thomasttt

Voici le rapport du scan en ligne de panda : Incident Statut Analyse Virus:Trj/Rizalof.HZ Désinfecté C:\Documents and Settings\Thomas\Mes documents\{9DF687E7-381C-4882-A05F-4ADF1DD53394}\2000 Downloads\Security Suite 2006 CRACK + SERIAL KEYGEN.exe Virus:Trj/Rizalof.HZ Désinfecté C:\Documents and Settings\Thomas\Mes documents\{9DF687E7-381C-4882-A05F-4ADF1DD53394}\2000 Downloads\ZONEALARM INTERNET SECURITY SUITE 2006 + CRACK + ACTIVATOR.exe Virus:Trj/Rizalof.HZ Désinfecté C:\Documents and Settings\Thomas\Mes documents\{9DF687E7-381C-4882-A05F-4ADF1DD53394}\2000 Downloads\ZoneAlarm Internet Security Suite 2006 CRACK + SERIAL KEYGEN.exe

Desolé pour le retard mais je suis parti en week end et ainsi n'ai pas eu le temps de repondre plus tot.Voici ce que tu m'as demandé : spyweeper : 21:57: Traces Found: 1 21:57: Custom Sweep has completed. Elapsed time 00:37:49 21:57: File Sweep Complete, Elapsed Time: 00:36:50 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_6.vob] 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_8.vob] 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_7.vob] 21:57: Warning: Failed to access drive H: 21:57: Warning: Failed to access drive G: 21:57: Warning: Failed to access drive F: 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_4.vob] 21:57: Warning: Failed to read file "e:\video_ts\vts_02_8.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_5.vob] 21:57: Warning: Failed to read file "e:\video_ts\vts_02_7.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_2.vob] 21:57: Warning: Failed to read file "e:\video_ts\vts_02_6.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_0.vob] 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_1.vob] 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_02_3.vob] 21:57: Warning: Failed to read file "e:\video_ts\vts_02_5.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: Failed to read file "e:\video_ts\vts_02_4.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: Failed to read file "e:\video_ts\vts_02_3.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: Failed to read file "e:\video_ts\vts_02_2.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: Failed to read file "e:\video_ts\vts_02_1.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\vts_01_0.vob] 21:57: Warning: Failed to read file "e:\video_ts\vts_02_0.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: AntiVirus engine returned [File Corrupted] on [e:\video_ts\video_ts.vob] 21:57: Warning: Failed to read file "e:\video_ts\vts_01_1.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: Failed to read file "e:\video_ts\vts_01_0.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:57: Warning: Failed to read file "e:\video_ts\video_ts.vob". Erreur de protection contre la copie - la lecture a échoué car le secteur est crypté 21:51: edonkey2000 betamaster patch.exe (ID = 0) 21:51: Found Troj/WGAPatch-A: Troj/WGAPatch-A 21:48: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\enu\rdrmsgenu.pdf] 21:41: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\rdrmsgsplash.pdf] 21:33: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\websearch\websearchenu.pdf] 21:32: Warning: AntiVirus engine returned [File Encrypted] on [c:\program files\adobe\acrobat 7.0\reader\messages\fra\rdrmsgfra.pdf] 21:20: Warning: AntiVirus engine returned [Access Denied] on [c:\pagefile.sys] 21:20: Starting File Sweep 21:20: Warning: Failed to access drive A: 21:20: Cookie Sweep Complete, Elapsed Time: 00:00:00 21:20: Starting Cookie Sweep 21:20: Registry Sweep Complete, Elapsed Time:00:00:06 21:20: Starting Registry Sweep 21:20: Memory Sweep Complete, Elapsed Time: 00:00:39 21:19: Starting Memory Sweep 21:19: Sweep initiated using definitions version 841 21:19: Spy Sweeper 5.2.3.2138 started 21:19: | Start of Session, vendredi 19 janvier 2007 | ******** 21:19: | End of Session, vendredi 19 janvier 2007 | 21:19: Program Version 5.2.3.2138 Using Spyware Definitions 841 21:19: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 18/01/2007 06:34:56 (GMT) 21:04: Your virus definitions have been updated. 21:04: Informational: Loaded AntiVirus Engine: 2.41.0; SDK Version: 4.13; Virus Definitions: 18/01/2007 06:34:56 (GMT) 21:04: Your spyware definitions have been updated. Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 20:54: Shield States 20:54: Spyware Definitions: 816 20:54: Spy Sweeper 5.2.3.2138 started 20:52: Automated check for program update in progress. Keylogger: Off BHO Shield: On IE Security Shield: On Alternate Data Stream (ADS) Execution Shield: On Startup Shield: On Common Ad Sites: Off Hosts File Shield: On Internet Communication Shield: On ActiveX Shield: On Windows Messenger Service Shield: On IE Favorites Shield: On Spy Installation Shield: On Memory Shield: On IE Hijack Shield: On IE Tracking Cookies Shield: Off 20:51: Shield States 20:51: Spyware Definitions: 816 20:51: Warning: Virus definitions files are invalid, please update your virus definitions. 220 20:51: Spy Sweeper 5.2.3.2138 started 20:51: Spy Sweeper 5.2.3.2138 started 20:51: | Start of Session, vendredi 19 janvier 2007 | ******** Logfile of HijackThis v1.99.1 Scan saved at 00:05:53, on 20/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Thomas\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nTrayFw] "C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE" /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKLM" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [MP10_EnsureFileVer] "C:\WINDOWS\inf\unregmp2.exe" /EnsureFileVersions O4 - HKLM\..\Run: [spySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - http://f011.mail.caramail.lycos.fr/app/upl...ileUploader.cab O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Moteur Webroot Spy Sweeper (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

[Celui de virustotal: STATUS: FINISHED Complete scanning result of "dem.exe", received in VirusTotal at 01.18.2007, 21:49:36 (CET). Antivirus Version Update Result AntiVir 7.3.0.26 01.18.2007 no virus found Authentium 4.93.8 01.18.2007 no virus found Avast 4.7.936.0 01.18.2007 no virus found AVG 386 01.18.2007 no virus found BitDefender 7.2 01.18.2007 no virus found CAT-QuickHeal 9.00 01.17.2007 no virus found ClamAV devel-20060426 01.18.2007 no virus found DrWeb 4.33 01.18.2007 no virus found eSafe 7.0.14.0 01.18.2007 no virus found eTrust-InoculateIT 23.73.116 01.18.2007 no virus found eTrust-Vet 30.3.3334 01.18.2007 no virus found Ewido 4.0 01.18.2007 no virus found Fortinet 2.82.0.0 01.18.2007 no virus found F-Prot 3.16f 01.18.2007 no virus found F-Prot4 4.2.1.29 01.18.2007 no virus found Ikarus T3.1.0.27 01.09.2007 no virus found Kaspersky 4.0.2.24 01.18.2007 no virus found McAfee 4942 01.18.2007 no virus found Microsoft 1.1904 01.18.2007 no virus found NOD32v2 1988 01.18.2007 probably unknown NewHeur_PE virus Norman 5.80.02 01.18.2007 no virus found Panda 9.0.0.4 01.18.2007 no virus found Prevx1 V2 01.18.2007 no virus found Sophos 4.13.0 01.17.2007 no virus found Sunbelt 2.2.907.0 01.12.2007 no virus found TheHacker 6.0.3.149 01.18.2007 no virus found UNA 1.83 01.18.2007 no virus found VBA32 3.11.2 01.18.2007 no virus found VirusBuster 4.3.19:9 01.18.2007 no virus found Aditional Information File size: 24576 bytes MD5: 76ea4e35ec122cdfadfb412abc4d761b CELUI DE AVG Anti-Spyware --------------------------------------------------------- AVG Anti-Spyware - Rapport d'analyse --------------------------------------------------------- + Créé à: 22:37:37 18/01/2007 + Résultat de l'analyse: C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Ignoré. C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe -> Adware.Whenu : Ignoré. C:\Documents and Settings\Thomas\Cookies\thomas@atdmt[2].txt -> TrackingCookie.Atdmt : Nettoyé. C:\Documents and Settings\Thomas\Cookies\thomas@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé. C:\Documents and Settings\Thomas\Cookies\thomas@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé. Fin du rapport CELUI DE BlackLight fsbl-20070118221444.log 01/18/07 23:14:44 [info]: BlackLight Engine 1.0.55 initialized 01/18/07 23:14:44 [info]: OS: 5.1 build 2600 (Service Pack 2) 01/18/07 23:14:44 [Note]: 7019 4 01/18/07 23:14:44 [Note]: 7005 0 01/18/07 23:14:47 [Note]: 7006 0 01/18/07 23:14:47 [Note]: 7011 528 01/18/07 23:14:48 [Note]: 7026 0 01/18/07 23:14:48 [Note]: 7026 0 01/18/07 23:14:49 [Note]: FSRAW library version 1.7.1021 01/18/07 23:18:40 [Note]: 7007 0 CELUI D'HijackThis Logfile of HijackThis v1.99.1 Scan saved at 23:22:33, on 18/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Documents and Settings\Thomas\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKLM" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - http://f011.mail.caramail.lycos.fr/app/upl...ileUploader.cab O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe Voila, encore merci c'est vraiment super sympa d'aider les gens comme ca. Cordialement Thomas

les rapports pour le fichier dem.exe : Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1 document.getElementById('javascriptwarning').innerHTML=''; File to upload & scan: Service Service load: 0% 100% File: dem.exe Status: POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database) MD5 76ea4e35ec122cdfadfb412abc4d761b Packers detected: - Scanner results Scan taken on 18 Jan 2007 20:43:49 (GMT) AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing Fortinet Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found probably unknown NewHeur_PE (probable variant) Norman Virus Control Found nothing VirusBuster Found nothing VBA32 Found nothing Powered by Disclaimer This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service. Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita. Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware. Virus definitions are updated every hour. There is a 15Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample. Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all. Sponsored by donations (in random order) from: Stormbyte Technologies LLC, The ClamAV project, Steve S., Eric Johansen, Eric Schechter, Paul Bokel, Wilders Security, Wilfried Lilie, Prevx, SonicWALL, Lance Mueller, Ewido networks, HotelScraper.com, people who donated in the past, and some people who prefer to remain anonymous... many thanks to all! Statistics Last file scanned at least one scanner reported something about: mswttl.exe (MD5: 2145302c86ab556ffe55374bcb3ff637), detected by: Scanner Malware name AntiVir HEUR/Crypted ArcaVir Heur.Win32 Avast X AVG Antivirus X BitDefender Generic.Sdbot.944A49F5 ClamAV X Dr.Web WIN.IRC.WORM.Virus F-Prot Antivirus X F-Secure Anti-Virus Backdoor.Win32.SdBot.aad Fortinet X Kaspersky Anti-Virus Backdoor.Win32.SdBot.aad NOD32 a variant of IRC/SdBot Norman Virus Control W32/Suspicious_U.gen VirusBuster novirus:Packed/Upack VBA32 Backdoor.xBot.1 (paranoid heuristics) You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives We are not affiliated with any third parties that conduct tests using this service.

je ne comprends pas, je n'arrive pas a poster ma reponse avec tous les rapports sur la page il met dis : Il y a une erreur avec votre code BB, Le nombre de tags ouvert ne correspond pas au nombre de tags fermés. Que dois je faire ? Merci d'avance

a

a

Bonjour, je vous contacte car j'ai plusieurs problemes : mon pc est lent, a chaque démarrage de windows il verifie le disque dur (a la fin de la vérification il parle de sécurité) et apres j'ai le message suivant : "ctfmon.exe erreur d'application" et pour finir, le plus grave c'est que je ne peux plus consulter mon compte bancaire par le web car il est bloqué suite a trois tentatives de connexions avec le mauvais mot de passe, et ce n'est pas moi vu que je me suis connecté la semaine derniere sur le site de ma banque sans aucun probleme. Ainsi comprenez mon inquiétude ! j'ai tenté plusieurs fois de demarrer en mode sans echec pour effectuer les demarches que vous conseillez de faire mais ca ne marche pas a cchaque fois j'ai une page noire qui s'affiche.Ainsi j'ai fais mon rapport HijackThis en mode normal. Pour info,pour me proteger j'ai Zone alarm secutity suite et spybot. Je vous remercie de votre aide par avance. Voici le rapport : Logfile of HijackThis v1.99.1 Scan saved at 15:41:23, on 18/01/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\Program Files\DAEMON Tools\daemon.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Thomas\Bureau\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Alice ADSL R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe O4 - HKLM\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\WINDOWS\TEMP\E_S91.tmp" /EF "HKLM" O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Edition Découverte\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Global Startup: Activer le Poste de Travail Sans Fil Labtec.lnk = C:\Program Files\Poste de Travail Sans Fil Labtec\MagicKey.exe O4 - Global Startup: dem.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\nvappfilter.dll O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} - http://f011.mail.caramail.lycos.fr/app/upl...ileUploader.cab O23 - Service: Adobe Active File Monitor V4 (AdobeActiveFileMonitor4.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing) O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe