Crypt.cfi.gen + W32.rontokbro@mm - Page 2

Résolu
Précédent
  • 1
  • 2
  1. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    regcure à était télécharger et installer quand ?

    Comment ce comporte le PC ?
    0
  2. EricpourAlice
     
    Tout à l'heure, de mémoire je pensais télécharger CCleaner et c'est en fait Regcure que j'ai téléchargé.
    Pas encore redémarré le PC portable de ma fille en mode normal, je vais le faire de ce pas.
    Et pour tout vous dire j'ai eu une frayeur tout à l'heure car pour vous écrire ici j'ai utilisé mon PC familial en faisant à chaque fois l'aller/retour avec le PC infecté de ma fille via une clé USB et tout à l'heure au moment de faire un copier/coller d'un rapport issu du Pc infecté, ici, j'ai vu apparaître sur mon PC familial la même fenêtre d'Antivir que sur le PC de ma fille me signalant le virus !! Mais depuis plus rien....
    0
  3. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    oui tu aurais du me le dire
    car pas de clé usb pour ce genre de manip

    mais bon maintenant on continu

    donc tout ce qui concerne regrecure on le vire => ok ?
    0
  4. EricpourAlice
     
    Vraiment désolé mais tellement de fenêtre d'Antivir sur le PC de ma fille me signalant le virus que c'était très difficile de ne travailler que depuis son PC !
    Voici les nouvelles :
    - j'ai redémarré son Pc en mode normal mais malheureusement la fenêtre d'Antivir est réapparue et me signale le virus
    - que me conseillez vous de faire, de n'exécuter vos actiosn que depuis son PC ?
    - que voulez -vous dire par "tout ce qui est Regrecure on vire" ? Je désinstalle sur le PC de ma fille ?

    Désolé pour toutes ces questions peut être naïves mais je suis pas spécialiste et en tout cas sincères remerciements pour toute cette aide que vous m'apportez !
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    oui si tu as télécharger regcure et que tu n'en a pas besoin et bien on vire
    de plus j'ai un doute dessus

    as tu fait un scan en mode sans échec avec antivir ?
    quel fichier il trouve ?

    sinon un dernier scan pour vérif
    et que tu peux faire depuis le portable
    Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

    (choisis enregistrer, puis Bureau comme emplacement)

    http://deckard.geekstogo.com/dss.exe

    Ferme toutes les applications en cours.

    Double-clic sur comboscan.exe pour lancer l'outil.

    Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

    A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

    Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
    Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.
    0
  7. EricpourAlice
     
    OK je vais désinstaller Regcure et pas encore passé Antivir en mode sans échec mais dès mon lever tout à l'heure je lance !
    Voici déjà les rapports de DSS lancé en mode sans échec :

    le premier :

    Deckard's System Scanner v20071014.68
    Run by Alice on 2008-07-14 01:22:28
    Computer is in Safe Mode.
    --------------------------------------------------------------------------------

    -- System Restore --------------------------------------------------------------

    Failed to create restore point; computer is in safe mode.

    -- Last 1 Restore Point(s) --
    1: 2008-07-13 23:14:45 UTC - RP1 - Point de vérification système

    Backed up registry hives.
    Performed disk cleanup.

    -- HijackThis (run as Alice.exe) -----------------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 01:24:07, on 14/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Safe mode

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Alice\Bureau\dss.exe
    C:\PROGRA~1\TRENDM~1\HIJACK~1\Alice.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
    0
  8. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    ok

    il absolument effacer toutes traces de Norton sur ton PC
    regarde ici
    https://www.pcastuces.com/newsletter/adj/1630.htm

    ensuite pour regcure

    Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

    REGEDIT4

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCure.exe]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCure.exe]
    @="C:\\Program Files\\RegCure\\RegCure.exe"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
    "DisplayName"="RegCure 1.5.0.1"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
    "UninstallString"="C:\\Program Files\\RegCure\\uninst.exe"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
    "DisplayIcon"="C:\\Program Files\\RegCure\\RegCure.exe"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
    "URLInfoAbout"="https://www.regcure.com/"

    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
    "Publisher"="RegCure, Inc."

    [-HKEY_LOCAL_MACHINE\SOFTWARE\RegCure]



    Puis "fichier"/"enregistrer sous" :
    dans : sur le bureau
    Nom du fichier : fix.reg
    Type de fichier : "tous les fichiers"
    clique sur "enregistrer"

    quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
    Si c'est bien le cas, clique sur "oui"

    ensuite

    Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
    http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
    clic double sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :
    Paste List of Files/Folders to be moved.

    c:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
    c:\Documents and Settings\Alice\Menu D‚marrer\Programmes\RegCure
    c:\Documents and Settings\All Users\Bureau\RegCure.lnk
    c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure
    c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure\RegCure.lnk
    c:\Program Files\RegCure
    c:\Program Files\RegCure\RegCure.exe
    c:\WINDOWS\Prefetch\REGCURE.EXE-13DE9F84.pf
    c:\WINDOWS\Tasks\RegCure.job
    EmptyTemp


    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaîtra dans le cadre Results.
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

    ensuite
    telecharge RogueRemover:
    http://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe
    et clique sur scan

    et pour finir refais un nouveau HijackThis stp

    0
  9. EricpourAlice
     
    Bonjour !

    OK je vais suivre toutes ces instructions.
    J'ai réussi à passer à passer cette nuit Antivir en mode sans échec, il a supprimé quelques 261 fichiers il me semble !
    Voici le rapport :

    Avira AntiVir Personal
    Report file date: lundi 14 juillet 2008 01:43

    Scanning for 1355845 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (Service Pack 2) [5.1.2600]
    Boot mode: Save mode
    Username: Administrateur
    Computer name: YOUR-A49586DCF7

    Version information:
    BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
    AVSCAN.EXE : 8.1.2.12 311553 Bytes 26/04/2008 17:58:55
    AVSCAN.DLL : 8.1.1.0 53505 Bytes 26/04/2008 17:58:55
    LUKE.DLL : 8.1.2.9 151809 Bytes 26/04/2008 17:58:56
    LUKERES.DLL : 8.1.2.1 12033 Bytes 26/04/2008 17:58:56
    ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
    ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:40:48
    ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 18:17:59
    ANTIVIR3.VDF : 7.0.4.241 331264 Bytes 23/06/2008 18:18:00
    Engineversion : 8.1.0.59
    AEVDF.DLL : 8.1.0.5 102772 Bytes 26/04/2008 17:58:57
    AESCRIPT.DLL : 8.1.0.44 278907 Bytes 23/06/2008 18:18:09
    AESCN.DLL : 8.1.0.22 119157 Bytes 23/06/2008 18:18:07
    AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 17:58:57
    AEPACK.DLL : 8.1.1.6 364918 Bytes 23/06/2008 18:18:06
    AEOFFICE.DLL : 8.1.0.20 192891 Bytes 23/06/2008 18:18:05
    AEHEUR.DLL : 8.1.0.32 1274231 Bytes 23/06/2008 18:18:04
    AEHELP.DLL : 8.1.0.15 115063 Bytes 31/05/2008 18:30:29
    AEGEN.DLL : 8.1.0.29 307573 Bytes 23/06/2008 18:18:01
    AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 11:29:56
    AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 07:56:57
    AVWINLL.DLL : 1.0.0.7 14593 Bytes 26/04/2008 17:58:55
    AVPREF.DLL : 8.0.0.1 25857 Bytes 26/04/2008 17:58:55
    AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
    AVREG.DLL : 8.0.0.0 30977 Bytes 26/04/2008 17:58:55
    AVARKT.DLL : 1.0.0.23 307457 Bytes 26/04/2008 17:58:55
    AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 26/04/2008 17:58:55
    SQLITE3.DLL : 3.3.17.1 339968 Bytes 26/04/2008 17:58:56
    SMTPLIB.DLL : 1.2.0.19 28929 Bytes 26/04/2008 17:58:56
    NETNT.DLL : 8.0.0.1 7937 Bytes 26/04/2008 17:58:56
    RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 26/04/2008 17:58:47
    RCTEXT.DLL : 8.0.32.0 86273 Bytes 26/04/2008 17:58:47

    Configuration settings for the scan:
    Jobname..........................: Complete system scan
    Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: C:, D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Search for rootkits..............: off
    Scan all files...................: All files
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium

    Start of the scan: lundi 14 juillet 2008 01:43

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'explorer.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'guard.exe' - '1' Module(s) have been scanned
    Scan process 'aawservice.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned
    13 processes with 13 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'D:\'
    [INFO] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( '31' files ).

    Starting the file scan:

    Begin scan in 'C:\'
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    C:\Deckard\System Scanner\20080714012213\backup\WINDOWS\temp\tmp45.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Deckard\System Scanner\backup\WINDOWS\temp\tmp6F.tmp
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019F434E.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019F434E.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B91331.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B91331.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01C63B23.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01C63B23.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\030514DC.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\030514DC.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03E81DA7.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03E81DA7.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04476B9E.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04476B9E.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04541390.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04541390.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05C9651B.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05C9651B.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0750530D.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0750530D.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0ADA2101.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0ADA2101.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEA3561.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEA3561.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF43356.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF43356.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B601CE0.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B601CE0.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B6346DC.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B6346DC.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B691AD5.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B691AD5.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7318CA.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7318CA.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7A6CC3.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7A6CC3.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B836AB8.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B836AB8.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B8A3EB1.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B8A3EB1.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B943CA6.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B943CA6.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B9E3A9B.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B9E3A9B.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BA40E94.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BA40E94.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BAE0C89.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BAE0C89.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BB46082.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BB46082.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BBE5E77.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BBE5E77.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BC85C6D.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BC85C6D.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD25A62.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD25A62.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD82E5B.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD82E5B.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BE22C50.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BE22C50.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BEC2A45.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BEC2A45.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BF6283A.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BF6283A.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BFC7C33.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BFC7C33.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C067A28.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C067A28.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C0D4E21.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C0D4E21.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C10781E.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C10781E.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C164C16.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C164C16.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C204A0C.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C204A0C.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C2A4801.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C2A4801.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C311BFA.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C311BFA.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3A19EF.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3A19EF.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C416DE8.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C416DE8.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C4B6BDD.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C4B6BDD.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C513FD6.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C513FD6.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C5B3DCB.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C5B3DCB.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6211C4.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6211C4.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C653BC0.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C653BC0.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6B0FB9.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6B0FB9.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C750DAE.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C750DAE.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C7F0BA3.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C7F0BA3.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C855F9C.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C855F9C.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8C3395.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8C3395.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C96318A.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C96318A.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9C0583.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9C0583.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CA60378.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CA60378.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB0016D.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB0016D.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB65566.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB65566.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CBA7F63.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CBA7F63.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC0535C.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC0535C.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC72754.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC72754.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CD1254A.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CD1254A.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDA233F.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDA233F.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE17738.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE17738.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CEB752D.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CEB752D.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CF14926.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CF14926.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CFB471B.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CFB471B.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D054510.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D054510.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0B1909.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0B1909.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0F4305.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0F4305.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1516FE.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1516FE.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1F14F3.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1F14F3.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2912E9.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2912E9.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2F66E1.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2F66E1.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3964D7.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3964D7.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4038CF.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4038CF.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4936C5.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4936C5.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5334BA.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5334BA.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5A08B3.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5A08B3.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6406A8.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6406A8.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6D049D.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6D049D.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D745896.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D745896.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D7E568B.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D7E568B.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D842A84.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D842A84.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D8E2879.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D8E2879.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D957C72.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D957C72.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D9E7A67.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D9E7A67.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DA54E60.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DA54E60.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAD39B9.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAD39B9.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAF4C55.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAF4C55.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB5204E.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB5204E.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB84A4A.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB84A4A.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBC7447.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBC7447.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBF1E43.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBF1E43.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC24840.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC24840.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC6723C.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC6723C.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC91C38.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC91C38.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DCF7031.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DCF7031.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DD6442A.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DD6442A.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E9550DA.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E9550DA.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0727D9.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0727D9.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3A15A6.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3A15A6.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FB538CB.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FB538CB.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10B053F3.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10B053F3.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1159211A.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1159211A.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14B243EB.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14B243EB.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163F3576.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163F3576.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16680F28.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16680F28.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19A049FB.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19A049FB.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B3E7B0B.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B3E7B0B.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B412507.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B412507.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BB77B02.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BB77B02.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C485374.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C485374.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C59542D.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C59542D.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C602826.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C602826.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C635223.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C635223.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE11A60.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE11A60.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E186422.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E186422.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E226218.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E226218.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E283611.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E283611.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E2D4F8D.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E2D4F8D.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E4D7369.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E4D7369.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E511D65.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E511D65.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E544762.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E544762.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E57715E.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E57715E.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E616F53.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E616F53.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E807816.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E807816.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\209B63C1.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\209B63C1.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F84B26.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F84B26.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22F548E8.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22F548E8.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2368256F.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2368256F.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\239D7DAF.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\239D7DAF.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25A63A35.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25A63A35.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26297E15.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26297E15.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26E82AEE.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26E82AEE.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\287A1917.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\287A1917.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28FA7448.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28FA7448.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BB23349.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BB23349.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D495011.AV$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D495011.AV$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D890725.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D890725.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30352F18.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30352F18.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30395914.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30395914.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303C0311.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303C0311.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303F2D0D.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303F2D0D.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30425709.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30425709.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30460106.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30460106.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30492B02.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30492B02.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304C54FF.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304C54FF.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\306050E9.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\306050E9.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30AE4093.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30AE4093.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319C6C3B.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319C6C3B.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32DC67E9.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32DC67E9.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\349602F3.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\349602F3.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38810606.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38810606.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39194323.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39194323.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397F392B.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397F392B.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F60D96.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F60D96.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F93792.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F93792.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39FD618E.av$
    [0] Archive type: HIDDEN
    --> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39FD618E.av$
    [DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
    [NOTE] The file was deleted!
    C:\Documents and Set
    0
  10. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bonjour

    fait les manips plus haut

    et reposte un nouveau Hijack et dit moi comment ce comporte le PC

    PS ABS le reste de la journée j'emmène les enfants au zoo :)

    @+
    0
  11. EricpourAlice
     
    OK j'ai réussi à désinstaller Norton, je vais suivre les autres instructions.
    Quelques petites questions en parallèle :
    - avant de venir chercher un précieux secours ici j'avais désactivé la restauration windows merci de me dire si et quand je devrai la réactiver
    - sur mon PC familial et suite à l'utilisation de la clé USB pour faire l'aller retour entre ce forum et le Pc protable infecté faut-il que je fasse un minimum de vérification pour être sûr qu'il n'a pas été infecté ?
    - quid de la même façon de la clé USB ?

    Ici le mistral souffle fort aujourd'hui (région d'Avignon) alors soleil mais pas grand chose de possible à l'extérieur !
    Merci encore une fois et très bonne journée au zoo ! ;-)
    0
  12. EricpourAlice
     
    Voici les résultats des dernières instructions :

    - le log d'OTmoveit2 :

    File/Folder c:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk not found.
    File/Folder c:\Documents and Settings\Alice\Menu D‚marrer\Programmes\RegCure not found.
    File/Folder c:\Documents and Settings\All Users\Bureau\RegCure.lnk not found.
    File/Folder c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure not found.
    File/Folder c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure\RegCure.lnk not found.
    File/Folder c:\Program Files\RegCure not found.
    File/Folder c:\Program Files\RegCure\RegCure.exe not found.
    c:\WINDOWS\Prefetch\REGCURE.EXE-13DE9F84.pf moved successfully.
    File/Folder c:\WINDOWS\Tasks\RegCure.job not found.
    < EmptyTemp >
    Temp folders emptied.
    IE temp folders emptied.

    OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07142008_111055

    - Rogue Remover n'a rien trouvé

    - et voici le HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:14:57, on 14/07/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16674)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    C:\Program Files\HP\TVPlay\TVPService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\Program Files\Spyware Terminator\sp_rsser.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
    O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
    O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O15 - Trusted Zone: http://www.secuser.com
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
    O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
    O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
    0
  13. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bon, on attaque après une bonne journée avec les enfants ;)

    Avait tu supprimé regcure avant la manip que je t'a donné ?

    Sinon ce rapport est propre juste quelques lignes à fixer

    Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

    Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" "

    pour la suite si tu n'as plus de soucis avec ton portable suit ceci
    dans ce qui suit plusieurs conseil que je te conseil de lire, prend le temps cela peut-être instructifs ;-)
    Pour la restauration refais la manip comme indiqué
    pour ton autre PC tu peux faire un scan HIjackThis et je te dirais si il est infecté
    Pour ta clé tout dépend ce que tu as dessus, si ce n'est que les logiciels de désinfection
    et bien tu la formate, où tu la scan avec ton antivirus

    Tu peux supprimer tous les logiciels que nous avons utilisés
    va dans ajout/suppression de programes et dans programmes files
    pour vérifier

    ensuite fait ceci (IMPORTANT)

    * Désactivation :
    Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

    * Activation :
    Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
    > Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..

    Pense aussi à faire tes mises à jours régulièrement

    Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
    Java : ==> ici => https://www.java.com/fr/download/

    Ces mises à jours sont très importantes pour la sécurité de ton PC.

    N'installe qu'un seul parefeu !!
    et bien sur qu'un antivirus

    N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

    * Tu peux aussi utiliser ces logiciels de sécurité

    Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
    Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

    Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
    Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66

    * Ensuite quelques conseils
    L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67

    * le navigateur

    Essaye le navigateur Firefox plus sur/securisé qu IE
    Firefox n'utilise pas le dangereux protocole ActiveX
    * Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
    * Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/

    Important
    Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur


    * Pour que ton pc retrouve un peu de jeunesse
    * Pense a lancer une petite défragmentation.
    * Utilise CCleaner régulièrement.
    * Gère tes services grâce a ces 2 liens
    ==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
    * Utilise Zeb Utility
    une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
    Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
    Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html

    Et pour finir

    Dénonce ton infection pour faire condamner les auteurs.

    Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

    - Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
    - Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
    Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
    Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

    Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).

    * malwarecomplaints => https://malwarecomplaints.info/

    Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
    conforme au règle du forum (age, ville, département etc..)

    Indique aussi le nom du Forum qui t'a aidé

    * Tuto => http://www.malekal.com/malwarecomplaints.html

    @+
    0
    1. Eric pourAlice
       
      Grand merci pour tout et merci pour ma fille !
      Je vais lui faire suivre ces précieuses recommandations.

      Il me semble avoir supprimé Regcure
      Voici le Hijackthis de mon PC familial :


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:12:46, on 14/07/2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16674)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Ahead\InCD\InCDsrv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Comodo\Firewall\cmdagent.exe
      C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\System32\nvsvc32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\fxssvc.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\mHotkey.exe
      C:\WINDOWS\CNYHKey.exe
      C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
      C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
      C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
      C:\Program Files\Logitech\Video\LogiTray.exe
      C:\WINDOWS\system32\RunDll32.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Comodo\Firewall\CPF.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      C:\WINDOWS\System32\LVComsX.exe
      C:\Program Files\Logitech\Video\FxSvr2.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\PROGRA~1\MICROS~3\Office10\WINWORD.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
      O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
      O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
      O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
      O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
      O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
      O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
      O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
      O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
      O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
      O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [autocleaner] ; C:\Program Files\Auto Cleaner\cleaner.exe
      O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
      O4 - HKLM\..\Run: [Logitech Utility] ; Logi_MwX.Exe
      O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [Openwares LiveUpdate] ; C:\Program Files\LiveUpdate\LiveUpdate.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
      O4 - HKLM\..\Run: [TomTomHOME.exe] ; "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
      O4 - HKLM\..\Run: [Zone Labs Client] ; "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [NBJ] ; "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-21-1093211558-2247517374-1187079459-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Sophie')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Save Image - res://C:\Program Files\Picture Ace Lite\PictureAceLite.exe/130
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
      O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\Picture Ace Lite\PictureAceLite.exe (HKCU)
      O9 - Extra 'Tools' menuitem: Picture Ace Lite - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\Picture Ace Lite\PictureAceLite.exe (HKCU)
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
      O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
      O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
      O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
      O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
      O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
      O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
      O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
      O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
      O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
      O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
      O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
      0
  14. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Alors pour celui-ci pas de virus en vue :)

    Par contre tu as deux antivirus, McAfee et antivir il en faut absolument que un
    Sinon source de conflit et tu du coup mal protégé.

    sinon tu peux quand même faire ceci

    Relance hijack et clique sur "Do a system scan only"
    Ensuite recherche ces lignes et coches les cases

    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" "

    Voilà bonne chance pour la suite ;)

    @+
    0
    1. EricpourAlice
       
      Ouf !
      OK parfait et sincères remerciements pour toute cette aide de spécialiste et bien sûr le temps passé !

      Cordialement,

      ED
      0
  15. ep44 Messages postés 7415 Date d'inscription   Statut Contributeur Dernière intervention   3
     
    Bye
    0
Précédent
  • 1
  • 2