti verkkokortille, jonka verkko-osoite
on 00080D635EF6. Käytössä on IP-osoite 169.254.83.62.

-- End of Deckard's System Scanner: finished at 2008-06-11 20:57:54 ------------

clakettegirl > clakettegirl
11 juin 2008 à 21:05

Le premier etait l'extra, voici le main. Mon ordinateur est configuré en finnois, mais je pense pas que cela vous pose de probleme, juste certains mots apparaiessent en finnois dans ce texte... de toute facon c'est du chinois pour moi !!

Deckard's System Scanner v20071014.68
Run by Pietu on 2008-06-11 20:55:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
7: 2008-06-11 18:55:42 UTC - RP681 - Deckard's System Scanner Restore Point
6: 2008-06-10 21:16:09 UTC - RP680 - Software Distribution Service 3.0
5: 2008-06-08 17:57:04 UTC - RP679 - Järjestelmän tarkistuspiste
4: 2008-06-06 16:36:15 UTC - RP678 - Järjestelmän tarkistuspiste
3: 2008-06-05 15:50:30 UTC - RP677 - Järjestelmän tarkistuspiste

-- First Restore Point --
1: 2008-05-30 06:45:06 UTC - RP675 - Järjestelmän tarkistuspiste

Backed up registry hives.
Performed disk cleanup.

[color=red]Total Physical Memory: 495 MiB (512 MiB recommended)./color

-- HijackThis (run as Pietu.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:57:18, on 11.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pietu\Työpöytä\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pietu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kuvaboxi.fi/ImageUploader4.cab
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

Réponse 2 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 21:05

Re,

J'ai rien dit, je regarde.

clakettegirl
11 juin 2008 à 21:08

aiie !! il me demande avec quel programme je veux ouvrir C: maintenant ???

Réponse 3 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 21:23

Re,

C'est quoi ton antivirus ? et ton parefeu ?

peux tu me préciser à quoi correspondent C:, D:, F:, G: H:

clakettegirl
11 juin 2008 à 21:34

je crois sans etre sure quïl n'y a ni antivirus, ni parefeu ... je vois ca où ??

C et D sonr les disques durs de l'ordinateur, F est un disque dur externe, g et h doivent etre les port iu je branche les cle usb.

clakettegirl > clakettegirl
11 juin 2008 à 21:41

apres verification, j'ai l'antivirus et le parefeu de windows.

Réponse 4 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 21:48

Re,

ton antivirus n'est pas actif.

réactive le.

remets un rapport DSS

clakettegirl
11 juin 2008 à 21:52

dans le panneau de configuration, protection (avec l'image du bouclier) c'est marqué actif pour l'antivirus et aussi le parfeu. J'ai aussi une ligne en orange qui est marquee comme non surveilé.

Je fais comment pour le reactiver ?? (je maitrise pas forcement assez de finnois pour comprendre les messages qui s'affichent....)

Réponse 5 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 21:57

Re,

c'est quoi la marque de l'antivirus ?

clakettegirl
11 juin 2008 à 21:59

re,
je sais pas, y'a rien qui s'affiche nulle part... ???

clakettegirl
11 juin 2008 à 22:04

je peux pas mettre une image de ce que j'ai a l'ecran ?

Réponse 6 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 22:01

Re,

quel antivirus était tu sensé avoir ?

Il n'y a aucune trace d'aucun !

clakettegirl
11 juin 2008 à 22:05

je crois qu'il y a aucun...ce que je voyais (apres recours a mon dictionnaire) n'est que la fonction de mise a jour automatique.

Réponse 7 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 22:07

Re,

tu peux.

mais quand tu as le bouclier; tu cliques, tu as 3 lignes parefeu, mises à jour, antivirus.

Tu cliques sur Antivirus, il se passe quoi ? chez moi, on me dit que antivir est activé.

clakettegirl
11 juin 2008 à 22:11

il me dit qu'a priori que je pourrai mettre un antivirus qui surveille lui meme mon ordinateur... avec un lien vers des antivirus ...http://www.microsoft.com/protect/viruses/xp/av.mspx

Réponse 8 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 22:12

Re,

télécharge antivir :

http://www.commentcamarche.net/telecharger/telecharger 55 antivir personal

tu as un tuto ici.

Tu scannes tout ton poste de travail, y compris ton DD externe.

Tu postes le rapport.

clakettegirl
11 juin 2008 à 22:24

j'ai mis anti vir, jäi pas eu le temps de lancer rien du tout j'ai le message comme quoi il detecte the trjoan horse TR/Crypt.XPACK:Gen avec des options... je fais quoi ?

Réponse 9 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 22:28

Re,

mets en quarantaine

clakettegirl
11 juin 2008 à 22:39

lorsque je lance le scan, le meme message apparait avec impossibilité de valider. Je peux juste le faire partir en faisant clique droit fermer dans la barre des taches. Du coup j'arrive pas a faire le scan ?

Réponse 10 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 22:41

Re,

c'est quoi les options ?

clakettegirl
11 juin 2008 à 22:46

je ne peux pas cocher les autres options. maintenant c'est mise en quarantaine par defaut. le reste est grisé. Maintenant quand je lance le scna, ca ouvre une fenetre qui ne reopnd pas, et ou aucun travil ne commence

clakettegirl
11 juin 2008 à 22:52

revoila le message :
move to quarantine
delete
rename
deny access
ignore

Réponse 11 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 22:57

Re essaye ça :

Télécharge MSNFix.zip (de !aur3n7) sur ton bureau:
http://sosvirus.changelog.fr/MSNFix.zip

Décompresse-le (clic droit >> Extraire ici) et place les fichiers dans C:\MSNFix (très important).

Double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

Réponse 12 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 22:58

Re,

remets aussi un rapport DSS

clakettegirl
11 juin 2008 à 23:08

MSNFix 1.720-1

C:\MSNFix\MSNFix
Fix exécuté le ke 11.06.2008 - 23:03:16,84 By Pietu
mode normal

************************ Recherche les fichiers présents

... C:\??????.exe
... C:\?.exe

************************ Recherche les dossiers présents

Aucun dossier trouvé

************************ Suppression des fichiers

.. OK ... C:\??????.exe
.. OK ... C:\?.exe

************************ Nettoyage du registre

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier ke 11.06.2008_23044665.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

clakettegirl
11 juin 2008 à 23:09

j'ai aussi un dossier en .zip qui s'est cree dans le dossier msnfix

Réponse 13 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
11 juin 2008 à 23:23

Re,

relance un scan antivir

clakettegirl
12 juin 2008 à 19:50

Avira AntiVir Personal
Report file date: 12. kesäkuuta 2008 18:03

Scanning for 1165085 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MYLADY

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 9.4.2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.3.2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 7.2.2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.2.2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.2.2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7.3.2008 13:08:58
ANTIVIR2.VDF : 7.0.3.62 337408 Bytes 21.3.2008 19:12:34
ANTIVIR3.VDF : 7.0.3.68 57856 Bytes 25.3.2008 08:27:50
Engineversion : 8.1.0.28
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.2.2008 09:58:21
AESCRIPT.DLL : 8.1.0.19 229754 Bytes 7.4.2008 15:34:44
AESCN.DLL : 8.1.0.12 115060 Bytes 7.4.2008 15:34:44
AERDL.DLL : 8.1.0.19 418164 Bytes 7.4.2008 15:34:44
AEPACK.DLL : 8.1.1.0 364918 Bytes 18.3.2008 11:20:42
AEOFFICE.DLL : 8.1.0.15 192889 Bytes 7.4.2008 15:34:44
AEHEUR.DLL : 8.1.0.15 1147253 Bytes 7.4.2008 15:34:44
AEHELP.DLL : 8.1.0.11 115061 Bytes 7.4.2008 15:34:43
AEGEN.DLL : 8.1.0.15 299379 Bytes 7.4.2008 15:34:43
AEEMU.DLL : 8.1.0.5 430450 Bytes 7.4.2008 15:34:43
AECORE.DLL : 8.1.0.25 168309 Bytes 8.4.2008 09:58:32
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.1.2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.2.2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.4.2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.1.2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.2.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.2.2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.1.2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.1.2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.1.2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.3.2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 6.3.2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 12. kesäkuuta 2008 18:03

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wscntfy.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'ADeck.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
28 processes with 28 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\1weicxa.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b64943.qua'!
C:\cb.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f4931.qua'!
C:\gjn2pjlw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bf493b.qua'!
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\jiwsxh39.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c8493d.qua'!
C:\oq.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f4947.qua'!
C:\pa39xth.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4884493a.qua'!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\rthrw.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b94950.qua'!
C:\v.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b4490d.qua'!
C:\xlu8a8sy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c6494d.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\4keteh.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b6494f.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\4vepxtuf.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b6495d.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\5a9av.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488a494b.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\5o.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f495c.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\5qno.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bf4960.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\7agt.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b84952.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\7bpapp.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c14955.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\aajc.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bb4956.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\fgyxgap2.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48ca4961.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\h8my7hut.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48be4934.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\help.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bd4963.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\kt.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f4976.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\mgl.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bd496b.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\t.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b54937.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\uf.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f4972.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\·sª©¼ïª÷½¬.zip
[0] Archive type: ZIP
--> ﾷsﾪﾩﾼ￯ﾪ￷ﾽﾬ.cmd
[1] Archive type: RAR SFX (self extracting)
--> 23.sfx.exe
[2] Archive type: RAR SFX (self extracting)
--> 23.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48fb4985.qua'!
C:\Deckard\System Scanner\backup\DOCUME~1\Pietu\LOCALS~1\Temp\RarSFX0\23.sfx.exe
[0] Archive type: RAR SFX (self extracting)
--> 23.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f494e.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\487f4931.qua
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\487f4931.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4888495f.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\487f4947.qua
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\487f4947.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4911ae70.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48b4490d.qua
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48b4490d.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b34962.qua'!
C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48b94950.qua
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Avira\AntiVir PersonalEdition Classic\INFECTED\48b94950.qua
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '492aae73.qua'!
C:\Documents and Settings\Pietu\Local Settings\Temporary Internet Files\Content.IE5\EKSH6SXB\help[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bd4ae9.qua'!
C:\Documents and Settings\Pietu\Local Settings\Temporary Internet Files\Content.IE5\T9KYZD9H\mgg[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b84ba9.qua'!
C:\Documents and Settings\Pietu\Local Settings\Temporary Internet Files\Content.IE5\TSAXOS23\help[1].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bd4bc7.qua'!
C:\Documents and Settings\Pietu\Local Settings\Temporary Internet Files\Content.IE5\TSAXOS23\help[2].exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bd4bc8.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156382.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882518b.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156385.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882518c.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156435.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882518e.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156438.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882518f.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156444.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481a0.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156460.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825190.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156463.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481a1.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156476.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825191.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156480.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481a2.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156494.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825192.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156497.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481a3.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156518.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825193.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156522.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481a4.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP677\A0156528.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825196.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP677\A0156539.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825197.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP677\A0156544.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481a8.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156550.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825199.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156561.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481aa.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156566.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882519a.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156578.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481ab.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156582.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882519b.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156588.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882519d.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156599.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882519e.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156604.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481af.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156625.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882519f.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156629.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148190.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156651.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a0.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156655.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a1.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156666.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a2.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156667.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a3.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156682.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a4.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156683.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148195.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156698.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a5.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156699.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a6.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156713.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a8.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156717.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251a9.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156728.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914819a.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156732.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251aa.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156743.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914819b.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156747.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251ab.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156808.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251b8.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156813.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251b9.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156824.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914818a.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156829.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251ba.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156836.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251bb.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156868.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914818c.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP683\A0156877.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251c1.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP683\A0156879.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251c2.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP683\A0156880.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481f3.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0156995.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251ca.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0156996.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251cb.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0156997.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481fc.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0156998.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251cd.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0156999.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251cc.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157000.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481fd.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157001.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251ce.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157002.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481fe.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157003.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251cf.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157004.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481e0.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157005.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481ff.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157006.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825230.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157007.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148201.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157008.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825232.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157009.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251d1.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157010.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481e2.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157011.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251d3.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157012.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251d0.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157013.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce3c1.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157014.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251d2.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157015.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce3c2.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157016.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce3c4.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157017.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488251d5.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157018.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce3c3.qua'!
C:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157019.exe
[0] Archive type: RAR SFX (self extracting)
--> 23.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491481e4.qua'!
C:\WINDOWS\Debug\6C2E46F9BF9F.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4883532c.qua'!
C:\WINDOWS\system32\amvo0.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c754ec.qua'!
C:\WINDOWS\system32\amvo1.dll
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49cafe9d.qua'!
Begin scan in 'D:\'
D:\1weicxa.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b655bb.qua'!
D:\cb.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f55a6.qua'!
D:\f.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b65572.qua'!
D:\gjn2pjlw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bf55af.qua'!
D:\jiwsxh39.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c855ae.qua'!
D:\oq.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '487f55b6.qua'!
D:\pa39xth.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488455a7.qua'!
D:\rthrw.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b955ba.qua'!
D:\v.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b45575.qua'!
D:\xlu8a8sy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c655b4.qua'!
D:\yo2mq6.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '488355b7.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156370.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825657.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156387.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148668.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156440.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825659.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156446.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825658.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156465.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148669.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156482.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882565a.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156499.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914866a.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156524.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882565b.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP677\A0156530.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914866c.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP677\A0156546.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882565d.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156552.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882565c.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156568.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914866d.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156584.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882565e.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156590.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914866e.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156606.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882565f.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156631.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914866f.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156657.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825640.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156669.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148650.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156685.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825661.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156701.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148652.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156719.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825663.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156734.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825660.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156749.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148651.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156815.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148654.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156831.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825665.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156869.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825662.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157023.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148656.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157024.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825667.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157025.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148658.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157026.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825664.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157027.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148655.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157028.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825666.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157029.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825669.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157030.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914865a.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157031.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148657.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157032.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882566b.qua'!
D:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157033.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914865c.qua'!
Begin scan in 'F:\' <IOMEGA_HDD>
F:\gjn2pjlw.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48bf56a2.qua'!
F:\jiwsxh39.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c856a1.qua'!
F:\rthrw.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b956ad.qua'!
F:\xlu8a8sy.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48c656a5.qua'!
F:\1weicxa.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48b656b0.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP665\A0155463.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882566a.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP675\A0156442.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce47b.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156448.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce47c.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156467.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882566d.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156484.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882566c.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156501.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce47d.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP676\A0156526.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882566e.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP677\A0156532.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce47e.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP677\A0156548.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882566f.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156554.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914865f.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156570.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825650.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP678\A0156586.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148661.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156592.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148640.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156608.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825670.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156633.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825672.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156659.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825675.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156671.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148646.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156687.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825676.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156703.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '49148647.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156721.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825678.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156736.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882567b.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP679\A0156751.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4914864c.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156817.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882567d.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156833.cmd
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882567e.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP680\A0156870.bat
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '4882567f.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157034.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825680.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157035.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '491486b1.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157036.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825682.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157037.exe
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48825681.qua'!
F:\System Volume Information\_restore{B309CDE4-E8A6-435E-9667-4D5C52C86152}\RP684\A0157038.com
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '498ce492.qua'!

End of the scan: 12. kesäkuuta 2008 19:24
Used time: 1:21:36 min

The scan has been done completely.

7582 Scanning directories
288818 Files were scanned
194 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
194 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
288624 Files not concerned
6686 Archives were scanned
2 Warnings
194 Notes

Réponse 14 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 juin 2008 à 20:25

Bonjour,

remets un rapport DSS

clakettegirl
12 juin 2008 à 20:42

bonsoir !
je trouve ou un rapport DSS ?

Réponse 15 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 juin 2008 à 21:11

Re,

en exécutant le programme DSS.exe (post 1)

clakettegirl
12 juin 2008 à 21:22

desolé... j'ai du mal a suivre !! Voici le rapport
Deckard's System Scanner v20071014.68
Run by Pietu on 2008-06-12 21:20:36
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 495 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Pietu.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:52, on 12.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Pietu\Työpöytä\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pietu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kuvaboxi.fi/ImageUploader4.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

Réponse 16 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
12 juin 2008 à 22:07

Re,

vide la quarantaine d'antivir.

Ouvre ce lien :

http://service1.symantec.com/SUPPORT/INTER/tsgeninfointl.nsf/fr_docid/20020830101856924

dans un premier temps tu le suis pour désactiver la restauration système.

Tu fermes la fenêtre.

Dans un deuxième temps, tu le suis pour réactiver la restauration.

Refais un scan complet avec antivir et poste le rapport.

clakettegirl
16 juin 2008 à 21:18

bonsoir !

Avira AntiVir Personal
Report file date: 16. kesäkuuta 2008 17:59

Scanning for 1331584 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MYLADY

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28.5.2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.3.2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 7.2.2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.2.2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.2.2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7.3.2008 13:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14.6.2008 08:31:01
ANTIVIR3.VDF : 7.0.4.196 2048 Bytes 14.6.2008 08:31:02
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.2.2008 09:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 13.6.2008 08:23:51
AESCN.DLL : 8.1.0.21 119156 Bytes 13.6.2008 08:23:51
AERDL.DLL : 8.1.0.20 418165 Bytes 13.6.2008 08:23:50
AEPACK.DLL : 8.1.1.5 364918 Bytes 13.6.2008 08:23:49
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 13.6.2008 08:23:48
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 13.6.2008 08:23:48
AEHELP.DLL : 8.1.0.15 115063 Bytes 13.6.2008 08:23:46
AEGEN.DLL : 8.1.0.28 307572 Bytes 13.6.2008 08:23:45
AEEMU.DLL : 8.1.0.6 430451 Bytes 13.6.2008 08:23:45
AECORE.DLL : 8.1.0.31 168310 Bytes 13.6.2008 08:23:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.1.2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.2.2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.4.2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.1.2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.2.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.2.2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.1.2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.1.2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.1.2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.3.2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 6.3.2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 16. kesäkuuta 2008 17:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'wmiprvse.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ADeck.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
29 processes with 29 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Deckard\System Scanner\20080612212035\backup\DOCUME~1\Pietu\LOCALS~1\Temp\tru2.tmp
[DETECTION] Contains detection pattern of the worm WORM/Autorun.dni
[NOTE] The file was moved to '48cb8e67.qua'!
C:\Deckard\System Scanner\20080612212035\backup\DOCUME~1\Pietu\LOCALS~1\Temp\tru3.tmp
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.acia.2
[NOTE] The file was moved to '4941b3e8.qua'!
C:\Deckard\System Scanner\20080612212035\backup\DOCUME~1\Pietu\LOCALS~1\Temp\tru4.tmp
[DETECTION] Is the Trojan horse TR/PSW.OnlineGames.adog
[NOTE] The file was moved to '48cb8e69.qua'!
C:\Deckard\System Scanner\20080612212035\backup\DOCUME~1\Pietu\LOCALS~1\Temp\tru5.tmp
[DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen
[NOTE] The file was moved to '48cb8e68.qua'!
Begin scan in 'D:\'
Begin scan in 'F:\' <IOMEGA_HDD>

End of the scan: 16. kesäkuuta 2008 19:18
Used time: 1:19:36 min

The scan has been done completely.

7529 Scanning directories
287508 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
287504 Files not concerned
6690 Archives were scanned
2 Warnings
4 Notes

Réponse 17 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
16 juin 2008 à 21:39

Re,

vide la quarantaine d'antivir.

mets à jour sa base virale.

déconnecte toi d'internet.

branche tous tes supports amovibles (DD externe, clés USB, carte photo, ...)

scan tout ton poste de travail (disques durs et supports amovibles).

poste le rapport.

Remets aussi un rapport DSS.

_________________

As tu un routeur ou une box ?

Réponse 18 / 25

clakettegirl
17 juin 2008 à 07:58

Avira AntiVir Personal
Report file date: 16. kesäkuuta 2008 22:40

Scanning for 1337442 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: MYLADY

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28.5.2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 18.3.2008 09:02:56
AVSCAN.DLL : 8.1.1.0 53505 Bytes 7.2.2008 08:43:37
LUKE.DLL : 8.1.2.9 151809 Bytes 28.2.2008 08:41:23
LUKERES.DLL : 8.1.2.1 12033 Bytes 21.2.2008 08:28:40
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18.7.2007 10:33:34
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 7.3.2008 13:08:58
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14.6.2008 08:31:01
ANTIVIR3.VDF : 7.0.4.204 78336 Bytes 16.6.2008 19:48:05
Engineversion : 8.1.0.55
AEVDF.DLL : 8.1.0.5 102772 Bytes 25.2.2008 09:58:21
AESCRIPT.DLL : 8.1.0.40 266618 Bytes 13.6.2008 08:23:51
AESCN.DLL : 8.1.0.21 119156 Bytes 13.6.2008 08:23:51
AERDL.DLL : 8.1.0.20 418165 Bytes 13.6.2008 08:23:50
AEPACK.DLL : 8.1.1.5 364918 Bytes 13.6.2008 08:23:49
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 13.6.2008 08:23:48
AEHEUR.DLL : 8.1.0.30 1253750 Bytes 13.6.2008 08:23:48
AEHELP.DLL : 8.1.0.15 115063 Bytes 13.6.2008 08:23:46
AEGEN.DLL : 8.1.0.28 307572 Bytes 13.6.2008 08:23:45
AEEMU.DLL : 8.1.0.6 430451 Bytes 13.6.2008 08:23:45
AECORE.DLL : 8.1.0.31 168310 Bytes 13.6.2008 08:23:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 23.1.2008 17:07:53
AVPREF.DLL : 8.0.0.1 25857 Bytes 18.2.2008 10:37:50
AVREP.DLL : 7.0.0.1 155688 Bytes 16.4.2007 13:26:47
AVREG.DLL : 8.0.0.0 30977 Bytes 23.1.2008 17:07:49
AVARKT.DLL : 1.0.0.23 307457 Bytes 12.2.2008 08:29:23
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 28.2.2008 08:31:31
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22.1.2008 17:28:02
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 23.1.2008 17:08:39
NETNT.DLL : 8.0.0.1 7937 Bytes 25.1.2008 12:05:10
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 10.3.2008 14:37:25
RCTEXT.DLL : 8.0.32.0 86273 Bytes 6.3.2008 12:02:11

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: 16. kesäkuuta 2008 22:40

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'AppServices.exe' - '1' Module(s) have been scanned
Scan process 'DVDRAMSV.exe' - '1' Module(s) have been scanned
Scan process 'CFSvcs.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'ADeck.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
26 processes with 26 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '27' files ).

Starting the file scan:

Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
Begin scan in 'F:\' <IOMEGA_HDD>

End of the scan: 16. kesäkuuta 2008 23:40
Used time: 1:00:37 min

The scan has been done completely.

7534 Scanning directories
287620 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
287620 Files not concerned
6692 Archives were scanned
2 Warnings
0 Notes

________________________________________
je n'ai aps de box. Internet viens via le cable, en passant par un modem.

clakettegirl
17 juin 2008 à 08:00

Deckard's System Scanner v20071014.68
Run by Pietu on 2008-06-17 07:58:57
Computer is in Normal Mode.
--------------------------------------------------------------------------------

[color=red]Total Physical Memory: 495 MiB (512 MiB recommended).[/color]

-- HijackThis (run as Pietu.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:59:10, on 17.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pietu\Työpöytä\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Pietu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Iomega Automatic Backup 1.0.1] C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIA\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file:///C:\Program Files\TOSHIBA\Free Update Service\splash.html
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.kuvaboxi.fi/ImageUploader4.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

Réponse 19 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
17 juin 2008 à 08:37

Bonjour,

est ce que le trojan est toujours décelé sur ta carte de l'appareil photo ?

clakettegirl
17 juin 2008 à 19:42

Bonjour,
a priori Avira ne detecte rien. Mais j'essairai demain sur le poste qui l'avait detecté en premier !

Réponse 20 / 25

Lyonnais92 Messages postés 25159 Date d'inscription vendredi 23 juin 2006 Statut Contributeur sécurité Dernière intervention 16 septembre 2016 1 536
17 juin 2008 à 19:59

Re,

il faudrait peut être vérifier que ce poste n'est pas infecté.

J'ai un peu de mal à comprendre.

Tu as placé ta carte dans un ordi et il a dit qu'elle était infectée.

Tu en as donc conclu que c'est ton ordi qui avait infecté la carte.

On a désinfecté ton ordi (et la carte si Antivir ne décèle rien).

C'est ça ?

Si oui, il faut absolument vérifier que la carte n'a pas infecté l'ordi.

Sinon on est reparti pour un tour complet.

clakettegirl
17 juin 2008 à 21:30

oui c'est ca, tu a tout compris !
comment je fais pour vérifier que la carte n'a pas infecté l'ordi ?

Virus detecté au branchement de mon app.photo

25 réponses

Discussions similaires