Sujet Précédent Sujet Suivant

Crypt.cfi.gen + W32.rontokbro@mm

Résolu/Fermé
EricpourAlice - 13 juil. 2008 à 16:47
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 - 14 juil. 2008 à 21:06
Bonjour,

Help !
Galère de galère !
J'essaie en vain de débarrasser le PC de ma fille de virus qui résistent !
Bon nombre d'antivirus et de correctifs passés mais rien n'y fait !
Besoin de conseils de spécialistes !
Au moins 2 noms apparaissent fréquemment à l'écran de son PC portable et pollue l'utilisation du PC :
Crypt.cfi.gen et W32Rontokbro@mm
Merci de votre aide !

34 réponses

Précédent
  • 1
  • 2
Réponse 21 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 00:18
regcure à était télécharger et installer quand ?

Comment ce comporte le PC ?
0
Réponse 22 / 34
EricpourAlice
14 juil. 2008 à 00:25
Tout à l'heure, de mémoire je pensais télécharger CCleaner et c'est en fait Regcure que j'ai téléchargé.
Pas encore redémarré le PC portable de ma fille en mode normal, je vais le faire de ce pas.
Et pour tout vous dire j'ai eu une frayeur tout à l'heure car pour vous écrire ici j'ai utilisé mon PC familial en faisant à chaque fois l'aller/retour avec le PC infecté de ma fille via une clé USB et tout à l'heure au moment de faire un copier/coller d'un rapport issu du Pc infecté, ici, j'ai vu apparaître sur mon PC familial la même fenêtre d'Antivir que sur le PC de ma fille me signalant le virus !! Mais depuis plus rien....
0
Réponse 23 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 00:33
oui tu aurais du me le dire
car pas de clé usb pour ce genre de manip

mais bon maintenant on continu

donc tout ce qui concerne regrecure on le vire => ok ?
0
Réponse 24 / 34
EricpourAlice
14 juil. 2008 à 00:39
Vraiment désolé mais tellement de fenêtre d'Antivir sur le PC de ma fille me signalant le virus que c'était très difficile de ne travailler que depuis son PC !
Voici les nouvelles :
- j'ai redémarré son Pc en mode normal mais malheureusement la fenêtre d'Antivir est réapparue et me signale le virus
- que me conseillez vous de faire, de n'exécuter vos actiosn que depuis son PC ?
- que voulez -vous dire par "tout ce qui est Regrecure on vire" ? Je désinstalle sur le PC de ma fille ?

Désolé pour toutes ces questions peut être naïves mais je suis pas spécialiste et en tout cas sincères remerciements pour toute cette aide que vous m'apportez !
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 01:08
oui si tu as télécharger regcure et que tu n'en a pas besoin et bien on vire
de plus j'ai un doute dessus

as tu fait un scan en mode sans échec avec antivir ?
quel fichier il trouve ?

sinon un dernier scan pour vérif
et que tu peux faire depuis le portable
Télécharge sur ton bureau DSS (ex Comboscan) de Deckard:

(choisis enregistrer, puis Bureau comme emplacement)

http://deckard.geekstogo.com/dss.exe

Ferme toutes les applications en cours.

Double-clic sur comboscan.exe pour lancer l'outil.

Une fenêtre s'ouvre, invitant à fermer toutes les applications, clique sur OK.

A la fin de l'analyse, une fenêtre s'ouvre, clique sur OK.

Le rapport Comboscan.txt va s'afficher, copie le dans ta prochaine réponse.
Si un rapport complémentaire a été créé, poste le aussi dans ta réponse.
0
Réponse 26 / 34
EricpourAlice
14 juil. 2008 à 01:35
OK je vais désinstaller Regcure et pas encore passé Antivir en mode sans échec mais dès mon lever tout à l'heure je lance !
Voici déjà les rapports de DSS lancé en mode sans échec :

le premier :

Deckard's System Scanner v20071014.68
Run by Alice on 2008-07-14 01:22:28
Computer is in Safe Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Failed to create restore point; computer is in safe mode.


-- Last 1 Restore Point(s) --
1: 2008-07-13 23:14:45 UTC - RP1 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Alice.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:24:07, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Alice\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Alice.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
0
Réponse 27 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 01:55
ok

il absolument effacer toutes traces de Norton sur ton PC
regarde ici
https://www.pcastuces.com/newsletter/adj/1630.htm

ensuite pour regcure

Ouvre le bloc-notes et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait) :

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCure.exe]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\RegCure.exe]
@="C:\\Program Files\\RegCure\\RegCure.exe"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
"DisplayName"="RegCure 1.5.0.1"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
"UninstallString"="C:\\Program Files\\RegCure\\uninst.exe"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
"DisplayIcon"="C:\\Program Files\\RegCure\\RegCure.exe"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
"URLInfoAbout"="https://www.regcure.com/"

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegCure]
"Publisher"="RegCure, Inc."

[-HKEY_LOCAL_MACHINE\SOFTWARE\RegCure]



Puis "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"


quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

ensuite

Télécharge OTMoveIt (de OldTimer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
clic double sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :
Paste List of Files/Folders to be moved.

c:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk
c:\Documents and Settings\Alice\Menu D‚marrer\Programmes\RegCure
c:\Documents and Settings\All Users\Bureau\RegCure.lnk
c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure
c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure\RegCure.lnk
c:\Program Files\RegCure
c:\Program Files\RegCure\RegCure.exe
c:\WINDOWS\Prefetch\REGCURE.EXE-13DE9F84.pf
c:\WINDOWS\Tasks\RegCure.job
EmptyTemp

clique sur MoveIt! pour lancer la suppression.
le résultat apparaîtra dans le cadre Results.
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demandé de faire redémarrer le PC pour achever la suppression.

ensuite
telecharge RogueRemover:
http://www.malwarebytes.org/rogueremover/free/rr-free-setup.exe
et clique sur scan

et pour finir refais un nouveau HijackThis stp






0
Réponse 28 / 34
EricpourAlice
14 juil. 2008 à 10:15
Bonjour !

OK je vais suivre toutes ces instructions.
J'ai réussi à passer à passer cette nuit Antivir en mode sans échec, il a supprimé quelques 261 fichiers il me semble !
Voici le rapport :


Avira AntiVir Personal
Report file date: lundi 14 juillet 2008 01:43

Scanning for 1355845 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Save mode
Username: Administrateur
Computer name: YOUR-A49586DCF7

Version information:
BUILD.DAT : 8.1.0.308 16478 Bytes 28/05/2008 17:03:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 26/04/2008 17:58:55
AVSCAN.DLL : 8.1.1.0 53505 Bytes 26/04/2008 17:58:55
LUKE.DLL : 8.1.2.9 151809 Bytes 26/04/2008 17:58:56
LUKERES.DLL : 8.1.2.1 12033 Bytes 26/04/2008 17:58:56
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 15:40:48
ANTIVIR2.VDF : 7.0.4.195 2546176 Bytes 14/06/2008 18:17:59
ANTIVIR3.VDF : 7.0.4.241 331264 Bytes 23/06/2008 18:18:00
Engineversion : 8.1.0.59
AEVDF.DLL : 8.1.0.5 102772 Bytes 26/04/2008 17:58:57
AESCRIPT.DLL : 8.1.0.44 278907 Bytes 23/06/2008 18:18:09
AESCN.DLL : 8.1.0.22 119157 Bytes 23/06/2008 18:18:07
AERDL.DLL : 8.1.0.20 418165 Bytes 26/04/2008 17:58:57
AEPACK.DLL : 8.1.1.6 364918 Bytes 23/06/2008 18:18:06
AEOFFICE.DLL : 8.1.0.20 192891 Bytes 23/06/2008 18:18:05
AEHEUR.DLL : 8.1.0.32 1274231 Bytes 23/06/2008 18:18:04
AEHELP.DLL : 8.1.0.15 115063 Bytes 31/05/2008 18:30:29
AEGEN.DLL : 8.1.0.29 307573 Bytes 23/06/2008 18:18:01
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 11:29:56
AECORE.DLL : 8.1.0.31 168310 Bytes 07/06/2008 07:56:57
AVWINLL.DLL : 1.0.0.7 14593 Bytes 26/04/2008 17:58:55
AVPREF.DLL : 8.0.0.1 25857 Bytes 26/04/2008 17:58:55
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 26/04/2008 17:58:55
AVARKT.DLL : 1.0.0.23 307457 Bytes 26/04/2008 17:58:55
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 26/04/2008 17:58:55
SQLITE3.DLL : 3.3.17.1 339968 Bytes 26/04/2008 17:58:56
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 26/04/2008 17:58:56
NETNT.DLL : 8.0.0.1 7937 Bytes 26/04/2008 17:58:56
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 26/04/2008 17:58:47
RCTEXT.DLL : 8.0.32.0 86273 Bytes 26/04/2008 17:58:47

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: C:, D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: lundi 14 juillet 2008 01:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
13 processes with 13 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '31' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Deckard\System Scanner\20080714012213\backup\WINDOWS\temp\tmp45.tmp
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Deckard\System Scanner\backup\WINDOWS\temp\tmp6F.tmp
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019F434E.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\019F434E.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B91331.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01B91331.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01C63B23.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01C63B23.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\030514DC.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\030514DC.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03E81DA7.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\03E81DA7.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04476B9E.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04476B9E.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04541390.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04541390.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05C9651B.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05C9651B.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0750530D.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0750530D.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0ADA2101.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0ADA2101.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEA3561.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AEA3561.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF43356.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0AF43356.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B601CE0.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B601CE0.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B6346DC.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B6346DC.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B691AD5.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B691AD5.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7318CA.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7318CA.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7A6CC3.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B7A6CC3.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B836AB8.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B836AB8.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B8A3EB1.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B8A3EB1.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B943CA6.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B943CA6.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B9E3A9B.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0B9E3A9B.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BA40E94.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BA40E94.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BAE0C89.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BAE0C89.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BB46082.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BB46082.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BBE5E77.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BBE5E77.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BC85C6D.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BC85C6D.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD25A62.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD25A62.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD82E5B.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BD82E5B.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BE22C50.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BE22C50.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BEC2A45.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BEC2A45.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BF6283A.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BF6283A.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BFC7C33.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BFC7C33.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C067A28.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C067A28.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C0D4E21.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C0D4E21.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C10781E.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C10781E.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C164C16.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C164C16.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C204A0C.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C204A0C.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C2A4801.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C2A4801.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C311BFA.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C311BFA.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3A19EF.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C3A19EF.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C416DE8.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C416DE8.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C4B6BDD.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C4B6BDD.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C513FD6.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C513FD6.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C5B3DCB.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C5B3DCB.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6211C4.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6211C4.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C653BC0.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C653BC0.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6B0FB9.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C6B0FB9.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C750DAE.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C750DAE.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C7F0BA3.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C7F0BA3.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C855F9C.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C855F9C.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8C3395.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8C3395.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C96318A.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C96318A.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9C0583.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C9C0583.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CA60378.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CA60378.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB0016D.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB0016D.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB65566.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CB65566.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CBA7F63.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CBA7F63.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC0535C.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC0535C.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC72754.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CC72754.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CD1254A.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CD1254A.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDA233F.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CDA233F.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE17738.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CE17738.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CEB752D.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CEB752D.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CF14926.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CF14926.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CFB471B.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0CFB471B.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D054510.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D054510.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0B1909.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0B1909.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0F4305.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0F4305.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1516FE.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1516FE.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1F14F3.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D1F14F3.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2912E9.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2912E9.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2F66E1.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D2F66E1.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3964D7.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D3964D7.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4038CF.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4038CF.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4936C5.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D4936C5.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5334BA.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5334BA.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5A08B3.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D5A08B3.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6406A8.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6406A8.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6D049D.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6D049D.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D745896.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D745896.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D7E568B.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D7E568B.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D842A84.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D842A84.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D8E2879.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D8E2879.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D957C72.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D957C72.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D9E7A67.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D9E7A67.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DA54E60.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DA54E60.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAD39B9.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAD39B9.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAF4C55.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DAF4C55.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB5204E.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB5204E.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB84A4A.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DB84A4A.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBC7447.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBC7447.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBF1E43.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DBF1E43.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC24840.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC24840.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC6723C.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC6723C.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC91C38.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DC91C38.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DCF7031.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DCF7031.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DD6442A.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0DD6442A.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E9550DA.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E9550DA.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0727D9.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F0727D9.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3A15A6.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0F3A15A6.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FB538CB.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FB538CB.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10B053F3.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10B053F3.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1159211A.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1159211A.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14B243EB.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\14B243EB.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163F3576.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\163F3576.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16680F28.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16680F28.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19A049FB.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19A049FB.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B3E7B0B.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B3E7B0B.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B412507.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B412507.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BB77B02.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BB77B02.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C485374.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C485374.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C59542D.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C59542D.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C602826.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C602826.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C635223.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C635223.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE11A60.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DE11A60.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E186422.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E186422.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E226218.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E226218.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E283611.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E283611.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E2D4F8D.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E2D4F8D.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E4D7369.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E4D7369.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E511D65.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E511D65.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E544762.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E544762.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E57715E.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E57715E.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E616F53.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E616F53.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E807816.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1E807816.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\209B63C1.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\209B63C1.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F84B26.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\21F84B26.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22F548E8.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22F548E8.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2368256F.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2368256F.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\239D7DAF.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\239D7DAF.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25A63A35.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25A63A35.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26297E15.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26297E15.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26E82AEE.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26E82AEE.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\287A1917.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\287A1917.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28FA7448.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28FA7448.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BB23349.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BB23349.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D495011.AV$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D495011.AV$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D890725.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D890725.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30352F18.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30352F18.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30395914.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30395914.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303C0311.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303C0311.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303F2D0D.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\303F2D0D.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30425709.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30425709.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30460106.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30460106.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30492B02.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30492B02.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304C54FF.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\304C54FF.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\306050E9.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\306050E9.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30AE4093.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30AE4093.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319C6C3B.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319C6C3B.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32DC67E9.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32DC67E9.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\349602F3.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\349602F3.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38810606.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38810606.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39194323.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39194323.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397F392B.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\397F392B.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F60D96.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F60D96.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F93792.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39F93792.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39FD618E.av$
[0] Archive type: HIDDEN
--> FIL\\\?\C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39FD618E.av$
[DETECTION] Is the Trojan horse TR/Crypt.CFI.Gen
[NOTE] The file was deleted!
C:\Documents and Set
0
Réponse 29 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 10:23
Bonjour

fait les manips plus haut

et reposte un nouveau Hijack et dit moi comment ce comporte le PC

PS ABS le reste de la journée j'emmène les enfants au zoo :)

@+
0
Réponse 30 / 34
EricpourAlice
14 juil. 2008 à 11:02
OK j'ai réussi à désinstaller Norton, je vais suivre les autres instructions.
Quelques petites questions en parallèle :
- avant de venir chercher un précieux secours ici j'avais désactivé la restauration windows merci de me dire si et quand je devrai la réactiver
- sur mon PC familial et suite à l'utilisation de la clé USB pour faire l'aller retour entre ce forum et le Pc protable infecté faut-il que je fasse un minimum de vérification pour être sûr qu'il n'a pas été infecté ?
- quid de la même façon de la clé USB ?

Ici le mistral souffle fort aujourd'hui (région d'Avignon) alors soleil mais pas grand chose de possible à l'extérieur !
Merci encore une fois et très bonne journée au zoo ! ;-)
0
Réponse 31 / 34
EricpourAlice
14 juil. 2008 à 11:22
Voici les résultats des dernières instructions :

- le log d'OTmoveit2 :

File/Folder c:\Documents and Settings\Alice\Application Data\Microsoft\Internet Explorer\Quick Launch\RegCure.lnk not found.
File/Folder c:\Documents and Settings\Alice\Menu D‚marrer\Programmes\RegCure not found.
File/Folder c:\Documents and Settings\All Users\Bureau\RegCure.lnk not found.
File/Folder c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure not found.
File/Folder c:\Documents and Settings\All Users\Menu D‚marrer\Programmes\RegCure\RegCure.lnk not found.
File/Folder c:\Program Files\RegCure not found.
File/Folder c:\Program Files\RegCure\RegCure.exe not found.
c:\WINDOWS\Prefetch\REGCURE.EXE-13DE9F84.pf moved successfully.
File/Folder c:\WINDOWS\Tasks\RegCure.job not found.
< EmptyTemp >
Temp folders emptied.
IE temp folders emptied.

OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 07142008_111055

- Rogue Remover n'a rien trouvé

- et voici le HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:14:57, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\HP\TVPlay\TVPService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\Wanadoo\TaskBarIcon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TVPService] "C:\Program Files\HP\TVPlay\TVPService.exe"
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [WOOTASKBARICON] C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O15 - Trusted Zone: http://www.secuser.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://support.norton.com/sp/en/us/home/current/info
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://www.trendmicro.com/en_us/forHome/products/housecall.html
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: CyberLink Background Capture Service (CBCS HP TVPlay) (TVPCapSvc) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS HP TVPlay) (TVPSched) - Unknown owner - C:\Program Files\HP\TVPlay\Kernel\TV\TVPSched.exe
0
Réponse 32 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 18:05
Bon, on attaque après une bonne journée avec les enfants ;)

Avait tu supprimé regcure avant la manip que je t'a donné ?

Sinon ce rapport est propre juste quelques lignes à fixer


Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)

Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" "

pour la suite si tu n'as plus de soucis avec ton portable suit ceci
dans ce qui suit plusieurs conseil que je te conseil de lire, prend le temps cela peut-être instructifs ;-)
Pour la restauration refais la manip comme indiqué
pour ton autre PC tu peux faire un scan HIjackThis et je te dirais si il est infecté
Pour ta clé tout dépend ce que tu as dessus, si ce n'est que les logiciels de désinfection
et bien tu la formate, où tu la scan avec ton antivirus

Tu peux supprimer tous les logiciels que nous avons utilisés
va dans ajout/suppression de programes et dans programmes files
pour vérifier


ensuite fait ceci (IMPORTANT)

* Désactivation :
Cliquer droit sur le "Poste de travail" > Propriétés > onglet "Restauration du système" > cocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer patiente jusqu a que cela soit marqué "désactivée" puis Ok.

* Activation :
Suivre le même chemin ; décocher la case "Désactiver la Restauration du système sur tous les lecteurs"
> Appliquer attends que cela soit a nouveau sur "surveillance" puis Ok. Redémarrer l'ordinateur..



Pense aussi à faire tes mises à jours régulièrement

Windows update : ==> ici =>http://www.update.microsoft.com/windowsupdate/v6/default.aspx
Java : ==> ici => https://www.java.com/fr/download/

Ces mises à jours sont très importantes pour la sécurité de ton PC.



N'installe qu'un seul parefeu !!
et bien sur qu'un antivirus

N'oublie pas de faire régulièrement les mises à jour de tes logiciels avant chaque scan.

* Tu peux aussi utiliser ces logiciels de sécurité

Malwarebytes => C'est un anti-malwares gratuit et en français, tu devras une fois installer le lancer périodiquement pour contrôler ton PC.
Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=68

Spyware Terminator => C'est un anti-spyware gratuit et en français, Il travaillera automatiquement grâce à son module résident, tu pourras le programmer pour effectuer un scan journalier.
Un tuto pour le télécharger et son installation => Ici => http://www.swl1f.net/viewtopic.php?f=14&t=66




* Ensuite quelques conseils
L'infection de ton pc peut se faire de différente façon, voici en quelques lignes plusieurs points à éviter. ==> ici =>http://www.swl1f.net/viewtopic.php?f=14&t=67



* le navigateur

Essaye le navigateur Firefox plus sur/securisé qu IE
Firefox n'utilise pas le dangereux protocole ActiveX
* Téléchargement: ==> Firefox => http://www.mozilla-europe.org/fr/products/firefox/
* Tutorial pour le sécuriser: ==> ici =>https://forum.zebulon.fr/topic/69628-s%C3%A9curiser-un-peu-plus-firefox/



Important
Surfez avec les droits administrateurs sur le net te rend vulnérable, il faut donc utiliser un autre compte que celui de l'administrateur





* Pour que ton pc retrouve un peu de jeunesse
* Pense a lancer une petite défragmentation.
* Utilise CCleaner régulièrement.
* Gère tes services grâce a ces 2 liens
==> ici => http://speedweb1.free.fr/frames2.php?page=service3 et ==> ici => http://speedweb1.free.fr/frames2.php?page=service4
* Utilise Zeb Utility
une application ne nécessitant pas d’installation, pour optimiser un poil ton pc. (merci a l ami Zebulon)
Téléchargement : ==> ici ==> https://www.zebulon.fr/telechargements/utilitaires/optimisation/zeb-utility.html
Tuto : ==> ici => https://www.zebulon.fr/dossiers/autres/58-zebutility.html






Et pour finir


Dénonce ton infection pour faire condamner les auteurs.

Crée un message pour faire avancer les choses sur Malware-Complaints, nous devons être les plus nombreux possibles, alors rends compte de ton infection

- Voir les règles du forum : ==> ici => https://malwarecomplaints.info/
- Après t'être enregistré à l'aide du bouton en haut se nommant "Register"
Si tu as plus de 13 ans, choisir : "I Agree to these terms and am over or exactly 13 years of age"
Si tu as moins, clique sur : "I Agree to these terms and am under 13 years of age"

Tu as alors sous forme de liste un sujet par type d'infection (Look2Me, Smitfraud, SpywareQuake etc..).


* malwarecomplaints => https://malwarecomplaints.info/

Si le malware que tu as eu n'apparaît pas dans la liste, ou si tu ne sais pas par quoi tu étais infecté(e), crée un message dans le sujet Autres infections
conforme au règle du forum (age, ville, département etc..)


Indique aussi le nom du Forum qui t'a aidé

* Tuto => http://www.malekal.com/malwarecomplaints.html

@+
0
Eric pourAlice
14 juil. 2008 à 19:14
Grand merci pour tout et merci pour ma fille !
Je vais lui faire suivre ces précieuses recommandations.

Il me semble avoir supprimé Regcure
Voici le Hijackthis de mon PC familial :


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:12:46, on 14/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avscan.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~3\Office10\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EE.EXE /P26 "EPSON Stylus CX6600 Series" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [autocleaner] ; C:\Program Files\Auto Cleaner\cleaner.exe
O4 - HKLM\..\Run: [InCD] ; C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [Logitech Utility] ; Logi_MwX.Exe
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] ; C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] ; C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [TomTomHOME.exe] ; "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Zone Labs Client] ; "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] ; "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1093211558-2247517374-1187079459-1010\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Sophie')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Save Image - res://C:\Program Files\Picture Ace Lite\PictureAceLite.exe/130
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Créer un Favori de l'appareil mobile - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Créer un Favori de l'appareil mobile... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O9 - Extra button: (no name) - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\Picture Ace Lite\PictureAceLite.exe (HKCU)
O9 - Extra 'Tools' menuitem: Picture Ace Lite - {BC8FABCD-8649-4eef-89DB-C012144ADFB1} - C:\Program Files\Picture Ace Lite\PictureAceLite.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/71365/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {B79A53C0-1DAC-4636-BACE-FD086A7A79BF} (AdSignerLCContrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Client de licence CA (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
O23 - Service: Serveur de licence CA (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
O23 - Service: Service Framework McAfee (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
0
Réponse 33 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 20:14
Alors pour celui-ci pas de virus en vue :)

Par contre tu as deux antivirus, McAfee et antivir il en faut absolument que un
Sinon source de conflit et tu du coup mal protégé.

sinon tu peux quand même faire ceci

Relance hijack et clique sur "Do a system scan only"
Ensuite recherche ces lignes et coches les cases

R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O9 - Extra button: Wanadoo - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
Une fois coché, ferme toutes les fenêtres et applications et clique sur "Fix checked" "

Voilà bonne chance pour la suite ;)

@+
0
EricpourAlice
14 juil. 2008 à 20:46
Ouf !
OK parfait et sincères remerciements pour toute cette aide de spécialiste et bien sûr le temps passé !

Cordialement,

ED
0
Réponse 34 / 34
ep44 Messages postés 7393 Date d'inscription samedi 10 novembre 2007 Statut Contributeur Dernière intervention 11 novembre 2010 3
14 juil. 2008 à 21:06
Bye
0

Discussions similaires

win32:malware-gen bloqué par avast
ikkual -
Utilisateur anonyme -

69 réponses
Commande internet correspondance taille US pour jean homme.
Larkos -
Zabou -

5 réponses
Win32:Adware-gen [Adw]
nico -
nico -

98 réponses
Taille française/taille US (jeans). HELP plz!
STL75 -
superthevip -

3 réponses
C'est quoi "Win32:Trojan-gen {Other}"
Uzumaki -
Utilisateur anonyme -

5 réponses